Software vulnerabilities sometimes have an uncanny knack of revealing themselves, even when a bug hunter is looking someplace else. Sam Curry's probing eventually revealed a cross-site scripting flaw in a Tesla service, which netted him a $10,000 bounty.
Cyber adversaries are resilient and move quickly, so it'st critical that organizations share threat intelligence in an automated way, says Shawn Henry of CrowdStrike Services. But that sharing has been hampered by a lack of understanding of why it's important and how organizations can benefit, he says.
Malicious actors are increasingly using social media platforms to spread malware to unsuspecting victims. In the latest incident, Facebook removed more than 30 pages from its platform after security analysts with Check Point Research found that a hacker had loaded them with malware.
Threat intelligence programs have evolved greatly over the past decade. But Mario Vuksan, CEO of ReversingLabs, says too many organizations are overlooking the value of local intelligence embedded in their own networks. Vuksan talks about maximizing TI resources.
With the volume of data breaches
and cyberattacks continuing to rise,
organizations are increasingly relying on
Breach and Attack Simulation tools to
provide more consistent and automated
validation of controls, says Cymulate's
Download this eBook to learn more about:
The state of data breaches and...
The cyberattack earlier this year against Indian outsourcer Wipro, as well as several of its customers, is part of a much larger, multiyear phishing campaign that involves many more companies used as jumping off points, according to RiskIQ, which says the attackers apparently are manipulating gift cards.
Six major cloud services providers apparently were victims of Cloud Hopper, an umbrella name for deep cyber intrusions suspected to originate in China, Reuters reports. The report also alleges Cloud Hopper-affected companies withheld information from their clients for reasons of liability and bad publicity.
The 2019 Internet Security Threat Report takes a deep dive into insights from the Symantec Global Intelligence Network (GIN), revealing the latest trends in cyber security attacks including ransomware, formjacking, cloud security and mobile threats.
Through GIN, Symantec has established the largest civilian threat...
A top cybersecurity imperative for organizations is to "take proactive mitigation before an event even occurs" by tracking attack trends and mitigating against emerging types of attacks, says Akamai's Jay Coley.
Criminal gangs have been hitting e-commerce sites hard lately by injecting their malicious code to "skim" customers' payment card details. In a recent twist, Malwarebytes spotted a malicious iFrame that steps in front of the normal payment process to intercept card details.
With cyberattacks, online espionage and data breaches happening at a seemingly nonstop pace, Western intelligence agencies are bringing many of their capabilities out of the shadows to help businesses and individuals better safeguard themselves and respond. We need all the help we can get.
How well-equipped is your organization to stop malicious attackers once they're inside your network. According to this study of over 600 IT security professionals, almost two-thirds of respondents lack efficient capabilities to detect and investigate stealth attackers before serious damage occurs.
TA505, a sophisticated advanced persistent threat group, is now using legitimately signed certificates to disguise malware that can penetrate banking networks, security researchers warn in a new report.
The director of Britain's GCHQ intelligence agency said at this week's CyberUK conference that declassifying and putting "time-critical, secret information" for stopping online threats into the public's hands "in a matter of seconds" is an imperative.