Casey Ellis, founder and CTO of Bugcrowd, shares insights from the company's annual report, Inside the Mind of a Hacker 2021, which reveals that 8 out of 10 ethical hackers recently identified a vulnerability they had never seen before.
Good news on the breach prevention and incident response front: More businesses are getting more mature practices in place, although as attackers continue to improve their efforts, so too must defenders, says incident response expert Rocco Grillo of consultancy Alvarez & Marsal.
A suspected Russian group blamed for the SolarWinds compromise in 2020 is continuing to innovate and is infiltrating technology services and resellers, according to a new report from Mandiant. Mandiant says the group, which it calls UNC2452 and Microsoft calls Nobelium, practices "top-notch operational security."
In October, Missouri's governor accused a journalist of hacking after he alerted the state to exposed personal information on a state education website. Now, emails reveal that state planned on thanking him before it chose to pursue prosecution and that the FBI immediately dismissed the incident.
Learn about all of the latest in Security Analytics innovation coming in the newest release of Splunk Enterprise Security. We will do a deep dive and demos on the new capabilities and fresh interfaces.
The U.S. Transportation Security Administration has issued new security directives for higher-risk freight railroads, passenger rail, and rail transit that it says will strengthen cybersecurity across the transportation sector in response to growing threats to critical infrastructure.
Any technology that allows you to do a full-person assessment by taking into account nontechnical data as well as technical data is a value-add to an insider risk program, says Peter J. Lapp, former special agent at the FBI. He discusses the ingredients in a good insider risk program.
Many ransomware-wielding attackers continue to rely on initial access brokers to easily gain deep access to victims' systems, allowing them to steal data and attempt to pressure victims into paying via data leak sites. Researchers say that the number of victims being listed on such sites has surged.
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including how the FBI has seized bitcoins from an alleged REvil ransomware affiliate, how to mitigate risks from BIN attacks and the latest COVID-19 trends globally.
The latest edition of the ISMG Security Report features an analysis of best practices for negotiating a ransom payment. Also featured: Busting Zero Trust myths and the dangers of mythologizing defenders.
The Southeast Asian region will see a spike in multifaceted extortion with more public breaches, along with an increase in ransomware-as-a-service operations in 2022, says Singapore-based Yihao Lim, principal intelligence adviser at Mandiant Threat Intelligence.
A risk-based approach to secure against digital fraud requires putting in the correct security controls in proportion to the organizational risk, which is determined by understanding the customer's subconscious habits, says Australia-based Tim Dalgleish, senior director, a global advisory, at BioCatch.
"Enterprises are reluctant to move to the cloud because they are concerned about the infrastructure and data security that cloud vendors are going to offer," says Deepak Prasad, customer engineer, security specialist at Google Cloud. He gives advice on making the digital transformation journey smoother
Several cybersecurity officials charged with safeguarding U.S. critical infrastructure on Thursday outlined both current progress and the complexity of today's network defense. Oversight officials also testifying before the House discussed top-line items that remain outstanding among major agencies.
So what happens when you as a security leader get that call to protect the cybersecurity of executive leaders/board members outside the office? What are the right and wrong responses? Chris Pierson of BlackCloak shares new insight on executive protection best practices.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.asia, you agree to our use of cookies.