APIs: The Trojan horses of security
At the moment, within the cybersecurity industry the emphasis tends to be on securing networks with perimeter-based protection, however, leaving an application endpoint unsecured means an application programming interface (API) can serve as a gateway to the data centre by which attackers can effectively attack the backend via bots, and compromised or impersonating applications. With…
7 Serious IoT Vulnerabilities
The security of Internet of Things (IoT) devices, especially those intended for consumer use, tends to fall on a spectrum between “serious concern” and “industry joke.” Yet the fact is that a growing number of employees have various IoT devices in their homes — where they also could be connecting to an enterprise network to…
Unified Security Data: A Simple Idea to Combat Persistent, Complex Cyberattacks
When cyberattacks take place in enterprises, the resulting data lives in various siloes: security information and event management (SIEM) systems, emails, ticketing systems, intel feeds, security devices, and more. Data flows in and out of these systems, and security teams react to the data as best they can in order to address threats as they…
Timehop Releases New Details About July 4 Breach
Additional information includes PII affected and the authentication issue that led to the breach. Timehop, the company that specializes in “digital nostalgia,” is releasing more information on the July 4 breach that compromised millions of users’ personally identifiable information (PII). New details include the timeline of the attack, the information affected, and the steps the…
Know what’s happening on your network and make the most of your security tools
In an ideal world, all organizations would know at all times exactly what’s happening on their network: they would have deep enough pockets to buy the equipment and engage the personnel necessary to achieve this knowledge, no matter how much the speed and size of their network increases. In this world, though, budgetary constraints force…
Jump-Start Your Management of Known Vulnerabilities
Organizations must manage known vulnerabilities in web applications. When it comes to application security, the Open Web Application Security Project (OWASP) Foundation Top 10 is the primary source to start reviewing and testing applications. The OWASP Foundation list brings some important questions to mind: Which vulnerability in the OWASP Foundation Top 10 has been the…
Machine Learning, Artificial Intelligence & the Future of Cybersecurity
The ability to learn gives security-focused AI and ML apps unrivaled speed and accuracy over their more basic, automated predecessors. But they are not a silver bullet. Yet. Machine learning (ML) and artificial intelligence (AI) are not what most people imagine them to be. Far removed from R2-D2 or WALL-E, today’s bots, sophisticated algorithms, and…
Is Cryptojacking Replacing Ransomware as the Next Big Threat?
Monitoring cyberthreats over time reveals interesting insights into the strategies used by cybercriminals and the evolution of the attack vectors they target. While the threat landscape continues to be quite diversified, trends do seem to run in predictable cycles. For example, over the last year or so ransomware has risen to become one of the…
Senator Asks DoD to Secure Its Websites
Senator Ron Wyden (D-Ore.) on Tuesday asked the chief information officer at the U.S. Department of Defense (DoD) to take immediate action to ensure that the organization’s websites use HTTPS. The senator noted that some of the DoD’s websites, such as the ones belonging to the NSA, the Army, and the Air Force, do use…
The dangers of vacation planning
So, you’ve been working all year long and finally decided to go on a nice vacation, taking a couple of weeks away from home, office, and everything else? That’s great! Of course, you don’t want anything at all to go wrong with your hard-earned break. To avoid disappointments — or worse — down the road,…