In the first installment of this three-part series based on our recent white paper, The Skeptic’s Guide to Buying Security Tools, we outlined an evidence-based approach to helping your organization justify a new security tool purchase. This included identifying where security gaps exist, if those gaps could be filled by existing tools, and—if not—how to evaluate potential tools that could help.
Read also: US and UK sanction 11 Russians in connection with Trickbot malware, Football Leaks hacker escapes jail term, and more.
Over the past several years, an increasingly fluid work environment has followed trends of modern globalization in the workplace. Leveraging cloud solutions, many companies have let go of historical limitations imposed by on-premises and local solutions. The truth is, cloud outsourcing can be a game changer, as it provides organizations with more cost effective and management friendly software, infrastructure, and computing power than would otherwise be possible.
In the ever-evolving cybersecurity landscape, the need for a comprehensive security data lake (SDL) has become important to some enterprises. Organizations face multi-vector threats that demand extensive data analysis to effectively counter them.
Fileless malware, true to its name, is malicious code that uses existing legitimate programs in a system for compromise. It operates directly in the Random Access Memory (RAM) without requiring any executable files in the hard drive. Differing from conventional malware, fileless attacks are stealthier in nature, falling under the category of low-observable characteristics (LOC) attacks.
CISA, the United States's Cybersecurity and Infrastructure Security Agency, has ordered federal agencies to patch their iPhones against vulnerabilities that can be used as part of a zero-click attack to install spyware from the notorious NSO Group.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. Here we are again with another zero day affecting iMessage…
A new comprehensive study by researchers at RWTH Aachen University in Germany did a study on over 300,000 docker images finding that 8.5% contained API keys and private keys that malicious actors could exploit in the wild.
Numerous U.S.-based companies that operate online have customers from the European Union (EU) or other parts of the European Economic Area (EEA). If your business engages with these customers, it is subject to the EU’s General Data Protection Regulation (GDPR). This extensive data privacy regulation has an impact on many U.S. entities due to its extraterritorial reach.
Under Data Encryption, the CISA Zero Trust Maturity Model v2.0 cites the criticality of “cryptographic agility” on the third (out of four) level of maturity. Cryptographic agility is the ability to change the underlying cryptographic algorithms in applications and communications channels. I believe this highlights the importance for organizations to be able to pivot their encryption algorithms to a post-quantum cryptographic world.
