7 Serious IoT Vulnerabilities
The security of Internet of Things (IoT) devices, especially those intended for consumer use, tends to fall on a spectrum between “serious concern” and “industry joke.” Yet the fact is that a growing number of employees have various IoT devices in their homes — where they also could be connecting to an enterprise network to…
Corporate pre-crime: The ethics of using AI to identify future insider threats
To protect corporate networks against malware, data exfiltration and other threats, security departments have systems in place to monitor email traffic, URLs and employee behaviors. With artificial intelligence (AI) and machine learning, this data can also be used to make predictions. Is an employee planning to steal data? To defraud the company? To engage in…
10 Threats Lurking on the Dark Web
Security pros can never rest. Even with the operation last year that took down AlphaBay and Hansa, industry experts say many groups continue to trade in malware, ransomware, and stolen credentials on the Dark Web, and that the criminals who were caught simply reorganized. “People need to understand that there’s an underground economy – a…
State of Email Security: What Can Stop Email Threats?
A survey of 295 professionals — mostly but not entirely IT professionals — has found that 85% of respondents see email threats bypass email security controls and make it into the inbox; 40% see weekly threats; and 20% have to take significant remediation action on a weekly basis. Email security firm GreatHorn wanted to examine…
PowerShell Threats Grow Further and Operate in Plain Sight
The preinstalled and versatile Windows PowerShell has become one of the most popular choices in cyber criminals’ arsenals. We have observed an increase of 661 percent in computers where malicious PowerShell activity was blocked from the second half of 2017 to the first half of 2018—a clear indication that attackers are still growing the use…
Insider Threat: Common Myths and Misconceptions
Insider threat is a growing area of concern and confusion among security practitioners. Typically accustomed to concentrating their resources on combating external threats, many security teams are eager yet unsure of how to combat threats that arise internally. This uncertainty, unfortunately, is often exacerbated by numerous common myths and misconceptions about insider threat, some of…
Tens of Vulnerabilities Found in Pentagon Travel Management System
HackerOne announced on Wednesday the results of “Hack the DTS,” the fifth bug bounty program run by the U.S. Department of Defense (DOD). The DTS (Defense Travel System) is a fully integrated and automated travel management system created specially for the DOD. The platform is said to be accessed by roughly 100,000 unique users every…
Cyber insurance: Is it worth the investment?
Last year, Aon Inpoint reported about 80 percent of buyers of stand-alone cyber premiums were medium-sized to large companies. However, smaller firms are increasingly assessing their cyber exposure risk as concerns about the potential impact of a cyber incident continue to rise. “The majority of breaches worldwide occur at companies with 1,000 employees or less…
Where Are You Placing Your Endpoint Security Bets?
Defense-in-depth is a common security strategy that often includes a combination of endpoint security products, including next generation anti-virus (NGAV), traditional anti-virus (AV) and/or endpoint detection and response (EDR). But as attacks and breaches continue to surge, I can’t help but wonder: are these technologies missing the point? The CyberArk Endpoint Privilege Manager and products…
Google to Delete ‘Secure’ Label from HTTPS Sites
Google plans to remove the “secure” label from HTTPS websites starting in September 2018, a move intended to acknowledge HTTPS as the standard for browser security. Users should expect all the sites they visit to be secured with HTTPS, the company reported last week. Earlier this year, Google announced plans to mark all HTTP sites as “not…