Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Hackers breached Microsoft email services (Outlook.com, Hotmail, MSN) and accessed user accounts after compromising a support agent’s credentials. [Read More]
Matrix.org, an open source project for secure and decentralized communications, had its systems hacked and its website defaced. The hacker then revealed the security issues he found. [Read More]
Feedback Friday: Industry professionals comment on the news that the group behind the Triton/Trisis malware has hit an additional critical infrastructure facility. [Read More]
The tools and TTPs used by the threat group behind the Triton/Trisis malware show that the hackers are focused on maintaining access to compromised systems. [Read More]
Minnesota Department of Human Services officials say a data breach at the agency may have exposed the personal information of about 11,000 people. [Read More]
Malicious code designed to steal payment card data was present for over 4 months on the website of AeroGrow, the company that makes the AeroGarden smart countertop gardens. [Read More]
German chemicals giant Bayer confirmed reports it had suffered a hacking attack, but insisted that so far no data appeared to have been stolen. [Read More]
Two companies exposed more than 540 million records containing information on Facebook users and their activities via unprotected AWS S3 buckets. [Read More]
Georgia Tech says someone gained unauthorized access to a database storing the details of 1.3 million people. The breach occurred in December 2018, but it was only discovered in late March. [Read More]
The details of up to 3.1 million Toyota customers in Japan may have been stolen as a result of a security breach at a sales subsidiary. This is the second incident reported by the carmaker in recent weeks. [Read More]

FEATURES, INSIGHTS // Incident Response

rss icon

Marc Solomon's picture
Like the teams that progress through to the NCAA National Championship, you’ve now pared down “the threat landscape” to “your threat landscape” and set yourself up for success.
Gunter Ollmann's picture
As malware writers harness AI for cybercrime, the security industry must push forward with a new generation of dissection and detonation technologies to prepare for this coming wave.
Josh Lefkowitz's picture
It can be difficult for teams to determine how to obtain and incorporate data from encrypted chat service platforms into their collection strategies in a meaningful way.
Torsten George's picture
The anatomy of a hack has been glorified and led to the common belief that data breaches typically exploit zero-day vulnerabilities and require a tremendous amount of code sophistication.
Marc Solomon's picture
You need a way to ensure your threat hunting efforts are focused on high-risk threats and that the team is operating efficiently since time is the enemy.
Marc Solomon's picture
As a security professional, wouldn’t it be great to be able to focus on one thing at a time and know you’re focused on the right things to protect the organization?
Marc Solomon's picture
Most organizations have more intelligence than they know what to do with. What’s lacking is a way to aggregate all this data in one manageable location where it can be translated into a uniform format for analysis and action.
Jalal Bouhdada's picture
In the event of a cybersecurity incident in an industrial environment, you should follow a well-established seven step response process.
Marc Solomon's picture
How do we break this wasteful cycle and enable teams and technologies to reduce instances of false positives? The answer lies in prioritization and learning.
Stan Engelbrecht's picture
By highlighting phishing, which causes so many headaches for all us security professionals, you can see just how much of a game-changer automation can be for any SOC or CSIRT.