RSS_Virtulization

By Chris Kennedy, CISO & VP of Customer Success, AttackIQ More than seven months into the onset of the novel coronavirus, it feels strange to look back on the things we previously took for granted in our day-to-day lives and accept the new reality— of working from home to celebrating events online to having a doctor’s appointment via Zoom. We have adapted to life under the novel coronavirus by becoming ‘A Very Online People.’  Hostile…

In part one of this two-part series, I laid out the major reasons why organizations need to integrate cloud exit planning into their overall cloud strategies.  If you haven’t already read part one, you can find it here.  This blog picks up that thought and extends it by looking at the need to have a plan for any app that is important to the business and the complications of PaaS and SaaS.  I then switch…

Security firm Cybereason has announced a new partnership with Oracle to enhance protection for customers in the face of a growing cyber-threat landscape. Firstly, it has adopted the Oracle Cloud Infrastructure to run its automated Cyber Defense Platform. Cybereason said this will improve security and risk posture as well as reduce operational costs for customers using its platform. It placed a particular emphasis on Oracle Cloud Infrastructure’s ability to accelerate artificially intelligent threat detection. Additionally,…

Learn how to prevent cybercriminals from taking advantage of users’ minds that are on “automatic.” Image: iStockphoto/ipopba When a business experiences a cyberattack, there tends to be a certain amount of finger-pointing. Users are usually blamed, which might be fair, but not always for the most commonly suggested reasons. Cybercriminals have always used whatever means available to defeat the newest cybersecurity mousetrap or, better yet, avoid it. Right now, that means leveraging human nature.  …

Microsoft, Google, Cisco and a host of other tech giants have added their names to a legal filing supporting Facebook’s case against controversial spyware developer NSO Group. The social network took the Israeli firm to court after alleging that the latter exploited a vulnerability in WhatsApp which helped its clients spy on over 1400 users globally. It’s believed that the bug or similar ones may also have been used to help Saudi Arabian officials spy on…

Die Cloud ist und bleibt ein Treiber für die digitale Transformation. Nachdem der Fokus primär auf die Erkennung von Shadow-ITund die Absicherung von SaaS-Diensten lag, wandert nun der Blick auf längerfristige Projekte: Die Migration von ganzen Dienstenund Anwendungen in Richtung Cloud. In diesem Podcast sprechen wir daher über die Themen Infrastruktur und Container in derCloud, wie diese sich in die bestehende Architektur einbinden und welche weiteren wichtigen Sichtweisen für eine umfassendesSicherheitskonzept hilfreich sind. Source link

In a blog post released 13 Dec 2020, FireEye disclosed that threat actors compromised SolarWinds’s Orion IT monitoring and management software with a trojanized version of SoalrWinds.Orion.Core.BusinessLayer.dll delivered as part of a digitally-signed Windows Installer Patch. The trojanized file delivers a backdoor, dubbed SUNBURST by FireEye (and Solorigate by Microsoft), that communicates to third-party servers for command and control and malicious file transfer giving the attacker a foothold on the affected system with elevated privileges. From…

Some experts argue that users might actually be the most vital link when it comes to certain types of cyberattacks. Image: iStockphoto/maxkabakov “People often represent the weakest link in the security chain and are chronically responsible for the failure of security systems.” This quote is from the book Secrets and Lies: Digital Security in a Networked World, written by well-known cybersecurity expert Bruce Schneier and first published in 2000.  Some experts, including Ciarán Mc Mahon,…

Russia has officially denied any culpability for a recent cyber-attack that impacted at least six federal agencies in the United States. America’s Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive last week after cyber-criminals trojanized updates to SolarWinds’ Orion IT monitoring and management software to launch a large-scale cyber-attack.  CISA said that the incident poses “unacceptable risk to the security of federal networks” and urged all federal civilian agencies to review their networks for indicators of compromise…

In early December 2020, Anomali Threat Research identified a website engaging in fraudulent dog sales, specifically for German Shepherds. The analysis revealed 17 additional websites also engaging in pet fraud activities for birds and cats, as well as one phone number match for a Facebook page car fraud scheme, and one number for an essential oils scam. The actor(s) behind this campaign are not sophisticated, and aim to receive non-refundable deposits for fraudulent pet sales…