Seven chief information security officers share their pain points and two-year spending plans.
November 14, 2019 • Zane Pokorny
Today, cyber threats are coming from everywhere — the open web and dark web, but also partners and other third parties, brand attacks, and internal threats — and digital business risk is at an all-time high. This leaves everyone without a true, comprehensive view of their entire threat landscape vulnerable. Recorded Future’s goal is to provide that comprehensive view to help you reduce your risk.
Written by Jeff Stone
A new program in the App Store is promising to help users detect if outsiders are lurking on their device.
Daniel Moghimi, Berk Sunar, Thomas Eisenbarth and Nadia Heninger have published TPM-FAIL: TPM meets Timing and Lattice Attacks, their Usenix security paper, which reveals a pair of timing attacks against trusted computing chips (“Trusted Computing Modules” or TPMs), the widely deployed cryptographic co-processors used for a variety of mission-critical secure computing tasks, from verifying software updates to establishing secure connections.
In part two of our survey that asked top VCs about the most exciting investment areas in real estate, we dig into responses from 10 leading real estate-focused investors at firms that span early to growth stages across real estate specific firms, corporate venture arms, and prominent generalist firms to share where they see opportunity in this sector. (See part one of our survey.)
This is the first in a blog series discussing the tools, techniques, and procedures that the Microsoft Detection and Response Team (DART) use to investigate cybersecurity incidents at our customer organizations. Today, we introduce the team and give a brief overview of each of the tools that utilize the power of the cloud. In upcoming posts, we’ll cover each tool in-depth and elaborate on techniques and procedures used by the team.
added ways to disable support for Intel Transactional Synchronization Extensions (TSX)
The New Zealand National Cyber Security Centre (NCSC-NZ) has released their annual report detailing cyber threats and incidents affecting New Zealand from July 2018 to June 2019. During this period, NCSC-NZ recorded an increase in the severity of cybersecurity incidents—particularly from state-sponsored threat actors. NCSC-NZ provides enhanced cybersecurity services to New Zealand Government and organizations of national significance against cybersecurity threats.
Utah-based InfoTrax Systems, L.C. has settled with the FCC (Federal Trade Commission) for its failure to protect its data following a hack that exposed the data for 1 million clients.
By: WhiteSource Research Team
The Common Vulnerability Scoring System (CVSS) provides an open framework for communicating the characteristics and impacts of software and hardware security vulnerabilities. Its quantitative model aims to ensure consistent and accurate measurement while enabling users to see the underlying vulnerability characteristics that were used to generate the scores.
During my undergraduate days, I recall hearing that the Bell System was slow to deploy automated dialing. While smaller local phone companies allowed callers to dial a number directly from their phone, the Bell system continues to rely on switchboard operators into the 1930s. In fact, early phones did not have numbers to dial at all – you simply toggled the handset switch and asked the operator, when she came on (female switchboard operators were believed to be more patient and polite than men) she would plug your line into the line of the person you wanted to call.
Symantec fixed a local privilege escalation security flaw affecting all Symantec Endpoint Protection software versions prior to 14.2 RU2, and allowing attackers to escalate privileges on compromised devices and execute malicious code using SYSTEM privileges.
Security researchers have tracked down activities of a new group of financially-motivated hackers that are targeting several businesses and organizations in Germany, Italy, and the United States in an attempt to infect them with backdoor, banking Trojan, or ransomware malware.
The SIEM market has evolved and today most solutions call themselves “Next Generation SIEM.” Effective NG SIEM should provide better protection and equally important, if not more, a much more effective, next gen user experience. What you should look for when evaluating a next generation SIEM?
On an early Friday morning in November 2018, the ground gave way in Anchorage, Alaska. At 8:29 a.m., a magnitude 7.1 earthquake hit just north of the city. Street lights blinked off, highways began to buckle, and buildings shook as enormous cracks opened in the walls and floors, coughing plumes of dust into the air. Later that day, photojournalist Marc Lester used a small plane to capture a chilling photo of Vine Road, a major artery, fractured like a puzzle, detritus scattered across it like broken toys.
A few years ago, Dan Guido’s partner couldn’t log into her bank account via the bank’s official iPhone app. The app kept alerting her that her phone was not secure.
Passwords are still often the first line of defense against hackers. That’s why it’s important to help and educate users on what a good password is.
This week, the Labour Party reported a “sophisticated, large scale cyber attack” hitting its digital platforms.
Authored by Dr Sandra Bell, Head of Resilience Consulting EMEA, Sungard Availability Services