Russian Attacks Against Singapore Spike During Trump-Kim Summit

Blog / Jun 14, 2018

By sara boddy justin shattuck

Singapore saw a sharp rise in attacks targeting a variety of ports, from SIP clear-text (5060), Telnet, SQL, and host-to-host ports to those used for remote router management and proxy servers and caching.

Economic Espionage: How Nation-State-Funded APTs Steal Billions in Secrets

Blog / Jun 12, 2018

By ray pompon

Don’t think your company is immune from nation-state APTs going after your intellectual property. Take these essential steps to protect yourself.

The Eternal Struggle: Security Versus Users

/ Jun 7, 2018

By ray pompon

F5 Labs writes for Help Net Security, explaining how to deal with the often-adversarial relationship between security professionals and the users they support.

The Little Mistake That Causes a Breach

Blog / Jun 5, 2018

By ray pompon

A little mistake in security controls can have disastrous consequences. How common are they and how do you prevent them?

Advanced Attackers: Stealthy, Patient, Dangerous

Blog / May 31, 2018

By ray pompon

Advanced attackers are considered a top threat by CISOs. Although they are rare, their stealthy determination to learn everything about a target before they strike makes them especially dangerous.

Hacker Fashion Review

Blog / May 30, 2018

By ray pompon

It’s important for the fashion-conscious hacker to know what’s on trend! Here’s a preview of APT Group Purple Aardvark’s summer line—a few hits, some misses.

Managing Compliance Issues within the Value Chain

Blog / May 17, 2018

By kip boyle

Align your compliance requirements with your other business requirements so you can distinguish what you must do from what’s nice to do.

Drupalgeddon 2 Highlights the Need for AppSecOps

Blog / May 11, 2018

By lori macvittie

If you aren’t aware of Drupalgeddon 2, then you’ve either been living off the grid or don’t use the popular content management system (CMS).

Panda Malware Broadens Targets to Cryptocurrency Exchanges and Social Media

Article / May 9, 2018

By doron voolf

Panda malware is back in full force with three currently active campaigns that extend its targets beyond banking to new industries and organizations worldwide.

Risky Business: The Fifth Element

/ May 8, 2018

By preston hogue

Preston Hogue writes for Security Week, explaining the fifth element of risk transfer: Sec-aaS.

Russia Attacks Global Network Infrastructure Through Vulnerabilities That Extend Far Beyond Their Targets

Blog / May 4, 2018

By sara boddy

US-CERT TL18-106A alert underscores how insecure Internet systems really are and that ignoring the problem only increases the collateral damage.

Breach Costs Are Rising with the Prevalence of Lawsuits

Blog / May 2, 2018

By ray pompon

When it comes to tallying the total cost of a data breach, lawsuits figure prominently, alongside repair costs, loss of reputation and sales, compliance penalties, and operational downtime.

How Secure Are Your Third-Party Web Apps?

Blog / Apr 26, 2018

By ray pompon

You can’t assume that your third-party web apps are secure! You need to assess them yourself using this multi-step process.

The 2017 TLS Telemetry Report

Report / Apr 23, 2018

By david holmes

Privacy today isn’t just about staying away from prying eyes. The very act of communicating across the Internet with open, non-confidential protocols invites exposure to multiple threat types.

5 Fun Facts About the 2018 Singapore Cybersecurity Statute

/ Apr 19, 2018

By david holmes

Fun Fact #2: the author is looking forward to being a card-carrying Singaporean crime fighter (temporarily) someday.

Extend Your Security Program’s Influence with Adjuvants

Blog / Apr 17, 2018

By ray pompon

Savvy CISOs don’t go it alone; they rely on in-house collaborators (outside of the security team) to help achieve the organization’s security objectives.

Windows IIS 6.0 CVE-2017-7269 Is Targeted Again to Mine Electroneum

Article / Apr 12, 2018

By andrey shalnev

Attackers are targeting a Windows IIS vulnerability first disclosed a year ago to mine Electroneum.

Know the Risks to Your Critical Apps and Defend Against Them

Blog / Apr 10, 2018

By ray pompon

Critical apps are the ones that must never go down or be hacked. They are also the hardest to defend because they are often massive, ancient, and touch everything.

The Global Playing Field is Leveling Out as Europe and Asia Take on More DDoS Attacks

Article / Apr 6, 2018

By sara boddy justin shattuck ilan meller damien rocha

The latest DDoS trends include the return of large volumetric DDoS attacks, the rise of application targeted attacks, and businesses in Europe and Asia are growing targets.

Avoid Becoming a Crypto-Mining Bot: Where to Look for Mining Malware and How to Respond

/ Apr 3, 2018

By david holmes

People are mining coins all over the place-all it costs is money for the power bill. So, of course, clever people are figuring out how to use other people’s power to mine cryptocurrency.

Old Dog, New Targets: Switching to Windows to Mine Electroneum

Article / Mar 28, 2018

By andrey shalnev

Apache Struts 2 Jakarta Multipart Parser RCE crypto-mining campaign is now targeting Windows, not just Linux systems.

IoT: Moving to Security by Design

/ Mar 27, 2018

By david holmes

With device developers rushing to build IoT as fast as they can, security can suffer.

When Information Security is a Matter of Public Safety

Blog / Mar 22, 2018

By ray pompon sara boddy debbie walkowski

Seven steps for improving the security of critical infrastructure systems—and protecting the public from unnecessary risk.

Twelve Tips to Help Employees Keep Devices Secure When Away from the Office

Blog / Mar 20, 2018

By mike levin

Laptops full of confidential data are still getting stolen, and public Wi-Fi hotspots are being booby-trapped. CISOs need to make users aware of the threat to prevent this from happening.

Reacting to a Big Breach

/ Mar 15, 2018

By ray pompon

A big public breach is a teachable moment for both you and your organization.

The Hunt for IoT: The Growth and Evolution of Thingbots Ensures Chaos

Report / Mar 13, 2018

By sara boddy justin shattuck

IoT attacks show no signs of decreasing while infected IoT devices go un-remediated, and discovery of new thingbots is at a decade-long high.

Threat Modeling the Internet of Things: Modeling Reaper

/ Mar 9, 2018

By david holmes

Reaper is just one more blinking light in the faces of the InfoSec community reminding us that we need to get ahead of IOT madness.

rTorrent Vulnerability Leveraged in Campaign Spoofing RIAA and NYU User-Agents?

Article / Mar 8, 2018

By andrey shalnev

The rTorrent XML-RPC function configuration error targeted to mine Monero in February was also targeted in January in a campaign to spoof user-agents for RIAA and NYU.

Exploited Memcached Servers Lead to Record-Setting 1.3Tbps DDoS Attack

Blog / Mar 2, 2018

By sara boddy

Memcached is just one of many application infrastructure systems that could launch the same types of attacks if they were also misconfigured.

rTorrent Client Exploited In The Wild To Deploy Monero Crypto-Miner

Article / Feb 28, 2018

By andrey shalnev

A previously undisclosed misconfiguration vulnerability in the rTorrent client is being exploited in the wild to mine Monero.

Follow us on social media.