User and service accounts that are inactive and enabled (“ghost users”) are prime targets for penetration and lateral movement, researchers say. But adversaries also have a different breed of user accounts in their crosshairs: accounts with non-expiring passwords.
All about Virtualization and Cloud Security | Recent Articles:
‘Ghost Users’ and Non-Expiring Passwords a Major Security Issue for Most Businesses
We’ve been hearing a lot about the cyber security skills shortage for several years now, and a recent study documents just how severe the shortage is and the impact it is having on many organizations.
Could blockchain play a major role in cyber security and risk management efforts at organizations? The jury is still out. But it’s clear that blockchain—defined as a “single version of the truth” made possible by an immutable and secure time-stamped ledger—continues to garner interest among businesses in a variety of industries.
Most cybersecurity roles are still filled by men and pay disparity is still an issue. However, women now account for 24% of the cybersecurity workforce and are more likely to be promoted to senior positions than men.
EternalBlue Still Infecting Endpoints as Businesses Fail to Upgrade Systems or Apply Patches
A dangerous exploit that has helped criminals carry out several major cyber attacks in the past two years continues to infect vulnerable endpoints, new research indicates.
Could critical infrastructure attacks be making a comeback? Or did these invisible threats never leave in the first place? Extensive research reveals that as many as four threat actors many have been involved in creating Stuxnet, the sophisticated computer worm that demolished Iran’s nuclear infrastructure in 2007. In light of recent discoveries about similarities in malware samples, cyberespionage appears to be a growing threat that can hide for years before its discovered.
Private users are not the only ones excited about IoT technology and gadgets in everyday activity the countless growth opportunities in the area. A number of companies, organizations and even public institutions have turned to connected devices to build more sustainable, automated infrastructures, but device reliability, data security delivery and privacy still must still be addressed.
AI and Automation Seen as Silver Bullet in Overcoming Cybersecurity Skill Gap, Survey Finds
There’s been a lot of focus lately on the best ways to safeguard corporate networks and fend off targeted attacks, and on total cost of ownership. But CISOs worldwide are struggling with an even worse problem that greatly affects their companies long-term: a widening cybersecurity talent shortage.
As we covered in part one, there’s tremendous investment underway in healthcare IT and the industry is innovating every step along the way of patient care and records management, or it soon will be. And the result is that as hospitals grow more efficient and deliver care more effectively, it will help better contain healthcare cost increases. But it must be done securely.
Why Ransomware Continues to Be an Immensely Profitable Business for Bad Actors
Ransomware, arguably the most efficient malware used by cybercrooks in recent years, continues to wreak havoc on a global scale, affecting everyone and everything, from regular Internet users to enterprises to critical infrastructures. So why do hackers still win?
In the past decade, we've witnessed amazing advancements in medicine. Our lives are being not only enhanced but extended as new treatments, medications, and technologies come to market every month. Still, it's not just medical abilities that are rapidly improving; it's also the technology that drives the management and delivery of healthcare. This includes everything from the technology now behind a simple visit to the doctor’s office, new healthcare devices, and monitoring technologies, to the electronic sharing of patient medical information among far-flung doctors and specialists.
DHS, FBI Alert: North Korean Backdoor Trojan HOPLIGHT Detected in the Wild, Linked to Lazarus
HOPLIGHT, a critical backdoor Trojan linked to North Korean APT group Lazarus, has been found in the wild, warn the FBI and the Department of Homeland Security in a new malware analysis report.
Cyber-attacks and threat actors have become more numerous and more sophisticated, creating new threats that lurk unseen, ready to wreak havoc on Security Operations Centers. The stakes are high: cybercrime costs climbed 12% last year to $13 million per company.
Incidents like the attack on Norsk Hydro are expected to grow more common, according to a survey on cybersecurity trends in industries using industrial control systems (ICS) and operational technology (OT).
- VMware NSX-T Data Center 2.4 release now includes Guest Introspection services via agentless endpoint protection.
- Bitdefender GravityZone Security for Virtualized Environment (SVE) is the first, and currently the only, security vendor that integrates NSX-T Guest Introspection.
- If you are upgrading to NSX-T Bitdefender solves real operational challenges for highly-dense, large scale datacenter deployments.
Senator Elizabeth Warren Proposes Holding Negligent Executives Criminally Liable for Data Breaches
Senator Elizabeth Warren is proposing an amendment that would establish criminal liability for negligent executive officers of major corporations.
CISOs Latest Dilemma: How to Make the Most Out of Your Endpoint Security Solutions with Understaffed Teams
While digital transformation and the e-commerce bubble in late '90s have reshaped the way companies do business, increasingly sophisticated cyber-attacks call for immediate and sometimes overly complex defenses. Security tool vendors have been more than willing to provide an ever expanding array of tools and technologies, many with dubious value.
Healthcare organizations are still looking for a cybersecurity cure or at the very least an effective security management regimen. As we covered recently, Healthcare continues to be a prime target for cyber attacks. That post was based on a survey conducted by the non-profit global advisory organization HIMSS and found that most healthcare organizations had experienced a significant security incident in the previous year.
Stark Disconnect Between Strategy and Execution as Companies Fail to Prioritize Protecting Business-Critical Apps
Most enterprises are aware that business disruption carries heavy costs, but still they fail to prioritize the security of business-critical applications.
Manage Cybersecurity Efforts to Mitigate Your Enterprise Risks: Not To Established Controls
When it comes to managing cybersecurity risks, too many enterprises today remain focused on doing little more than making sure their baseline compliance and security controls are in place. They’ll check the boxes: Passwords more than 8 characters with two numbers and a special character? Check. Firewall? Check. VPN? Check. Antimalware? Check.
Cloud Security
Subscribe to Blog Updates
Posts by Categories
- Advanced Persistent Threat (4)
- APT (4)
- artificial intelligence (2)
- biometrics authentication (1)
- botnet (1)
- breach (3)
- bug bounty (1)
- business sabotage (1)
- business security (4)
- BYOD (28)
- CIO (12)
- CIRA 2020 Cybersecurity Report (1)
- CISO (16)
- cloud breach (1)
- cloud misconfiguration (2)
- Cloud Security (120)
- cloud-based apps (1)
- connected care (1)
- container security (1)
- corporate hijacking (3)
- covid-19 (2)
- credit card (3)
- cryptocurrency (7)
- cryptojacking (8)
- cryptomining (4)
- cyber insurance (2)
- Cyber Security Awareness Month (5)
- cyber threats (1)
- cyber-attack (10)
- cybersecurity awareness (26)
- data breach (30)
- data breaches (1)
- Data Protection (75)
- data protection act (3)
- datacenter (3)
- DevOps (10)
- EDR (5)
- Elasticsearch server (1)
- endpoint detection and response (1)
- Endpoint Protection & Management (18)
- Enterprise Security (424)
- Equifax (2)
- Events (4)
- FBI (1)
- financial services (15)
- garter (1)
- GDPR (21)
- General Data Protection Regulation (4)
- government alert (1)
- Healthcare (20)
- honeypot (1)
- HVI (1)
- hyperconverged infrastructure (1)
- hypervisor (15)
- hypervisor introspection (11)
- identity theft (4)
- Industries (33)
- insider threats (14)
- Integration (2)
- IoT (13)
- IoT botnet (2)
- IoT, Policy, security (9)
- IT Compliance & Regulations (32)
- Linux (1)
- Machine Learning (7)
- malware, threats (14)
- managed detection and response (1)
- managed services provider (3)
- memory introspection (12)
- Microsoft (3)
- misconfigured servers (1)
- mobile security (1)
- MSP (3)
- Network Protection (12)
- online sabotage (1)
- phishing (2)
- power grid (4)
- ransomware (9)
- ransomware, HVI (3)
- remote work (7)
- report (1)
- security (2)
- Security as a Service (15)
- Security Threats (61)
- SMB Security (44)
- Software-defined-datacenter (5)
- telecommunications (2)
- unsecure database (1)
- Virtualization & Data Center Security (70)
- vulnerability disclosure policy (1)
- WDATP (1)
- wfh (2)
Latest Tweets
Tweets by @Bitdefender_EntPosts by Month
- January 2021 (6)
- December 2020 (31)
- November 2020 (33)
- October 2020 (39)
- September 2020 (26)
- August 2020 (29)
- July 2020 (34)
- June 2020 (40)
- May 2020 (33)
- April 2020 (31)
- March 2020 (28)
- February 2020 (23)
- January 2020 (26)
- December 2019 (28)
- November 2019 (24)
- October 2019 (28)
- September 2019 (19)
- August 2019 (17)
- July 2019 (23)
- June 2019 (15)
- May 2019 (17)
- April 2019 (20)
- March 2019 (19)
- February 2019 (20)
- January 2019 (19)
- December 2018 (19)
- November 2018 (23)
- October 2018 (22)
- September 2018 (22)
- August 2018 (23)
- July 2018 (24)
- June 2018 (22)
- May 2018 (28)
- April 2018 (23)
- March 2018 (22)
- February 2018 (19)
- January 2018 (19)
- December 2017 (13)
- November 2017 (17)
- October 2017 (19)
- September 2017 (18)
- August 2017 (16)
- July 2017 (17)
- June 2017 (16)
- May 2017 (17)
- April 2017 (15)
- March 2017 (16)
- February 2017 (13)
- January 2017 (14)
- December 2016 (11)
- November 2016 (14)
- October 2016 (11)
- September 2016 (10)
- August 2016 (15)
- July 2016 (12)
- June 2016 (15)
- May 2016 (10)
- April 2016 (13)
- March 2016 (15)
- February 2016 (14)
- January 2016 (6)
- December 2015 (6)
- November 2015 (9)
- October 2015 (8)
- September 2015 (11)
- August 2015 (8)
- July 2015 (10)
- June 2015 (3)
- May 2015 (8)
- April 2015 (6)
- March 2015 (5)
- February 2015 (7)
- January 2015 (8)
- December 2014 (8)
- November 2014 (9)
- October 2014 (8)
- September 2014 (9)
- August 2014 (9)
- July 2014 (8)
- June 2014 (8)
- May 2014 (6)
- April 2014 (8)
- March 2014 (5)