At his six-month mark in office, President Biden is making the right moves to ensure the United States is safer in cyberspace, according to an overwhelming majority of cybersecurity experts we polled. Biden’s term has been marked by a string of cyber cataclysms starting with cleaning up the SolarWinds Russian espionage campaign, which was discovered …
Then, I heard about Attivo and as one of the four CDM judges on our Infosec Awards from 2017, with them being one of our winners, receiving an overwhelming positive vote from the judges, I wanted to dig into what they are up to a little further and look at them within the purview of the Time-based Security model – could a solution like the Attivo ThreatDefendTM Deception and Response Platform actually deliver a way to slow down the breaches, because, frankly, we’re not yet going fast enough to stop them?
Credit reporting firm Equifax (EFX) reported Thursday hackers had accessed Social Security numbers, driver’s license numbers, and other vital personal data of 143 million people in the US.
Little was revealed about the details of the cybersecurity breach, other than it stemmed from an exploited web application. Even without specifics, Equifax’s hacking illustrates a larger trend in tech companies — a clear lack of focus on software security.
Hackers have targeted and successfully penetrated the operational networks of a number of energy companies in the United States and Europe, putting core aspects of power grids at risk, security researchers warn.
Security firm Symantec reported the intrusions, which the researchers attributed to a state-sponsored hacked group known as Dragonfly. The hacking collective has been targeting energy companies since at least 2011 and has made strides in the type of access the group has been able to achieve in the last year.
The report from Symantec marks the result of an escalation in attacks carried out by Dragonfly. The group reportedly began a campaign against industrial firms in 2015 and ramped up its efforts in April of this year, creating a new and troubling scenario that the hackers already have access and are simply lying in wait to carry out their attack.
Despite Russia’s attempt to hack the 2016 U.S. election and the voter registration systems of 21 states, an NBC News investigation reveals that election officials in the most heavily populated counties of three crucial swing states still haven’t received formal training on how to detect and fight attacks.
Election officials in three of Pennsylvania’s four biggest counties — Philadelphia, Allegheny and Bucks, which together account for nearly a third of the state’s voters — told NBC News they never received cybersecurity training, which experts say is crucial for officials to identify risks.
More than 6 billion records were exposed as a result of the 2,227 data breaches that were reported in the first six months of 2017, according to a new report from Risk Based Security.
The number of publicly disclosed data compromise events through June 30 remained in line with the number of breaches disclosed mid-way through 2015 and 2016, but the total number of records exposed surpassed 2016’s year-end high mark.
The top 10 data breaches exposed 5.6 billion of the 6 billion records compromised, and had an average severity score of 9.82 out of 10.0, Risk Based Security’s report (PDF) reveals.
We asked 25 security professionals to provide us with some examples of use cases where they are helping clients secure applications and data. Here’s what they told us:
1) We ensure apps that manage valuable data (personally identifiable information, healthcare data) are secure. We see data dumps of SQL databases from insecure apps on the dark web all the time. We help customers identify their high-risk applications, identify the kind of data at stake, and evaluate the risk to the company. We prioritize and put the appropriate testing in place to protect customer data managed by the web app. 2) Hackers are using apps to break into internal networks of corporations. Any app poses a risk if someone can access your mainframe through it. We help clients identify the risk of their apps.
LONDON — Hackers using a tool stolen from the United States government conducted extensive cyberattacks on Friday that hit dozens of countries around the world, severely disrupting Britain’s public health system and wreaking havoc on computers elsewhere, including Russia.
Hospitals in Britain appeared to be the most severely affected by the attacks, which aimed to blackmail computer users by seizing their data. The attacks blocked doctors’ access to patient files and forced emergency rooms to divert people seeking urgent care.
Kaspersky Lab, a Russian cybersecurity firm, said it had recorded at least 45,000 attacks in as many as 74 countries.
Swift, the global banking platform used to manage money transfers between over 10,000 financial institutions, is urging its users to bulk up security amid revelations the US National Security Agency (NSA) exploited vulnerabilities in Microsoft products to spy on its clients.
Last week, a hacking group known as the Shadow Brokers published a batch of explosive documents alleging the NSA accessed the Swift network by compromising third party services in the Middle East and Latin America. The group previously released files exposing alleged NSA “cyberweapons”.
“Customers should pay close attention their own security and take security into consideration when selecting a service bureau and working with other third party providers,” the Brussels-based organisation said in a lengthy statement on 17 April (Monday).
The U.S. Department of Health and Human Services, Office of Civil Rights (“OCR”), the agency tasked with enforcing the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), recently announced that it will redouble its efforts to investigate smaller breaches of Protected Health Information (“PHI”) that affect fewer than five-hundred (500) individuals.