“Digital transformation may come in many forms, but the result is always the same – organizational change.” Rick Lemieux, CRO of itSM solutions, began our conversation with CyberSaint CRO, Jerry Layden, with the crux of what has become a beleaguered buzzword. The result of many digitization initiatives is, as Rick pointed out, a fundamental shift in processes and culture. Another product of these initiatives is the elevation of the role of the CISO – shifting from a reactionary position in the wake of a breach, a CISO becomes a critical contributor to strategy and development for the entire organization.
Britain’s Cabinet Office (CO) hasn’t quite bungled the National Cyber Security Programme (NCSP) but it could certainly be doing things a lot better, the National Audit Office said today.
Proofpoint, Inc., a leading cybersecurity and compliance company, today released its Cloud Application Attack Snapshot: Q1 2019 research, which examined over one hundred thousand cloud application attacks aimed at global organizations between September 2018 and February 2019. Overall, targeting attempts increased by 65 percent during that time period with 40 percent originating in Nigeria. China was the second most prevalent country of origin, with 26 percent of attacks originating from Chinese IP addresses.
Kaspersky Lab has unveiled the next generation of its endpoint protection with new Kaspersky Endpoint Security for Business. The product features Adaptive Anomaly Control, which intelligently perceives and blocks anomalous applications and user behavior, and offers improved protection from miners and network threats. Kaspersky Endpoint Security for Business now also provides users with a web-based management console, along with features to help automate administrator tasks — all to give IT security teams greater control across all endpoints in their corporate infrastructure.
The Cyberfort Group has strengthened its end-to-end data security proposition with the acquisition of Auriga Consulting for an undisclosed sum.
Digital identity startup Passbase has bagged $600k in pre-seed funding led by a group of business angel investors from Alphabet, Stanford, Kleiner Perkins, EY; as well as seed fund investment from Chicago-based Upheaval Investments and Seedcamp.
A new, stealth, point-of-sale malware campaign has been discovered by Flashpoint that targets the hospitality and entertainment industries to skim credit card information.
The use of more artificial intelligence to improve security has been touted for a while. New research from Webroot reveals that a majority of business are now actively exploring the technology. It finds 71 percent of businesses surveyed in the United States plan to use more artificial intelligence and machine learning in their cybersecurity tools this year. However, a worrying 58 percent say that aren’t sure what that technology really does. Although over one-third (36 percent) of organizations experienced a damaging cyberattack within the last year, the majority are still extremely confident (83 percent) they have all the tools they need to successfully defend themselves against criminals using AI/ML-based threats.
It has been reported that at this week’s Open Source Leadership Summit, the Linux Foundation announced the Red Team Project. This has been set up as an incubator for open-source Red Team security tools. These include programs that support cyber range automation, containerised pentesting utilities, binary risk analysis, and standards validation programs.
Written by Jeff Stone
How much would you pay to watch former U.S. Director of National Intelligence James Clapper do a Blues Brothers routine alongside Dan Aykroyd?
Have you reached a few thousand followers on Instagram? More? Congratulations, you are insta-famous. Among other things, though, being an Instagram influencer means that it’s quite possible that account thieves are after you. A new phishing scheme targeting popular accounts on Instagram is gaining momentum. Here is how it works.
Serial Entropy Issues Invalidate 22,000 TLS Certificates on Dutch Government PKI
Thu, 03/14/2019 – 12:34
Are you, too, exposing your company’s confidential content to public? As more work processes move to mobile devices and companies increasingly use more SaaS or cloud applications, cybersecurity becomes a pressing issue in every sizeable organization. Even a decade ago, applications used to be inside the perimeter. So if a File server or Sharepoint were configured incorrectly, the consequences were minimal. But with the rapid introduction of SaaS applications to the workspace, a single misconfiguration in Box, Google Suite, or Office 365, for example, could spell massive disaster. If your organization’s sensitive information is leaked, you’ll have to deal with reputation damage and crisis management. If the referenced data were related to a regulatory requirement, you’d also be subject to significant fines. Adversis, a cybersecurity firm that performs audits involving red team assessments, penetration testing and vulnerability hunting, investigated the public accessibility of Box files at several enterprise companies and found breaches in internal files, sensitive documents, or proprietary technology. Many Box users are at risk because of a simple setting in their account. When a new document is created or uploaded to Box, the default file setting is public. In order to restrict access, you’ll need to turn on the “people in your company” setting. But this setting isn’t the only way that hackers are gaining access to company info. If employees change the randomly coded URLs of files to ‘vanity URLs’, this puts the file at greater risk. Adversis experimented with trying to ‘dictionary attack’ various top companies in hopes they would correctly ‘guess’ the URLs of important documents. Using companies such as Apple, Herbalife, and Pointcare, Adversity gained access to data such as passport photos; social security numbers, financial data, IT data, email addresses, phone numbers, bank account information, customer lists and more. Even some of the documents belonging to Box’s own staff were exposed. The primary cause is the “cloud” nature of the application, it does not matter if it’s Box, Google Suite, Salesforce, Workday, or Office 365. Each application can have separate business unit, separate administrator, different configuration, and security maturity. Most users think about their business and convenience, not security, when using their business applications. They may share confidential information via public links that can remain publicly accessible forever. They may change a configuration without knowing its side effects. Clearly, security of SaaS applications is something many businesses are struggling to learn and manage effectively. Given the seriousness of potential breach, it’s smart for businesses to have an independent cloud security provider who can govern all their cloud applications, scan all data structured or unstructured, and take remedial actions like quarantine files and applying rights management when sharing sensitive files. It’s prudent for businesses to have an independent cloud security provider to: Govern all your cloud applications with deep visibility over users activities and data Scan content for malware as well as sensitive data Take automated actions based on your policies Apply rights management when sharing sensitive files so that only authorized users can access them for a limited time Encrypt sensitive data and hold your keys locally, not with the cloud provider Detect anomalies and block them such as dictionary attacks used here Satisfy regulatory compliance such as GDPR, HIPAA, PCI, etc. and country specific residency requirements Protecting customer data is more important than ever. New best practices such as the use of a third-party cloud application security provider is a must-have for security as well as for the barrage of new regulatory requirements. To find out more about our CipherCloud CASB+ platform please check out https://www.ciphercloud.com/casb. Or sign up for a CASB+ trial today!
More posts by this contributor
- Defensible strategies for food tech entrepreneurs facing the Amazon juggernaut
- How Startups Are Making Real Estate Businesses More Efficient
John Lin is an associate partner at Trinity Ventures supporting investments in developer tools, artificial intelligence and real estate.
From entertainment to transportation, technology has upended nearly every major industry — with one notable exception: real estate. Instead of disrupting the sector, the last generation of real estate technology companies primarily improved efficiencies of existing processes. Industry leaders Zillow/Trulia and LoopNet* helped us search for homes and commercial real estate better and faster, but they didn’t significantly change what we buy or lease or from whom or how.
A ransomware attack on the Committee for Public Counsel Services (CPCS), the agency overseeing public defenders in the US, has caused a major slowdown – disabling email systems, delaying some hearings, and holding up payments for the private attorneys who represent clients.
Facebook executive shakeup comes one week after company announced “privacy-focused” brand makeover.
Facebook founder and CEO Mark Zuckerberg says Facebook’s chief product officer Chris Cox and WhatsApp vice president Chris Daniels are leaving the company.
The Multi-State Information Sharing and Analysis Center (MS-ISAC) has released a security primer on TrickBot malware. TrickBot is a modular banking Trojan that targets users’ financial information and acts as a dropper for other malware. An attacker can leverage TrickBot’s modules to steal banking information, conduct system and network reconnaissance, harvest credentials, and achieve network propagation.
It’s always cool to see lionfish while snorkeling or scuba diving. They’re spectacular-looking, and because they’re covered in flamboyant spines, they’re usually secure enough in their invincibility that they’ll mostly just sit there and let you get close to them. Lionfish don’t make for very good oceanic neighbors, though, and in places where they’re an invasive species and have few native predators (like most of the Atlantic coast of the United States), they do their best to eat anything that moves while breeding almost continuously. From a 2010 Oregon State study on a reef in the Bahamas: