Google Intends on Making GCP the Most Secure Cloud Platform

I attended my first Google Next conference last week in San Francisco and came away quite impressed.  Clearly, Google is throwing its more and more of its engineering prowess and financial resources at GCP to grab a share of enterprise cloud computing dough and plans to differentiate itself based upon comprehensive enterprise-class cybersecurity feature/functionality.

Advice for the U.S. government: Stop talking and start doing

When it comes to cybersecurity, the United States government is great at talking the talk, yet consistently falls short of walking the walk. Unless the U.S. government actually implements the cybersecurity best practices it touts, the nation and its citizens will continue to be at an increased risk of a cyberattack.  

Hidden Devil in the Development Life Cycle: Google Play Apps Infected with Windows Executable Files

Last year, Unit 42 reported a number of Google play apps infected with malicious IFrames in this report. Recently, we found similar cases on Google Play. However, this time, there are 145 Google Play apps infected by malicious Microsoft Windows executable files instead of malicious IFrames. We have reported our findings to Google Security Team and all infected apps have been removed from Google Play.

An Introduction to the Xposed Framework for Android Penetration Testing

When it comes to the Pen Testing of Android-based applications, the main focus and attention of the Pen Tester is to live in the mindset of the Cyber attacker literally. The Pen Tester must then carry out an attack to see how the software code can be manipulated, what the weak spots of the app are, if there are any backdoors in which private and confidential can be hijacked, or even if there this an unseen “hole” in the app to see if a Trojan Horse can be installed and launch a Botnet style attack.

How to Achieve Ransomware Recovery — Without Paying Ransom

Without a ransomware recovery strategy, companies sometimes end up paying to retrieve their data after an attack. At the same time, threat actors are growing more sophisticated in their ability to bypass both antivirus and anti-ransomware tools — thus, they’re also growing bolder. To stay ahead of the curve, organizations will need to develop more complete defense systems and recovery plans.

How to Get the Most Out of DEF CON and Black Hat 2018

From its inception in 1997, Black Hat has grown from a small technology-focused conference into a major information security event — offering briefings, education and training for security and risk practitioners. It’s renowned for shedding light on vulnerabilities found in everything from consumer devices to critical infrastructure.

GUEST ESSAY: How SIEMS, UEBAs fall short in today’s turbulent threat landscape

Understanding today’s cybersecurity landscape is complex. The amount of threats aimed at enterprises is staggering. More than 230,000 new malware samples are launched every day. The average small and medium-size business experiences a cyber attack 44 times every day. And the cost of damage directly related to cybercrime is adding up, expected to reach $6 trillion by 2021.

Russians Are Targeting Private Election Companies, Too — And States Aren’t Doing Much About It

The American election system is a textbook example of federalism at work. States administer elections, and the federal government doesn’t have much say in how they do it. While this decentralized system has its benefits, it also means that there’s no across-the-board standard for election system cybersecurity practices. This lack of standardization has become all the more apparent over the past two years: Hackers probed 21 state systems during the lead-up to the 2016 election and gained access to one. But the federal government and states don’t appear to have made great strides to ensure that this doesn’t happen again. To do so, they’d need to deal with not only their own cybersecurity deficits but also those of the private companies that help states administer elections.