Fighting modern cybercrime is a dragged-out hide-and-seek game. Cybercriminals are doing their best to create new methods of hiding malicious payload to prevent detection and forensics. APT actors are especially creative on this matter — they have enough resources to develop sophisticated hiding methods. Therefore, our task is to give clients the means that will be able to detect hidden threats and analyze their modus operandi no matter what. One of those instruments is a new service we have introduced called Kaspersky Cloud Sandbox.
This post is authored by Angela McKay, Director of Cybersecurity Policy and Amanda Craig, Senior Cybersecurity Strategist, CELA.
UK startup Juro, which is applying a “design centric approach” and machine learning tech to help businesses speed up the authoring and management of sales contracts, has closed $2m in seed funding led by Point Nine Capital.
The most interesting part of Mark Zuckerberg’s prepared testimony for congress that was released today shows that Facebook has been fighting Russian election interferences since before the 2016 U.S. presidential race. Facebook shut down accounts related to Russian GRU military intelligence-linked group APT28, also known as Fancy Bear, which had created an organization called DCLeaks run by fake personas to seed stolen information to journalists.
As software becomes a bigger component of the value delivered by companies in every industry, it’s no exaggeration to say that every company is becoming a software company. We find our customers pushing the envelope on how to tool up their internal software factory to make software better, faster and more efficiently.
Tenable.io users have been asking for new dashboards to make implementing Cyber Exposure easier, and the Tenable dashboard and reporting teams have delivered. We’ve added five new dashboards to Tenable.io, allowing you to gain more visibility into key topics like vulnerability metrics, risk mitigations and exploit reporting.
Aqua Security announced on April 9 that it is adding new automated compliance capabilities to its namesake container security platform.
There seems to be no end in sight for ransomware and malware attacks after the spike in high-profile incidents last summer. This includes the Wannacry ransomware strike in May 2017; PetWrap/NotPetya attacks in June; the identification of “BlackOasis” through an Adobe Flash vulnerability in October; the explosive revelations of the Equifax breach; wireless security protocols that need to be patched; the Meltdown and Spectre bugs in processor chips; and most recently the Cisco Adaptive Security Appliance vulnerability, among others.
Jayson Street, the DEF CON Groups Global Ambassador, and VP of InfoSec for SphereNY, has likely forgotten more about Social Engineering than some of us have learned over the years working in security.
Every day at 6 AM, a team of Oregon Fish and Wildlife officers check the traps. The cages encircle docks—sea lions love sunbathing—throughout the Columbia River Basin, at a strategic point just before the Willamette Falls, a natural feature in a tributary of the same name. If a trap door is closed, officers barge the sea lion out of the river and wrangle the agitated mammal into yet another trap, before driving it 230 miles to the California coast, only to have the same sea lion virtually beeline back to the same stretch of the Columbia.
Windows 10 Fall Creators Update, or build 1709, is now a few months old.
It’s that time again! Time for the quarterly Malwarebytes Labs Cybercrime Tactics and Techniques report (aka the Labs CTNT report). To get a more complete picture of what’s been going on in cybercrime this quarter, the Labs team has combined intel and statistics gathered from January through March 2018 from our Intelligence, Research, and Data Science teams with telemetry from both our consumer and business products, which are deployed on millions of machines.
If cryptocurrency is disrupting finance, then powerful computer chips known as ASICs are disrupting cryptocurrency. Their mere existence turned securing the Bitcoin blockchain, which in the network’s early days could be done at home by average users, into a massive industry that eats up unholy amounts of electricity and generates ridiculous profits for hardware manufacturers.
Many security conversations today are likely to touch upon security intelligence, behavioral anomaly detection and the value of augmented intelligence (AI) in security. But is cognitive security all hype, or are there real applications in use today? Is it feasible only for the largest, most sophisticated organizations, or is it more widely available?
When news broke that Facebook was found to be mishandling user’s data, the company’s stock plummeted as both the social networking site and its owner, Mark Zuckerberg lost billions. A whistle-blower informed that millions of Facebook users had their data exploited by the political consultancy Cambridge Analytica which is accused of improperly using the data on behalf of political clients. It was reported that Facebook knew the data was being harvested in 2015 but did not alert users at the time. Mark Zuckerberg acknowledged that a “huge mistake” had been made, but the damage had already been done. Whatever trust users had in Facebook regarding their data security will have been shot to pieces. What could this negligence be down to?
There’s the World Wide Web, and then there’s the less understood and presumably nefarious Dark Web — but not all who use the Dark Web have malicious intent. So what is the Dark Web, and why would cybersecurity companies access underground exchanges in search of valuable data and intellectual property when there is so much criminal activity going on there?
A few weeks ago, I had the opportunity to meet hundreds of security professionals at our IBM Security Community Day. I think the main reason most people wandered over to see me was the free IBM Security-branded baseball hats on my table, but many stayed to chat. Over the course of the day, I learned three things about this group of professionals: They are superheroes within their organizations, they are passionate about our common sense of purpose and they are optimistic about the industry’s collective ability to reduce the impact of cybercrime.
According to an Akamai survey, only 1% of media organizations are happy with their current cybersecurity measures. Slow site performance and downtime are the industry’s top security-related concerns, according to 26% of the 200 US media technology decision makers surveyed in the report. Protecting premium video content (23%), enterprise application security (20%), managing the impact of bot traffic (15%), and DDoS mitigation (13%) were other concerns, the report found. Tim Helming, Director of Product Management at DomainTools commented below.