IDG Contributor Network: You can’t protect what you can’t see
How many of us would hire a home security company that sent a representative to our house to tell us to remove all our lightbulbs so that it was pitch black inside? Sure, it would make it much more difficult for the burglars to find their way around. But with no way to turn the…
Intel offers to pay for Spectre-like side channel vulnerabilities
Intel is expanding the bug bounty program it started last March, and is raising considerably the awards it plans to give out for helpful vulnerability information. Where information about critical vulnerabilities in Intel software, firmware and hardware could have previously been rewarded with up to $7,500, $10,000 and $30,000, respectively, now the bounties in those same categories…
U.K. Officially Blames Russia for NotPetya Attack
The United Kingdom on Thursday officially accused the Russian government of launching the destructive NotPetya attack, which had a significant financial impact on several major companies. British Foreign Office Minister for Cyber Security Lord Tariq Ahmad said the June 2017 NotPetya attack was launched by the Russian military and it “showed a continued disregard for…
7 steps security leaders can take to deal with Spectre and Meltdown
Security and risk management leaders must take a pragmatic and risk-based approach to the ongoing threats posed by an entirely new class of vulnerabilities, according to Gartner. Spectre and Meltdown are the code names given to different strains of a new class of attacks that target an underlying exploitable design implementation inside the majority of computer…
Why do we need a risk-based approach to authentication?
20 years ago, everyone worked at a desktop workstation hardwired into an office building. This made network security simple and organizations felt they could depend on the time-tested method of the trusted perimeter. Firewalls were relied on to keep out external threats, and anything within the network was considered secure and safe. Today, however, the…
Security Awareness Training Top Priority for CISOs
Thirty-five percent of CISOs in the financial sector consider staff training to be the top priority for cyber defense. Twenty-five percent prioritize infrastructure upgrades and network defense. The Financial Services Information Sharing and Analysis Center (FS-ISAC) polled more than 100 of its 7,000 global members to produce the first of its planned annual CISO Cybersecurity…
Feels like a Cyber Security Groundhog’s Day
While nobody has a crystal ball for what’s coming this year, I think we can all agree tough security lessons were learned in 2017. From Yahoo indicating that every one of its 3 Billion email accounts (that’s a B) was exposed in a breach to some pretty serious hacking tools believed to have been developed…
The Time to Focus on Critical Infrastructure Security is Now
The world has once again been reminded that the threat of cyber attacks on critical infrastructure systems remains very real. Last month, Britain’s defense secretary, Gavin Williamson, iterated that Russia held the potential for wide disruption and “thousands of deaths” through such attacks. His announcement was the latest indication of increased chatter regarding attacks on critical infrastructure,…
What Super Bowl LII Ads Can Teach You about Privileged Account Security
It is the day after Super Bowl LII, and sadly, Patriots fans did not wake up savoring the good feeling of their sixth Super Bowl win with Tom Brady. In our household, there is now a temporary ban on sports radio until talk of this Super Bowl dies down over the airwaves. Although the game…
Macro-less malware: The cyclical attack
Last year, attackers linked to the Russian hacking group APT28 (sometimes called Fancy Bear) started hacking like its 1999 with Microsoft Word-based malware that doesn’t trigger security warnings along the way. These types of attacks are called “macro-less malware” because they bypass the security warnings added to Microsoft Office programs in response to traditional macro…