With at least 20 billion new consumer devices set to be internet-connected by 2020, initiatives in the U.K. and California are trying to ensure that as many IoT devices as possible will be out-of-the-box secure, for starters by not shipping with default passwords.
The Pentagon is warning that a data breach at a third-party travel management service provider exposed records for an estimated 30,000 civilian and military personnel. The breach alert follows a recent GAO report warning of serious cybersecurity shortcomings in U.S. weapon systems.
With so much focus on endpoint security, it's important not to overlook the importance of network-level security controls, says Lawrence Orans, research vice president at Gartner.
Malware continues to increase in sophistication and routinely evades organizations' cyber defenses. It lurks inside networks waiting to execute attacks that can cause significant damage. Automated Static Analysis of binary files enables security teams to unlock an array of new threat intelligence, hunting, analysis,...
A decade ago sandboxing (dynamic analysis) was introduced as the first automated way to understand the actions of potential malware. Now widely deployed, it offers real value in understanding and identifying unknown malware.
However, there are limitations; it is unable to keep up with the large volume of malware...
A common complaint among threat intelligence analysts is the near impossibility of searching global threat intelligence feeds to find the specific threat and vulnerability information that matters to their organization. This complaint is just the tip of the iceberg. The underlying problem is the lack of visibility and...
The lack of visibility into and understanding of the millions of objects that move into an organization's network means threat hunters cannot adequately identify undetected malware they are hunting for.
Local Threat Intelligence combined with advanced malware hunting tools gives threat hunters a precise way to hunt...
The notorious GandCrab ransomware-as-a-service gang has released the latest version of its crypto-locking malware, backed by crypter service and exploit toolkit partnerships. But the gang's marketing savvy belies shoddy code-development practices, security firm McAfee finds.
For too many organisations, software vulnerability management is just about "patch Tuesday." Vulnerability management has evolved significantly in the past few years. Organisations need to adopt a new strategy focusing on visibility, prioritised response, and mitigation.
When you look back at the wave of...
Many companies outsource payroll, legal, and other various departments within their organization that aren't core and a lot of them quite frankly fail, which is why we see all the breaches we see in the news.The biggest cybersecurity budget in the business cannot save you from suffering one of the biggest breaches.
...
Everyone knows that two-factor authentication (2FA) is more secure than a simple login name and password, but too many people think that 2FA is a perfect, unhackable solution. It isn't!
Join Roger A. Grimes, KnowBe4's Data-Driven Defense Evangelist, and security expert with over 30-years experience, for this...
A notorious group of payment card-stealing gangs called Magecart has been tied to another series of online attacks, this time against Shopper Approved, an e-commerce service used by thousands of sites to gather reviews from customers.
Benchmarking your software security initiative can tell you if you are keeping pace with your peers, or if you should accelerate your efforts to rise above the competition. The results of a benchmarking assessment can help you identify new security strategies and prioritize scarce resources to be most effective....
Did the Chinese government pull off one of the most secretive hardware hacks of all time? That's what information security experts are pondering after a Bloomberg report described an espionage operation that purportedly planted a tiny spying chip on widely distributed server motherboards.
Many enterprises still rely on Microsoft Windows Server 2008 to run business critical applications. But Windows Server 2008 will reach End of Support on January 14, 2020, which means no more security and maintenance patches. Every enterprise has to face down this issue of legacy systems sooner or later. With Windows...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.
