Researchers have observed China-based, government-sponsored threat actors collecting intelligence by targeting Russian government officials with an updated variant of a remote access Trojan known as PlugX. And Microsoft shares a detailed report about Russian cyberattacks observed against Ukraine.
Sophos bought early-stage vendor SOC.OS to help customers detect abnormalities in their IT environment earlier by ingesting data from third-party platforms. SOC.OS will allow customers to extract information sooner from non-Sophos firewalls, network proxies and endpoint security technology.
Security leaders are leveraging blockchain's decentralized approach to establish user identity, as it is designed to ensure the correction of transaction through reliable sources that help to contain fraudulent transactions, says Edmund Situmorang, CTO at Prodigi, Sinar Mas Group.
Online attackers are increasingly targeting the financial services sector. John Fokker, head of cyber investigations at Trellix, says his firm has charted a 22% quarterly increase in ransomware attacks on financial services, and APT detections have risen by 37%. Here's how the industry must respond.
TLS machine identity-related outages—from expired, misconfigured or unknown TLS certificates—are the Achilles heel of digital transformation projects. Do it wrong and perfectly functioning applications and services can be rendered inoperable. Worse still the security controls you rely on, from traffic inspection...
TLS machine identity-related outages—from expired, misconfigured or unknown TLS certificates—are the Achilles heel of digital transformation projects. Do it wrong and perfectly functioning applications and services can be rendered inoperable. Worse still the security controls you rely on, from traffic inspection...
Michael Lines is working with ISMG to promote awareness of the need for cyber risk management. As a part of that initiative, CyberEdBoard posts draft chapters from his upcoming book, "Heuristic Risk Management: Be Aware, Get Prepared, Defend Yourself." This chapter is "Recognize the Threats."
In Q4 2021, Kroll observed a 356% increase in common vulnerabilities and exposures
(CVEs) or zero-day vulnerabilities being exploited for initial access when compared to
Q3 2021.
With 2021 being a record year for vulnerabilities, these findings underscore the risk to organizations in the wake of...
Every connected device is now considered a part of the Extended Internet of Things (XIoT). When securing XIoT devices that connect to networks, it can be hard to account for all the nuances required to secure them. What simplifies the process of delivering contextually aware threat detection and recommendations is an...
Insider risk and data loss prevention (DLP) are a top concern for organisations today. And it makes sense, with a distributed workforce and increasing reliance on technology, legacy, on-prem DLP technology hasn’t lived up to its promises.
That’s because data loss begins with people, whether careless, compromised...
As Russia's invasion of Ukraine continues, what should global CISOs and security teams do to ensure that their organizations stay protected? Beyond following cybersecurity agencies' guidance, experts offer advice on how to brief the board of directors, appeal for resources, support teams and more.
As the Russian invasion of Ukraine escalates, organizations in the U.S. and Western Europe wonder: What is the potential blowback if the U.S. strikes back at Russia? Sam Curry, veteran CSO of Cybereason, reviews the possibilities and advises about how best to approach risk and preparedness.
According to a new threat report from Expel, business email compromise should now be viewed as "public enemy #1." Jonathan Hencinski of Expel is joined by Theodore Peterson of Datasite to support that claim and discuss how best to strategize against these schemes.
With API abuses expected to become the top threat vector in 2022, continued neglect can only mean yet more
successful cyberattacks.
This white paper shows the importance of including APIs in web application security testing and outlines a modern approach to vulnerability testing that covers the entire attack...
By identifying the 10 most common ATT&CK techniques used by adversaries, The Red Report by Picus Security helps security teams prioritize threat prevention and detection efforts. Its findings highlight the importance of a threat-centric approach and the need for organizations to continuously validate the effectiveness...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.