Information Security newsfeeds from around the world in English and French. Find it all in one place… here.
As we head into 2021, ransomware is making another resurgence, particularly in targeted attacks from highly organized hacker groups. In fact, cybercrime is surging since the start of the pandemic. When IT and security professionals plan how to respond, they must not underestimate the degree to which many of the transformative changes to our working […]
Continue ReadingWhile adjusting to life under a pandemic, we’ve become familiar with a host of medical and safety terminology that either didn’t exist before or was of little interest to anyone not in the medical or scientific community. Phrases like social distancing, contact tracing, and super-spreader have now become part of the common lexicon. They matter […]
Continue ReadingThe cybersecurity industry loves acronyms and XDR is rising swiftly to the top of the charts of the current lexicon. Extended detection and response (XDR) is a designation used when you do not have the ability to cover a wide range of threat vectors. Simply put, XDR encompasses more than one type of detection, but […]
Continue ReadingLike bankruptcy, falling asleep, or even falling in love, today’s infrastructure and security pain points develop first gradually, and then all at once. The coronavirus pandemic accelerated trends that had slowly been changing businesses everywhere, transforming remote work from a perk to a necessity and sending even more of our data, applications, and day-to-day activities […]
Continue ReadingWhen it comes to mission-critical cloud applications, today’s security teams have a laundry list of different focus areas. From ensuring cloud providers deliver adequate protection and analyzing baseline activity to examining interconnected systems and understanding data flows, teams are stretched thin. With so many competing priorities, it’s no wonder they have a difficult time answering […]
Continue ReadingA security operations center (SOC) is the central nervous system of any advanced cybersecurity program. Yet even the most well-funded, highly organized and properly equipped SOC is often no match for a simple misconfiguration error. Organizations have piled security controls upon security controls, and still remain largely blind to the most serious threats they face. […]
Continue ReadingMarch kept us all very busy with the ongoing out-of-band Microsoft updates for Exchange Server and the printing BSODs, which plagued us since last Patch Tuesday. It looks like a standard release of updates from Microsoft next week, but before we get to patching vulnerabilities, I would like to focus on the need to discover […]
Continue ReadingSupply chain attacks target the weakest spot in most every enterprise’s security program: third-party access. The SolarWinds hack was a classic supply chain attack, compromising downstream organizations in order to traverse the victim’s extended enterprise of customers, suppliers, vendors and other third parties to gain unauthorized access to their on-premises and cloud systems. The hack […]
Continue ReadingIn this era of increasing technological complexity, watering hole attacks build on a model of simplicity. Just like predatory animals that hover near sources of water favored by their prey, attackers systematically infect websites likely to be visited by their targets. The law of probability suggests that a member of the target group frequenting the […]
Continue ReadingAs companies continue to navigate increasingly distributed environments, the question of zero trust is coming up more and more – as is the relationship between this framework and secure access service edge (SASE). Many security teams are looking to better understand zero trust security and SASE, including whether or not they are mutually exclusive or […]
Continue Reading