User and service accounts that are inactive and enabled (“ghost users”) are prime targets for penetration and lateral movement, researchers say. But adversaries also have a different breed of user accounts in their crosshairs: accounts with non-expiring passwords.
We’ve been hearing a lot about the cyber security skills shortage for several years now, and a recent study documents just how severe the shortage is and the impact it is having on many organizations.
Could blockchain play a major role in cyber security and risk management efforts at organizations? The jury is still out. But it’s clear that blockchain—defined as a “single version of the truth” made possible by an immutable and secure time-stamped ledger—continues to garner interest among businesses in a variety of industries.
Most cybersecurity roles are still filled by men and pay disparity is still an issue. However, women now account for 24% of the cybersecurity workforce and are more likely to be promoted to senior positions than men.
A dangerous exploit that has helped criminals carry out several major cyber attacks in the past two years continues to infect vulnerable endpoints, new research indicates.
Could critical infrastructure attacks be making a comeback? Or did these invisible threats never leave in the first place? Extensive research reveals that as many as four threat actors many have been involved in creating Stuxnet, the sophisticated computer worm that demolished Iran’s nuclear infrastructure in 2007. In light of recent discoveries about similarities in malware samples, cyberespionage appears to be a growing threat that can hide for years before its discovered.
Private users are not the only ones excited about IoT technology and gadgets in everyday activity the countless growth opportunities in the area. A number of companies, organizations and even public institutions have turned to connected devices to build more sustainable, automated infrastructures, but device reliability, data security delivery and privacy still must still be addressed.
There’s been a lot of focus lately on the best ways to safeguard corporate networks and fend off targeted attacks, and on total cost of ownership. But CISOs worldwide are struggling with an even worse problem that greatly affects their companies long-term: a widening cybersecurity talent shortage.
As we covered in part one, there’s tremendous investment underway in healthcare IT and the industry is innovating every step along the way of patient care and records management, or it soon will be. And the result is that as hospitals grow more efficient and deliver care more effectively, it will help better contain healthcare cost increases. But it must be done securely.
Ransomware, arguably the most efficient malware used by cybercrooks in recent years, continues to wreak havoc on a global scale, affecting everyone and everything, from regular Internet users to enterprises to critical infrastructures. So why do hackers still win?
In the past decade, we've witnessed amazing advancements in medicine. Our lives are being not only enhanced but extended as new treatments, medications, and technologies come to market every month. Still, it's not just medical abilities that are rapidly improving; it's also the technology that drives the management and delivery of healthcare. This includes everything from the technology now behind a simple visit to the doctor’s office, new healthcare devices, and monitoring technologies, to the electronic sharing of patient medical information among far-flung doctors and specialists.
HOPLIGHT, a critical backdoor Trojan linked to North Korean APT group Lazarus, has been found in the wild, warn the FBI and the Department of Homeland Security in a new malware analysis report.
Cyber-attacks and threat actors have become more numerous and more sophisticated, creating new threats that lurk unseen, ready to wreak havoc on Security Operations Centers. The stakes are high: cybercrime costs climbed 12% last year to $13 million per company.
Incidents like the attack on Norsk Hydro are expected to grow more common, according to a survey on cybersecurity trends in industries using industrial control systems (ICS) and operational technology (OT).
- VMware NSX-T Data Center 2.4 release now includes Guest Introspection services via agentless endpoint protection.
- Bitdefender GravityZone Security for Virtualized Environment (SVE) is the first, and currently the only, security vendor that integrates NSX-T Guest Introspection.
- If you are upgrading to NSX-T Bitdefender solves real operational challenges for highly-dense, large scale datacenter deployments.
Senator Elizabeth Warren is proposing an amendment that would establish criminal liability for negligent executive officers of major corporations.
While digital transformation and the e-commerce bubble in late '90s have reshaped the way companies do business, increasingly sophisticated cyber-attacks call for immediate and sometimes overly complex defenses. Security tool vendors have been more than willing to provide an ever expanding array of tools and technologies, many with dubious value.
Healthcare organizations are still looking for a cybersecurity cure or at the very least an effective security management regimen. As we covered recently, Healthcare continues to be a prime target for cyber attacks. That post was based on a survey conducted by the non-profit global advisory organization HIMSS and found that most healthcare organizations had experienced a significant security incident in the previous year.
Most enterprises are aware that business disruption carries heavy costs, but still they fail to prioritize the security of business-critical applications.
When it comes to managing cybersecurity risks, too many enterprises today remain focused on doing little more than making sure their baseline compliance and security controls are in place. They’ll check the boxes: Passwords more than 8 characters with two numbers and a special character? Check. Firewall? Check. VPN? Check. Antimalware? Check.
