Michael Lines is working with ISMG to promote awareness of the need for cyber risk management, and the CyberEdBoard is posting draft chapters from his upcoming book, "Heuristic Risk Management: Be Aware, Get Prepared, Defend Yourself." This chapter - the last in the series - is titled "Building an Effective Defense."
When contracting for modern MDR services, Lyndon Brown of Pondurance advises prospective customers to ask about more than the managed service and detection. He says they should ask tough questions about response. Brown shares his insights and strategies.
Undisclosed attackers have likely stolen $1.7 million by deploying Clipminer, a cryptomining and clipboard hijacking malware, on compromised systems, says the Symantec Threat Hunter Team. According to the team, Clipminer is a copycat or an evolved version of cryptomining Trojan KryptoCibule.
Forescout has agreed to purchase startup Cysiv to help OT and IoT customers analyze, detect and respond to threats using cloud-native data analytics. The proposed acquisition will make it easier for customers to mine and cross-reference data that's stored on Forescout's platform.
Atlassian has issued a patch for its Confluence workspace collaboration tool, which is being targeted in the wild with a zero-day vulnerability that gives attackers unauthenticated remote code execution privileges. The vulnerability has a CVSS score of 10 out of 10 for criticality.
Devo has closed its Series F round and notched a $2 billion valuation to incorporate more capabilities into its SOC via acquisition. The company plans to use the $100 million to buy companies that will provide customers with additional intelligence on top of Devo's data for specific use cases.
A zero-day vulnerability in Atlassian Confluence, a workspace collaboration tool that serves millions of daily active users, is being targeted in the wild. The flaw, according to the company's security advisory, gives attackers unauthenticated remote code execution privileges.
Late-stage security startup Cybereason has laid off 10% of its employees in response to deteriorating market conditions less than a year after raising $325 million. The news was first reported by Israeli publications Calcalist and Globes, which both said roughly 100 employees had been let go.
ReliaQuest has agreed to buy Digital Shadows for $160 million to infuse its security operations platform with threat intelligence, attack surface management, and dark web monitoring. The deal will give clients more visibility and context around threats facing their networks, endpoints and cloud.
Memo to IT administrators: Don't store data in cloud in an unsecure manner. Security researchers at Secureworks have found more than 1,200 cloud-based, unsecured Elasticsearch databases that attackers wiped, leaving only a ransom note demanding Bitcoin in return for their restoration.
Milind Mungale of Protean eGov Technologies has led the security strategies for the company for two decades. He discusses the changing cybersecurity landscape and building security operations from the ground up for a company that handles sensitive government and citizen information.
Obtaining threat insight is like practicing judo - you want to use your attacker's power against them, says Chris Borales, senior manager of product marketing at Gigamon. He and Tom Dager, CISO of Archer Daniels Midland Company, discuss how to keep pace with the evolving ransomware landscape.
What has been Bangladesh's experience of cloud adoption, and what factors contribute to the apprehension about its wider adoption? Three experts - Md. Sanowar Hossain, Prabeer Sarkar, and Abul Kalam Azad - share their views on how to approach cloud security.
The U.S. Cybersecurity and Infrastructure Security Agency has added 75 flaws to its catalog of known exploited software vulnerabilities. The vulnerabilities were disclosed in three separate batches of 21, 20 and 34 vulnerabilities on Monday, Tuesday and Wednesday, respectively.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.