Cybersecurity risk management is the practice of prioritizing cybersecurity defensive measures based on the potential adverse impact of the threats they're designed to address. Establishing a risk management approach to cybersecurity investment acknowledges that no organization can completely eliminate every system vulnerability or block every cyber-attack.
The cybersecurity industry is increasingly producing enormous amounts of raw threat data. The sheer volume of information threat researchers must sift through makes it difficult to collect, analyze, and research that data in a timely manner. This in turn limits their ability to understand what data is valid and useful and whether threat artifacts will result in legitimate threat indicators.
GuLoader is a sophisticated malware downloader that stores its payloads in Google Drive and Microsoft OneDrive. In addition to using popular cloud apps to evade network-based detection, it uses anti-VM techniques to evade sandbox analysis. Since it was first discovered in December 2019, GuLoader has become one of the top malware delivery mechanisms observed in the wild. It is used by multiple threat actors to deliver a variety of threats, most commonly remote access Trojans (RATs).
Have you ever stood in the airport security line when the agents bring the dog out to inspect everyone’s luggage? I’m always so fascinated watching the dog go down the line and do her work. Wow she’s so smart! How does she know what to look for? My own dog has talents of her own, but she would not get hired for this job. She has a good functioning nose, but she’s not trained to detect these things and wouldn’t be able to tell me when she finds something troublesome.
We have seen a marked move to remote work in recent months. While the times have been troubling and stressful in many ways, there has been a flip side. Many of us have found newfound freedoms in how and where we work. With these freedoms come risks. While we can access our email, files and other communications remotely, many have not stopped to ask; are we too open? What level of remote access does each employee need and more crucially what do they not need?
Technology and cyber systems have become essential components of modern society. Despite the benefit of cyber technologies, insecurities arise. These could affect all systems and infrastructures. More than that, the threat of a cyberattack could very well have a transnational component and effect as worldwide systems become increasingly interconnected.
Drive-by download attack is one of the most popular methods employed by hackers nowadays. What is it? How can you protect your organization from it? Keep reading to learn! Malware attacks have been preserving their popularity amongst the hackers for a while. They are relatively easy to implement when targeting medium to small scale organizations, they can go unnoticed for a very long time and extract information from the target quietly.
Solving Puzzles has been a very popular pastime for InfoSec professionals for decades. I couldn’t imagine a DefCon without the badge challenge. At Black Hat 2020 Matt Wixey, Research Lead at PwC UK, didn’t disappoint as he presented on parallels between puzzle-solving and addressing InfoSec problems.
Last year, Capital One showed the world why data governance is so important when it was the victim of a massive data breach that exposed the personal data of 106 million customers. It is still one of the biggest hacks ever recorded, and the company has now been fined $80 million by banking regulators. A “what’s in your wallet” meme would work great here, but let’s keep this classy.
