Attackers Employ Sneaky New Method to Control Trojans
A new malware sample shows threat actors have begun using DNS TXT record and queries for C2 communications, Cisco Talos says, Security researchers at Cisco’s Talos intelligence and research group have discovered what they describe as an extremely evasive and uncommon way for threat actors to command and to communicate with a Remote Access Trojan…
New Financial Regulation Forces Cyber Security into the Board Room
The New York State Department of Financial Services (DFS) ‘first-in-the-nation’ cybersecurity regulation for the financial services industry is, as of 1 March 2017, operational . One of the most highly regulated industries is now even more regulated in New York. “New York is the financial capital of the world, and it is critical that we…
Survey Finds Disconnect Between Security Strategy and Execution
Report from Intel Security and CSIS discovers 93% of businesses have cybersecurity strategies, but only 49% fully implement them.
Attackers thrive in a fluid market, while bureaucracy constrains defenders
A new global report from Intel Security and the Center for Strategic and International Studies (CSIS) reveals three categories of misaligned incentives: corporate structures versus the free flow of criminal enterprises; strategy versus implementation; and senior executives versus those in implementation roles. Based on interviews and a global survey of 800 cybersecurity professionals from five…
Zones of Trust: A New Way of Thinking about IoT Security
Recent attacks have focused attention on how to safely add “things”to enterprise networks, a topic that straddles IT and physical security. A zones-of-trust approach may be the answer. Last year, when attackers hacked into more than 25,000 Internet of Things (IoT) closed-circuit TV devices and used them in a denial-of-service botnet attack, this question was…
Addressing pain points in governance, risk and compliance
In this day and age, it seems as though every business has some form of alphabet soup or acronym salad that shapes the decisions they make as it pertains to their information security programs. Between data privacy laws, regulations on the financial industry, calls for a healthcare focused cybersecurity framework, and regular updates to the…
Road Map To A $200,000 Cybersecurity Job
Looking to get ahead in cybersecurity? Here are four areas to keep in mind as you make a five-year career plan. The economics of supply and demand shape today’s cybersecurity job market. Each year, US employers post more than 120,000 openings for information security analysts and roughly one-third go unfilled. Hiring managers are bracing for…
Which countermeasures improve security and which are a waste of money?
If you want to know about which cyber defenses are most effective and which are a waste of money and resources, ask a hacker. And that’s just what Nuix researchers did. “During Black Hat USA and DEF CON 24 in 2016, we conducted a survey of known hackers, professionally known as penetration testers, and asked…
Can the World Economic Forum’s Cyber Security Principles Advance Cyber Resilience?
A few weeks ago, the World Economic Forum (WEF) met in Davos, Switzerland where an expert working group issued a report “Advancing Cyber Resilience: Principles and Tools for Boards.” It is touted as a first-of-its-kind resource to support board of directors and CEOs on cyber security and cyber resilience strategy. The WEF’s principles and tools…
Why We Need To Reinvent How We Catalogue Malware
One obvious trend: crimeware technologies that come with simple user consoles and functionality to create unique binaries at the click of a button. To understand how the bad guys have become so adept at producing the flood of uniquely hashed malware, we need to look at what our adversaries have been doing the past few…