Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
The NSA and FBI released detailed information about the Drovorub Linux malware, but major cybersecurity companies haven't found a single sample. [Read More]
Threat actors compromised a software company to deliver malware to five out of over 100,000 users. [Read More]
Updated versions of Lebanese Cedar’s Explosive RAT and Caterpillar web shell found on victim networks. [Read More]
Law enforcement authorities in the U.S. and Europe have seized the dark web sites associated with the NetWalker ransomware operations and also charged a Canadian national in relation to the malware. [Read More]
Cybersecurity companies Mimecast, Qualys and Fidelis have confirmed being impacted by the SolarWinds attack. [Read More]
President Joe Biden has instructed U.S. intelligence agencies to provide him with a detailed assessment of the SolarWinds hack. [Read More]
Symantec researchers have uncovered another piece of malware used in the SolarWinds attack, namely Raindrop, which has been used for lateral movement and payload deployment. [Read More]
In one attack, the cybercriminals found an employee via the company’s chatroom and then convinced them to log into a fake VPN page to reveal their credentials. [Read More]
SolarLeaks is offering to sell — for tens and even hundreds of thousands of dollars — files allegedly obtained as a result of the SolarWinds breach. [Read More]
Mimecast learned from Microsoft that one of its certificates was compromised by sophisticated threat actors, but the email security firm says impact is limited. [Read More]
FEATURES, INSIGHTS // Cyberwarfare
One can only hope our nation’s alarm clocks wake up and stir our national leaders’ imaginations before a cyber incident of the magnitude of 9/11 results in the need for a “Cyber Strikes Commission Report.”
Defenders should use their "Strategic Depth" to mitigate attacks not on the perimeter but deeper within their network where they can leverage on their strategic advantage.
The term “Tipping Point” is controversial because it has been so widely misused and loosely applied; two abuses that I often see in the cyber security marketplace.
Enemy infrastructure is and always has been an important military target. The difference is that with increasingly automated and connected infrastructure, the ability for an enemy to target these systems digitally has increased, putting these systems at greater risk.
I believe that no other nation can match the capabilities of the United States military, but at the same time, matching the level of resources and investment in cyber being made by nation states such as China could prove impossible.
The building blocks for a robust cybersecurity strategy are not uniquely different from security requirements for a traditional enterprise...
When the Chinese government states that it is not behind most of these attacks – it is possibly telling the truth. That the Chinese government has offensive cyber capabilities are not disputed. What is not a given is that all of this activity has been officially prompted or sanctioned.
It remains to be seen how the big powers will come to agree on the precise rules to govern cyber operations – currently the international legal status is uncertain, but the little players had better concentrate on improving old and developing new defensive measures.
Cyberwar, at least the type where infrastructure or actual lives are targeted and destroyed, will not just happen for the fun of it. There are consequences to any such activity, as recent policy activity and policy makers make clear.
It is because of the ambiguities and problems of definition and categorization that an International Agreement on acceptable and agreed cyber operations is the wisest and safest course of action.
Get the Daily Briefing
- Google Discloses Details of Remote Code Execution Vulnerability in Windows
- Washington Senate OKs Measure Creating State Office of Cybersecurity
- PerimeterX Banks $57 Million for Bot Protection Expansion
- GitHub Hires Mike Hanley as Chief Security Officer
- Webinar Today: Evaluating Vendor Risk With Security Ratings
- New 'LazyScripter' Hacking Group Targets Airlines
- Four Additional Threat Groups Seen Targeting Industrial Organizations in 2020
- Hackers Leak Data Stolen From Jet Maker Bombardier
- Vietnamese Hackers Target Human Rights Defenders: Amnesty
- Twitter Shuts Down Four Networks of State-Sponsored Disinformation Accounts
Copyright © 2021 Wired Business Media. All Rights Reserved. Privacy Policy