Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Cyberattacks that hit several Texas cities have put other local governments on guard, offering the latest evidence that hackers can halt routine operations by locking up computers and public records and demanding ransoms. [Read More]
Sensitive data from a nuclear power plant in Ukraine was exposed due to an illegal cryptocurrency mining operation run by workers. [Read More]
The cybercriminals behind the recent ransomware incident that impacted over 20 local governments in Texas are apparently demanding $2.5 million. [Read More]
A Ruby software package that contained a malicious backdoor has been removed from the Ruby Gems repository after compromising over ten libraries. [Read More]
AWS has reached out to customers reportedly targeted by the Capital One hacker, but says none of them reported any significant issues. [Read More]
A ransomware attack hit 23 local government entities in Texas last week, the Texas Department of Information Resources (DIR) has revealed. [Read More]
Iowa grocery chain Hy-Vee is warning customers about a security incident involving some of its payment card systems. [Read More]
Several major industrial and automation solutions providers have responded to the Wind River VxWorks vulnerabilities dubbed Urgent/11. [Read More]
Leaders of House and Senate committees want Capital One and Amazon to explain how a hacker accessed information on more than 100 million Capital One credit card customers and applicants. [Read More]
Tom Kellermann agues that defenders need to recognize the new reality and to start thinking about a modern persistent cognitive attack loop rather than a linear attack chain. [Read More]

FEATURES, INSIGHTS // Incident Response

rss icon

Gunter Ollmann's picture
As malware writers harness AI for cybercrime, the security industry must push forward with a new generation of dissection and detonation technologies to prepare for this coming wave.
Josh Lefkowitz's picture
It can be difficult for teams to determine how to obtain and incorporate data from encrypted chat service platforms into their collection strategies in a meaningful way.
Torsten George's picture
The anatomy of a hack has been glorified and led to the common belief that data breaches typically exploit zero-day vulnerabilities and require a tremendous amount of code sophistication.
Marc Solomon's picture
You need a way to ensure your threat hunting efforts are focused on high-risk threats and that the team is operating efficiently since time is the enemy.
Marc Solomon's picture
As a security professional, wouldn’t it be great to be able to focus on one thing at a time and know you’re focused on the right things to protect the organization?
Marc Solomon's picture
Most organizations have more intelligence than they know what to do with. What’s lacking is a way to aggregate all this data in one manageable location where it can be translated into a uniform format for analysis and action.
Jalal Bouhdada's picture
In the event of a cybersecurity incident in an industrial environment, you should follow a well-established seven step response process.
Marc Solomon's picture
How do we break this wasteful cycle and enable teams and technologies to reduce instances of false positives? The answer lies in prioritization and learning.
Stan Engelbrecht's picture
By highlighting phishing, which causes so many headaches for all us security professionals, you can see just how much of a game-changer automation can be for any SOC or CSIRT.
Marc Solomon's picture
Adversaries are increasingly masterful at taking advantage of these seams between technologies and teams to infiltrate organizations and remain below the radar.