Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

UK-based TalkTalk, a telecommunications and broadband company, confirmed that it has suffered a data breach, which names, phone numbers, addressees and account numbers of its customers were exposed to malicious actors.
Attackers are using Windows Management Instrumentation (WMI) and PowerShell to avoid detection and carry out broad commands on compromised systems, according to FireEye-owned Mandiant.
Sqrrl, a Cambridge, Mass.-based big data analytics startup with roots linked back to the NSA, announced that it has secured $7 million in a Series B founding round.
Industry professionals applauded the steps by the White House to promote cyber threat information sharing, but an executive order can only go so far and more is needed than just information sharing to combat sophisticated cyber attacks, experts said.
Register for this webcast to learn how you can align, automate and enforce controls to security and compliance policies - while providing visualization, workflow and reporting critical to improving operational efficiency and reducing audit costs.
An an outage at Facebook on Jan. 26 was not the result of a third party attack, Facebook said, but occurred after the company introduced a change that affected its configuration systems.
Elites at the World Economic Forum in Davos were warned Saturday of the terrifying possibilities of modern cyber terrorism.
The US is staying silent on whether it launched a cyber attack as payback for the hacking of Sony Pictures.
North Korea appeared to have been hit by Internet outages, reports said Monday, just days after US President Barack Obama warned Washington would retaliate for a cyber attack on Sony Pictures blamed on Pyongyang.
US-CERT provided a list of the Indicators of Compromise (IOCs) that should be added to network security solutions to determine whether they are present on a network.

FEATURES, INSIGHTS // Incident Management

rss icon

Rafal Los's picture
As a security professional you must know the three categories of threats your organization faces, how to respond to each — and how to expend your resources.
Torsten George's picture
Massive data breaches are raising doubts about whether organizations are investing their security dollars in the right areas.
Danelle Au's picture
A data breach plan lays out the key steps and the key personnel to involve when a data breach happens, and needs to incorporate three elements.
Joshua Goldfarb's picture
At a high level, "big data" and "security analytics" are about the two very different, somewhat diametrically opposed, but equally important concepts of collection and analysis.
Joshua Goldfarb's picture
Asking the right questions is one of the most important and fundamental aspects of a successful security program, and allows security teams to approach challenges analytically and logically.
Jon-Louis Heimerl's picture
Based on high level review of the types of breaches we have seen over the past year, we should be able to see opportunities to make our environments more resilient to attack.
James McFarlin's picture
If North Korea is connected to the Sony attacks, it would be an archetypal example of such a weaker state using cyber operations to level the playing field in potential confrontations with the United States.
Joshua Goldfarb's picture
In resource-limited environments, every alert counts. Spear alerting is an approach that can help organizations improve their signal-to-noise ratio and make their security programs much more efficient and effective.
James McFarlin's picture
Was the plan by the Securities Industry and Financial Markets Association (SIFMA) to create a new inter-agency working group comprised of data security regulators a reaction to the recent acceleration of nationwide data breaches?
Joshua Goldfarb's picture
Because of the large volume of even the highest priority alerts, analysts are not able to successfully review each event. And with a large number of false positives, analysts become desensitized to alerts and do not take them seriously.