Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

The CEO of Colonial Pipeline has defended his decisions to abruptly halt fuel distribution for much of the East Coast and pay millions to a criminal gang in Russia as he faced down one of the most disruptive ransomware attacks in U.S. history. [Read More]
SAP releases patches for a total of 11 security flaws in NetWeaver, five of which are rated high-severity. [Read More]
Patch Tuesday takes on extra urgency this month with the news that at least six previously undocumented vulnerabilities are being actively exploited in the wild. [Read More]
Adobe's June batch of security patches address a swathe of potentially dangerous vulnerabilities in Adobe Acrobat and Reader, Adobe Photoshop, and the ever-present Adobe Creative Cloud Desktop Application. [Read More]
Navistar International Corporation confirms data stolen in cyberattack that affected some operations. [Read More]
Palo Alto researchers document a new malware that leverages Windows container escape techniques and can achieve code execution on the node and spread to entire Kubernetes clusters. [Read More]
Attributed to the state-sponsored threat actor tracked as APT28/Fancy Bear, the implant lacks sophistication but is fully functional. [Read More]
In an open letter, the White House encourages corporate executives and business leaders to take critical steps to protect organizations and the American public against ransomware. [Read More]
Two members of the notorious Carbanak cybercrime syndicate were sentenced to 8 years in prison, Kazakhstani authorities announced this week. [Read More]
Cisco issues fixes for a wide range of gaping security holes, including three high-risk vulnerabilities in the widely deployed Webex product line. [Read More]

FEATURES, INSIGHTS // Malware

rss icon

Derek Manky's picture
Each side of the public-private collaboration has resources and capabilities that shore up the other and increase effectiveness in combatting cybercrime.
Tim Bandos's picture
The ransomware threat could still become more pervasive over the next two to three years, not because ransomware is effective in and of itself but because of other players in the game continue to fan the flames.
Derek Manky's picture
2020 has taught us to revisit the practice of inspecting encrypted traffic. These are all standard security protocols to step up in light of what cybercriminals are doing now.
Joshua Goldfarb's picture
Playing whack-a-mole with malicious code infections, phishing sites, and compromised credentials won’t help an enterprise reduce losses due to fraud.
Torsten George's picture
Ransomware is just one of many tactics, techniques, and procedures (TTPs) that threat actors are using to attack organizations by compromising remote user devices.
John Maddison's picture
Intent-based segmentation, deception technology, and an integrated security fabric are essential tools in beating malware designed to avoid detection and analysis.
Justin Fier's picture
The origin story of Mimikatz — a post-exploitation module that has enabled criminals to steal millions of passwords around the world — reads like an over-the-top spy thriller.
Siggi Stefnisson's picture
The truth is that quite a lot of malware is developed by an organization—an actual office of people that show up and spend their working day writing malware for a paycheck.
Erin O’Malley's picture
When ransomware strikes, there aren’t many options for response and recovery. Essentially, you can choose your own adventure and hope for the best.
Siggi Stefnisson's picture
History shows that, in security, the next big thing isn’t always an entirely new thing. We have precedents—macro malware existed for decades before it really became a “thing.”