Network Security

February 1, 2021

Threat intel is a game changer, if only firms can figure out how to bake it into cyber programs

Despite increased perceptions about the value of cyber threat intelligence, many businesses and industries still struggle to define what it actually means to them: which capabilities to incorporate, and how to do the ground level planning necessary to support the telemetry and technological tools they put in place.

The post Threat intel is a game changer, if only firms can figure out how to bake it into cyber programs appeared first on SC Media.

January 29, 2021

Firms with exposed IoT have a higher concentration of other security problems

Exposed enterprise IoT devices can be an indicator of security issues to come, with firms sporting exposed devices having a 62% higher density of other security problems, new research shows. For example, companies with exposed IoT are more than 50% more likely to have email security issues, according to a new report and blog post…

The post Firms with exposed IoT have a higher concentration of other security problems appeared first on SC Media.

January 29, 2021

As SolarWinds spooks tech firms into rechecking code, some won’t like what they find

If more attacks are uncovered, end-user organizations must apply lessons learned from SolarWinds and take decisive action.

The post As SolarWinds spooks tech firms into rechecking code, some won’t like what they find appeared first on SC Media.

January 28, 2021

‘Don’t take Tom Bossert’s word on Trinity Cyber’: startup snags big-name board additions

The analyst from FireEye that discovered the SolarWinds attack and the co-founder of Tenable will join the advisory board of Trinity Cyber – contributing expertise to the company that counts former homeland security adviser Tom Bossert among its top executives.

The post ‘Don’t take Tom Bossert’s word on Trinity Cyber’: startup snags big-name board additions appeared first on SC Media.

January 27, 2021

Even dead employees pose a security risk when their accounts are still active

Ransomware attackers compromised deceased employee's account to access a domain admin account. The incident is a sad reminder of some cyber hygiene standards too often overlooked.

The post Even dead employees pose a security risk when their accounts are still active appeared first on SC Media.

January 27, 2021

‘One of the most beautiful bugs I’ve seen’: Decade-old sudo bug grants Linux root access

Cybersecurity researchers and the U.S. Cyber Command are warning users about a decade-old buffer overflow bug in sudo that can grant root access to malicious users with low level access to systems. The vulnerability, discovered by Qualys and nicknamed “Baron Samedit,” affects all versions of Linux Qualys has tested against. The glitch allows users, even…

The post ‘One of the most beautiful bugs I’ve seen’: Decade-old sudo bug grants Linux root access appeared first on SC Media.

January 26, 2021

The cyber ‘journeymen’: Apprentices may be the solution to the skills gap

Aspiring infosec professionals have the opportunity to hone their craft as companies develop talent from within, potentially with government funding, and chip away at the diversity problem.

The post The cyber ‘journeymen’: Apprentices may be the solution to the skills gap appeared first on SC Media.

January 26, 2021

Google to offer suite of new zero trust capabilities through Chrome browser

With backing from Google infrastructure and support from a host of industry partners, the features have the potential to significantly expand the footprint of zero trust solutions within industry and government.

The post Google to offer suite of new zero trust capabilities through Chrome browser appeared first on SC Media.

January 23, 2021

Sunbust avoided indicators of compromise with SolarWinds hack, but left breadcrumbs

Joe Slowik, senior security researcher at DomainTools, spoke to SC Media about how the SolarWind attackers remained undetected for so long, and how domain data could be used to weaponize network observables against sophisticated attackers.

The post Sunbust avoided indicators of compromise with SolarWinds hack, but left breadcrumbs appeared first on SC Media.