6 security metrics that matter – and 4 that don’t
One of the most challenging executive tasks for CISOs is quantifying the success and the value of the cybersecurity function. Indeed, security leaders and their organizations have used a myriad of metrics over the years. Yet, many executives and board members have complained that those measures failed to provide them with adequate insight or understanding…
How to prevent attackers from using Windows against you
One of the topics covered In a recent RSA Conference presentation was how attackers are using the victims’ own Windows operating system against them to avoid detection. This concept of “living off the land” (LotL) — the use of binaries, DLLs and other computer code that is already on our system — makes it harder…
What is a buffer overflow? And how hackers exploit these vulnerabilities
Buffer overflow definition A buffer overflow or overrun is a memory safety issue where a program does not properly check the boundaries of an allocated fixed-length memory buffer and writes more data than it can hold. This causes data to overflow to adjacent memory space, overwriting the information there, which often leads to crashes and…
Design Weaknesses Expose Industrial Systems to Damaging Attacks
An analysis of industrial control systems (ICS) has shown that many products contain features and functions that have been designed with no security in mind, allowing malicious hackers to abuse them and potentially cause serious damage. PAS, which provides industrial cybersecurity and operations management solutions, has analyzed data collected over the past year from over…
Microsoft to Patch Internet Explorer Vulnerability Exploited in Targeted Attacks
The flaw, tracked as CVE-2020-0674 and described as a memory corruption issue, affects the scripting engine in Internet Explorer, specifically a JScript component. The problematic component is a library named jscript.dll, which provides compatibility with a deprecated version of the JScript scripting language. According to Microsoft, the vulnerability can be exploited for remote code execution…
Security 101: What Is a Man-in-the-Middle Attack?
Specific numbers are hard to pin down on man-in-the-middle (MitM) attacks, but according to IBM’s X-Force Threat Intelligence Index 2018, more than one-third of exploitation of inadvertent weaknesses involved MitM attacks. Exactly how do these hacks play out? How do criminals get in and steal information – and how are their techniques evolving? Here’s a…
Attacks on Healthcare Jump 60% in 2019 – So Far
Cybercriminals are increasingly targeting hospitals, doctors’ offices, and other healthcare organizations, with attacks using Trojan malware climbing by 82% between the second and third quarters of this year. Cyberattacks against healthcare organizations jumped 60% in the first nine months of the year, compared to all of 2018, according to a report published this week by…
Older Amazon Devices Subject to Old Wi-Fi Vulnerability
Som old Amazon devices contain an even older Wi-Fi vulnerability that can be exploited in man-in-the-middle attacks. The vuln – KRACK, or Key Reinstallation Attack – is a flaw in the four-way WPA2 handshake that begins the protected transaction. The vulnerability leaves the wireless traffic encrypted, but routed through a malicious middle actor that decrypts…
Damaging insider threats rise to new highs in the past year
70 percent of organizations are more frequently seeing insider attacks, with 60 percent experiencing one or more within the last 12 months, and 68 percent feeling “extremely to moderately” vulnerable to them, according to Nucleus Cyber. Not only are organizations seeing a dramatic increase of attacks from insiders, but 85 percent are finding it difficult…
Multi-stage attack techniques are making network defense difficult
IT managers are inundated with cyberattacks coming from all directions and are struggling to keep up due to a lack of security expertise, budget and up to date technology, according to Sophos. The survey polled 3,100 IT decision makers from mid-sized businesses in the US, Canada, Mexico, Colombia, Brazil, UK, France, Germany, Australia, Japan, India,…
