A group of security researchers from German universities has devised a new class of web cache poisoning attacks that could render victim services unreachable. [Read More]
Several major tech and cybersecurity firms launch the Operational Technology Cyber Security Alliance (OTCSA), which aims to help organizations address OT security challenges. [Read More]
A group of cybersecurity companies launch the Open Cybersecurity Alliance (OCA), a joint effort focused on the development of open source security technologies. [Read More]
Threat intelligence firm Anomali unveils Lens, a new tool that makes it easy for organizations to find and use threat data from news articles, blogs, security bulletins, logs and social networks. [Read More]
A new report from the United States Government Accountability Office (GAO) shows that the Department of Energy (DOE) has yet to fully analyze the electric grid cybersecurity risks. [Read More]
Microsoft will continue to provide some Windows 7 machines with security updates beyond the January 2020 end-of-support date, and voting systems are among them. [Read More]
Data science and machine learning models can assess large groups of cyber threats to find the subtle traits they have in common to better protect organizations.
While we must continue to use defensive technologies because they help address the level of white noise that has become part of the cost to operate in our hyper-connected, digitized world, we can’t stop there.
There are many contextual details that differentiate cyber threat information from threat intelligence. Only with the proper context can data be considered intelligence, rather than simply information.
Taking a look at security from a different vantage point that allows us to correlate activity by user, rather than by system alone gives us a very different perspective.
When vendors and individuals attempt to keep threat intelligence private, they limit the ability of the entire group to identify and mitigate new threats as they are developed and launched against organizations.
Rather than proceed step by step through the process of building and maturing a security operations function, security teams often want to move immediately into very advanced topics.
Without a solid base in knowing who you are as a target and what’s going on around you at all times, everything else you do is essentially a half-measure.