Stepping Up Cybersecurity This Summer
It’s summertime, and everyone’s on vacation. What could possibly go wrong? For the security team, the answer is “plenty.” Summer brings a set of new challenges to security organizations including employees taking more time off, often with their corporate laptops. Our own security personnel are taking vacation time, too, which makes staffing the security operations…
Guide to the top college and university cyber security degree programs
The shortage of cyber security professionals is well documented, and this lack of expertise can keep organizations from bolstering their security programs. CISOs and CSOs should be heartened by the fact that more colleges and universities are offering academic programs and degrees in cyber security specialties. They are also doing their best to place young…
Rising information security threats, and what to do about them
The digital threat landscape faced by enterprises large and small is in perpetual flux, and keeping an eye on things and adapting defenses should be of primary importance to every CISO. According to Ziv Mador, VP of Security Research at Trustwave’s SpiderLabs, the current major and, unfortunately, rising threats are ransomware, CEO email attacks (BEC scams),…
Medical devices at risk: 5 capabilities that invite danger
Medical device cybersecurity is lousy — beyond lousy. Indeed, the word from security experts for most of the past decade (and certainly since those devices increasingly have become connected to the internet) has been that while the physical security of most is superb and the devices function flawlessly, possibly for years at a time, when…
Hacking Factory Robot Arms for Sabotage, Fun & Profit
Black Hat talk will discuss how hackers could take over robotic arms, create micro-defects in products, and open up a new world of subtle blackmail. Security researchers have been accumulating a trove of breakthrough discoveries on Industrial Internet of Things (IIoT) vulnerabilities and releasing them at the Black Hat Briefings over the last few years…
Video Game Firms Targeted With “Paranoid” PlugX Malware
Companies in the video game industry and possibly other sectors have been targeted in attacks involving improved variants of the notorious PlugX remote access trojan (RAT). Palo Alto Networks has spotted several interesting PlugX samples believed to have been used by the same threat actor. While the company has not provided any details on the…
Week in review: Evaluating AI-based cyber security systems, how CIA hit air-gapped computers
Here’s an overview of some of last week’s most interesting news and articles: How the CIA gained access to air-gapped computers A new WikiLeaks release of documents believed to have been stolen from the CIA show the intelligence agency’s capability to infect air-gapped computers and networks via booby-trapped USB sticks. Hackers extorted a cool $1…
UK Parliament Cuts Email Access After Cyberattack
Britain’s parliament shut down external access to e-mail accounts on Saturday following a cyberattack. Parliamentary authorities described the attack as “sustained and determined”, in an email sent to lawmakers and published by the Daily Telegraph. “Earlier this morning we discovered unusual activity and evidence of an attempted cyberattack on our computer network,” it read. “Closer…
WannaCry? You’re Not Alone: The 5 Stages of Security Grief
When it comes to securing the enterprise, the attackers have the advantage. Defenders are required to protect against every conceivable threat while the attacker needs only a single attack vector to penetrate a network. The universe of potential intrusion vectors is vast: faulty authentication mechanisms, gaps in the perimeter network, legacy applications, and, of course,…
Why WannaCry Was a Wake Up Call for Critical Infrastructure Security
The WannaCry ransomware attack impacted more than 10,000 organizations in 150 countries, including manufacturing and industrial organizations like Nissan, Renault and Dacia, Spanish Telefónica and Deutsche Bahn. It’s likely that a fair number of industrial organizations have been impacted, but haven’t reported the incidents since they are not required to do so by regulatory requirements.