RSS_Virtulization

The MITRE ATT&CK® Framework proves that authority requires constant learning and the actionable information it contains has never held greater currency. Likewise, XDR, the category of extended detection and response applications, is quickly becoming accepted by enterprises and embraced by Gartner analysts, because they “improve security operations productivity and enhance detection and response capabilities.”   It is less well known how these tools align to improve the efficacy of your cybersecurity defenses leveraging key active cyber security industry frameworks. In MVISION XDR there’s a dynamic synergy between the MITRE ATT@CK Framework and…

ClubCISO, the international community of chief information security officers and security leaders, has announced the appointment of Stephen Khan as its new chair. Khan is head of technology and cybersecurity risk at HSBC Group Information Security Risk, and is also the current chair of the White Hat Ball. Khan has replaced Dr Jessica Barker as chair at ClubCISO, who will remain on the non-commercial organizations’ advisory board after serving two years as chair. Khan will…

Security experts have linked the Hades ransomware operation to the Hafnium state-backed group that was behind early attacks on Microsoft Exchange servers. The ransomware crew was responsible for attacks on trucking giant Forward Air and a handful of others. It has been linked to infamous Russian cybercrime operation Evil Corp (Indrik Spider), as a new variant of its WasterdLocker ransomware, designed to help the group escape sanctions that would discourage victims to pay up. However,…

Every organization should have an agreed understanding of risk, what that means for the company, and where the line of acceptability is (threshold). Knowing where this line is, and using it as a driving force for decision making within IT, can dramatically maximize resources and decrease costs.  Decision making Risk Management sometimes has the unfortunate nickname of being titled the Business Prevention Unit (BPU), but actually, that name couldn’t be further from the truth. Robust…

Last week (March 23 and 24) Infosecurity Magazine hosted its annual Spring Online Summit – a two-day virtual event showcasing 14 live, CPE-accredited sessions moderated by the Infosecurity editorial team, featuring an array of experts and thought-leaders discussing various topics and issues currently impacting the information security industry. Infosecurity is delighted to announce that the full event is now available to watch on-demand via the Infosecurity website. The immersive education program includes keynote presentations from…

The security of the UK’s transport, energy and other critical national infrastructures (CNI) could be threatened by staff burnout and IT skills shortages, according to new research from cybersecurity services company Bridewell Consulting. The firm discovered that, in the last year, 85% of IT decision-makers working to protect Britain’s infrastructure have felt increased pressure to improve cybersecurity controls. Of those, 47% have suffered unsustainable stress, 41% have been absent because of burnout, 32% are looking…

German lawmakers have been targeted once again by phishing attacks reportedly linked to Russian intelligence services. Local reports claimed yesterday that seven members of the Bundestag and 31 members of the state parliament had their inboxes compromised, although these appear to have been personal rather than official accounts. The phishing emails were spoofed to appear as if urgent messages sent by providers GMX and T-Online. The politicians belong to governing parties the CDU/CSU and SPD….

By Albert Zhichun Li, Chief Scientist, Stellar Cyber Almost since the beginning of network security, vendors and practitioners have wrestled with choices between going deep and going broad for their security solutions. Mostly, the choice varies between predominantly one or the other. Going deep typically means careful monitoring and analysis of certain types of threats or behaviors at the cost of not examining a much broader range of activity. Solutions that are broader may lack…

Based on real practitioners’ experiences By Stuart Berman, IT Central Station Super User December is typically a month when people who work in the IT field offer predictions for the coming year. 2020 has been a highly atypical year, however, so it’s a bit daunting to think about what’s coming over the horizon. Yet, my company is in a unique position to engage in prognostication. We source user data directly from users in the trenches….