Latest

Business Continuity Management / Disaster Recovery

Hackers Attempted DDoS Attack Against Utility: Report

Akshaya Asokan  •  September 10, 2019

Earlier this year, intruders probed weaknesses in the network firewalls of a U.S. power utility to attempt a distributed denial-of-service attack, but there was no disruption in electricity service, according a recently released report. The incident illustrates potential weaknesses in the power grid.

Cybercrime

Wikipedia Investigates DDoS Attack

Apurva Venkat  •  September 9, 2019

Online encyclopedia Wikipedia is investigating a DDoS attack that temporarily blocked access to several of its European and Middle Eastern sites over the weekend.

Security Operations

SecOps Is Broken. What Can We Do About It?

Information Security Media Group  •  September 6, 2019

Learn how your enterprise security team can step up to the challenge of increasing daily attacks.

Cybercrime

Satori Botnet Co-Creator Pleads Guilty

Scott Ferguson  •  September 4, 2019

Kenneth Currin Schuchman, 21, who authorities charged with co-creating the massive Satori botnet that was used to wage several large-scale DDoS attacks, pleaded guilty Tuesday to a single federal charge.

Security Operations

Sorting Through 'Zero Trust' Misconceptions

Tom Field  •  August 27, 2019

F. Ward Holloway of Forescout Technologies sorts through what he sees as common misconceptions about the "zero trust" approach to security, including the assumption that it can prove to be too costly and complex to implement.

Active Defense & Deception

Operation Soft Cell

Cybereason  •  August 23, 2019

In 2018, the Cybereason Research team identified a series of attacks targeting telecommunications companies. These attacks shared the same TTPs and consisted of a webshell execution followed by the deployment of Poison Ivy, a well-known RAT attributed to Chinese APT groups.

Cybercrime

Down and Out in Hacktivist Land

Mathew J. Schwartz  •  August 23, 2019

Where have all the hacktivists gone? While the likes of Anonymous, AntiSec and LulzSec became household names in the early 2010s, in the past three years the number of website hacks, defacements and information leaks tied to bona fide hacktivists has plummeted.

Account Takeover

Credential Stuffing Attacks vs. Brute Force Attacks

Mike Greene  •  August 19, 2019

To explore how credential stuffing attacks and brute force attacks differ, we need to understand what they are and how they operate. Here is a quick summary.

Cloud Access Security Brokers (CASB)

Cloud Security Solutions for Government: Recorded at AWS Public Sector Summit

Information Security Media Group  •  July 31, 2019

FireEye and AWS hosted a Cloud Security Breakfast Briefing summer of 2019. During this briefing Stephen Alexander, AWS National Security Senior Solutions Architect and FireEye's Martin Holste, Cloud Security CTO, and Tim Appleby, Director of Federal Programs, addressed how organizations can achieve the security needed...

Cybercrime

Code Triage: Why Healthcare is Facing More Cyber Attacks and How to Protect Your Organization

Information Security Media Group  •  July 31, 2019

Healthcare organizations face a number of unique security concerns, including the increasingly interconnected systems between doctors' offices, hospitals, insurance companies and suppliers.

Governance

Tackling the IAM Modernization Journey: Insights from CISO Sam Massiello

Ping Identity  •  July 31, 2019

Gates Corporation CISO Sam Masiello on how they brought their vision of a global authentication authority to life with advisory, configuration, deployment, and employee training.

Network Firewalls, Network Access Control

Spotlight on Zero Trust Network Access

Information Security Media Group  •  July 30, 2019

The promise of cloud and mobility is to provide access to key services quickly and from anywhere at any time from any device. Zscaler's Lisa Lorenzin opens up on zero trust network access technologies, which provide a secure alternative to legacy methods.