Search results for: supply chain compromise

organize

The evolution of the modern CISO

Ask anyone who has been around the cybersecurity world long enough and they’ll tell you just how much evolution the industry has undergone in the past few decades—particularly from the perspective and position of the Chief Information Security officer (CISO). The modern CISO The role of CISO first emerged as organizations embraced digital revolutions and began relying on new data streams to help inform business decisions. As technology continued to advance and became more complex, … More

USA

Thoughts on Biden’s cybersecurity Executive Order

Colonial Pipeline is a major American oil pipeline system that originates in Houston TX and supplies gasoline and jet-fuel to a significant portion of the US, specifically the South-Eastern US. The ransomware attack that hit their computing environment brought their network (and operations) to a grinding halt and fueled gasoline shortages in various parts of the country. A few days after the devastating Colonial Pipeline ransomware hack, the Biden Administration released a new Executive Order … More

zero trust

Can zero trust kill our need to talk about locations?

As security professionals, we have acknowledged for over a decade that our data resides outside our network. Yet, we still talk about strategies for protecting the enterprise vs cloud infrastructure, or access management for branch offices vs remote workers. We need to stop talking about places and start focusing on a goal like location-agnostic access. Cybercriminals are focused on achieving access via compromised accounts. The 2020 Data Breach Investigations Report (DBIR) showed that over 80% … More

online marketplace

How data manipulation could be used to trick fraud detection algorithms on e-commerce sites

As the marketing of almost every advanced cybersecurity product will tell you, artificial intelligence is already being used in many products and services that secure computing infrastructure. But you probably haven’t heard much about the need to secure the machine learning applications that are becoming increasingly widespread in the services you use day-to-day. Whether we recognize it or not, AI applications are already shaping our consciousness. Machine learning-based recommendation mechanisms on platforms like YouTube, Facebook, … More

code

ReversingLabs Malware Lab: Detect, classify, analyze, and respond to malicious files

Designed to support modern security organizations increasingly delegating malware analysis to specific security operations (SOC) or development security operations (DevSecOps) experts, the ReversingLabs Malware Lab solution equips these teams with a unified threat analysis engine and console to rapidly detect, classify, analyze, and respond to malicious files and associated Indicators of Compromise (IOCs). “Organizations are struggling to validate the effectiveness of their internal security controls and to respond to ever increasing quantities of actionable alerts. … More

bomb

Collaboration between network access brokers and ransomware actors deepens

In this Help Net Security podcast, Brandon Hoffman, CISO at Intel 471, discusses about the increased collaboration between network access brokers (NAB) and ransomware operators, and how they funcion it today’s threat landscape. Here’s a transcript of the podcast for your convenience. Hi everybody. My name is Brandon Hoffman. I’m the CISO at Intel 471, a threat intelligence firm. I’m excited to join the podcast today, and I was planning to talk a little bit … More

Avast Business Hub protects critical data and fights cyberthreats from one unified solution

Avast announces the official launch of Avast Business Hub, a new security platform designed to streamline how Avast’s channel partners, managed security service providers (MSSPs), and business customers manage their cybersecurity solutions. With growing remote workforces, increasing number of ransomware, phishing, supply chain and BEC (business email compromise) attacks, and expanding compliance needs, the risk that end-user devices in business networks face has never been higher. Avast is introducing a modern, holistic and innovative platform … More

ransomware

Double-extortion ransomware attacks on the rise

Zscaler announced a report featuring analysis of key ransomware trends and details about the most prolific ransomware actors, their attack tactics and the most vulnerable industries being targeted. The research team analyzed over 150 billion platform transactions and 36.5 billion blocked attacks between November 2019 and January 2021 to identify emerging ransomware variants, their origins, and how to stop them. The report also outlines a growing risk from double-extortion attacks, which are being increasingly used … More

ReversingLabs announces REVERSING2021 software supply chain virtual roadshow

ReversingLabs announced REVERSING2021, a seven-city digital, global roadshow series. Addressing Fortune 500 business concerns, this virtual series will provide the supply chain analysis of the SunBurst compromise, while offering attendees new approaches and immediate actions they can take to mitigate future unknown software supply chain attacks. “The SunBurst attack provided costly insights into the power of the next generation of attacks that thrive on access, sophistication and patience,” said Mario Vuksan, CEO, ReversingLabs. “Our team … More

week in review

Week in review: Top security threats for power plants, defending against Windows RDP attacks

Here’s an overview of some of last week’s most interesting news and articles: Why threat hunting is obsolete without context Threat hunting is one of the more recent methodologies implemented by IT professionals to find dormant or active threats on their network to better understand and harness network visibility and threat actor entry points. Yet this capability can only be effectively leveraged when practiced in a broader security context. 90% of security leaders view bot … More

containers

3 areas of implicitly trusted infrastructure that can lead to supply chain compromises

The SolarWinds compromise in December 2020 and the ensuing investigation into their build services put a spotlight on supply chain attacks. This has generated a renewed interest by organizations to reevaluate their supply chain security posture, lest they become the next SolarWinds. But SolarWinds is just one of many recent supply chain attacks. To get a broader understanding of what organizations are up against, let’s look at three major supply chain compromises that occurred during … More

Accenture invests in Prevailion to provide clients with early warning of cyber threats

Accenture has made a strategic investment, through Accenture Ventures, in Prevailion, a next-generation cyber intelligence company that provides clients with expansive visibility into malware across their organization and supply chains with early detection of advanced threats through adversary counterintelligence. The investment will enhance Accenture’s ability to provide clients with advanced indications and warnings of cyber threats through actionable evidence of malware that has potentially compromised their systems and third-party ecosystems, which are increasingly prime targets … More