/https://cystory-images.s3.amazonaws.com/shutterstock_340623077.jpg)
The Password Reset Man in the Middle (PRMITM) attack exploits the similarity of the registration and password reset processes. To launch such an attack, the attacker only needs to control a website. To entice victims to make an account on the malicious website, the attacker can offer free access to a wanted resource (e.g. free software). Once the user initiates the account registration process by...
/https://cystory-images.s3.amazonaws.com/shutterstock_379694158.jpg)
The old concerns have not gone away – organizations still need to combat phishing and DDoS (distributed denial of service) attacks – but, overall, the cyber security landscape is changing. And changing fast. That’s the view of Rob Holmes, vice president of products at Proofpoint. The nature, scale and motivation behind cyber attacks on organizations are all shifting, Holmes argues, and the...
/https://cystory-images.s3.amazonaws.com/shutterstock_509404285.jpg)
In line with growing reliance on digital platforms and a worsening threat landscape, cyber resilience is high on the agenda for boards and executive committees. But Braam Pretorius, GM: Sales at ContinuitySA, says, "...research by Dimension Data shows that 68% of companies have no plan to respond to a cyber security breach, and remain unprepared for an attack. Business resilience and cyber...
/https://cystory-images.s3.amazonaws.com/shutterstock_334035776.jpg)
Security alert overload, a source of frustration for bank security departments for some time, appears to have careened out of control. A survey of bank security chiefs by the research firm Ovum documents how high the daily volume of messages about possible security incidents has grown. A third of the respondents were from banks in North America. Over a third (37%) of banks, it turns out, receive...
/https://cystory-images.s3.amazonaws.com/shutterstock_303863924.jpg)
Very few security functions are congratulated for patching. However, taking this up a level and considering the role of the information security function in the organization, it is ultimately the responsibility of the function leader to engage with senior management and explain how the function aligns with business needs. This implicitly includes patch management. Each discipline covered by the...
/https://cystory-images.s3.amazonaws.com/shutterstock_560750800.jpg)
‘Intent-based security’ (IBNS) is the process of applying analytics to the information generated by security devices on a network. Integration is the key to IBNS. This then lays the foundation for more advanced automated technology. The persistent cybersecurity skills gap means that products and services must be built with superior automation in order to correlate threat intelligence, which...
/https://cystory-images.s3.amazonaws.com/shutterstock_435095332.jpg)
More organizations appear to be heeding the advice to implement capabilities for detecting intrusions sooner, at least based on an analysis of data from breach investigations that security vendor Trustwave conducted for clients last year. Trustwave's analysis showed that the median number of days from an intrusion to initial detection of the compromise fell sharply from 80.5 days in 2015 to 49...
/https://cystory-images.s3.amazonaws.com/shutterstock_387732805.jpg)
Consumer companies may be operating with false confidence in their cybersecurity posture. Consumer business executives are confident in their ability to respond to cyberattacks but fail to document and test response plans. A new study from Deloitte polled nearly 400 CIOs, CISOs, CTOs, and other security execs about cyber risk and response plans affecting customer trust, payments, executive...
/https://cystory-images.s3.amazonaws.com/shutterstock_298349717.jpg)
Until recently, most companies merged networks with little-to-no cyber due diligence conducted on the target network before, during or after the acquisition. Acquiring companies previously focused on due diligence with regards to financial and legal fundamentals. Cyber due diligence ahead of Mergers and Acquisitions (M&As) now includes cyber assessment as part of the pre-acquisition checklist and...
/https://cystory-images.s3.amazonaws.com/shutterstock_590576420.jpg)
Acknowledging the threat of a data breach, the Center for Internet Security (CIS) developed 20 Critical Security Controls (CSC) that it recommends are followed to increase your security posture and reduce your attack surface. Tripwire mapped the top five CSC down to four cybersecurity pillars: CSC 1: Inventory of Authorized and Unauthorized Devices; CSC 2: Inventory of Authorized and Unauthorized...
/https://cystory-images.s3.amazonaws.com/shutterstock_645080563.jpg)
If you go to a conference, be wary of charging stations for mobile devices. If you’re an agency setting up a cyber sting, be sure to follow the rules. An Energy Department cyber office decided to test conference goers at the 2016 Cyber Conference in Atlanta with fake charging machines designed to download data from any devices that connected. Instead, the exercise showed gaps in oversight of...
/https://cystory-images.s3.amazonaws.com/shutterstock_156446807.jpg)
Beckman Coulter (Beckman), a medical device manufacturer that has been around since 1935, has devices that stay in the market for a long time, sometimes 20 years or more, representing multiple generations of a product. Legacy OS has its challenges, says Scott T. Nichols, Director of Global Product Privacy and Security at Beckman. He refers to postmarket device security management in terms of an...
/https://cystory-images.s3.amazonaws.com/shutterstock_420752692.jpg)
A UK researcher hacked his way through the public websites of the US Department of Defense and several major commercial organizations via some not-so visible weaknesses and vulnerabilities that netted him a grand total of $30,000 in bug bounty rewards. James Kettle, head of research at PortSwigger Web Security, used homegrown hacking tools to find holes in certain public websites and to then drop...
/https://cystory-images.s3.amazonaws.com/shutterstock_649336852.jpg)
The Flashpoint mid-year update to its Business Risk Intelligence Decision Report aims to inform business decision-makers about different threats so they can prepare to respond. Major cyber players listed in the report include Russia, China, Iran, North Korea, and Five Eyes (US, UK, Canada, Australia, New Zealand), though the report states Five Eyes does not use its cyber powers for destructive...
/https://cystory-images.s3.amazonaws.com/shutterstock_75690391.jpg)
A secure administrative workstation (SAW) is a specialized, security locked-down computer that admins are required to use to do anything administrative. At the very least, a SAW is prevented from going to the Internet and being contacted from the Internet. Today’s SAWs often go further by preventing any unauthorized program from executing, usually by using a whitelisting application control...
/https://cystory-images.s3.amazonaws.com/shutterstock_180365198.jpg)
The attack chain. It’s a term used often in infosecurity. Also known as the kill chain, it was originally used as a military concept to describe the structure of an attack. It serves the same function in cybersecurity, where various methods of malware infiltration, deployment, and execution are outlined. To break the attack chain, then, means to preempt the attack. This is of obvious...
This category provides expertly curated cyber security news on the cyber security strategy and planning. Cyber Strategy and planning is a broad term that includes but is not restricted to cyber security governance, cyber security best practices, cyber security tips, cyber security definition. The sole aim is to impart situational awareness to the individual user and organizational teams that helps them follow the best practices and benchmark standards set across the industry. The news published under this category helps user with awareness on various important topics that add to the decision-making ability of the individual or the organization on sensitive issues like cyber defense strategy and planning. This category covers both the private and the government sector. Detailed analysis of the cyber security plan adopted by various governments, and corporate giants are often discussed with meticulous observations to enrich the understanding of our users.
