A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Claims of a new method to stash malware in parts of a system where no code has gone before has raised a few comments that, no, this is not new. As usual I’m sure we will see…

In today’s fast-paced cyber threat landscape, it is not a question of IF but WHEN an organization is going to get breached. And in order to prepare in a preemptive manner, organizations should strive to minimize their attackers’ dwell time as much as possible. This is why metrics such as MTTR (Mean time to respond) and MTTD (Mean time to detect) have grown to be highly relevant in the cybersecurity industry.

Most ransomware groups operating in the RaaS (Ransomware-as-a-Service) model have an internal code of ethics that includes avoiding breaching some specific sectors, such as hospitals or critical infrastructure, thus avoiding great harm to society and consequently drawing less attention from law enforcement.

What would you do when a security incident is detected? Shut down the servers? Pull out the power cord from the data center? When an incident is detected, both the incident method and the time required to contain an incident are essential to limit the damage. The slower you are to react, the more damage an incident would incur. And a service downtime to contain an incident can cost businesses even more than a security incident itself.

The Digital Operations Resilience Act (DORA) is the European Union’s attempt to streamline the third-party risk management process across financial institutions. A draft of DORA was published by the European Commission on 24 September 2020. Without this act, there isn't an objective Information and Communication Technology (ICT) risk management standard in Europe.

No organization is impervious to cyberattacks. But what separates resilient businesses from data breach victims is superior risk management. Resilience is achieved through the meticulous calculation of all potential risks and the application of necessary control measures to mitigate them. In this post, we present a 4-step framework for a reliable risk management plan.

Back in May 1998, as a member of the hacker think tank, L0pht, I testified under my hacker name, Weld Pond, in front of a U.S. Senate committee investigating government cybersecurity. It was a novel event. Hackers, testifying under their hacker names, telling the U.S. government how the world of cybersecurity really was from those down in the computer underground trenches.

Offers threat protection against both internal and external threats– External threats or hackers act from outside the organization and have to overcome the external security defense system to have access to the organization’s data. Malware, Phishing, DDoS attacks, ransomware, Trojan, worm, etc. are some of the methods used by hackers to gain entry into the organization’s corporate network. Unlike external threats, internal ones are usually hard to detect.

In May, President Biden issued an executive order designed to improve cybersecurity in the federal government and, by extension, the nation. Recently, details have started to come out about what this much-needed effort will involve. The latest development is a memorandum from the Office of Management and Budget that focuses on data log collection and analysis.