Subscribe to Email Updates

Subscribe

All about Virtualization and Cloud Security | Recent Articles:

Blockchain as an IoT Security Mechanism

Mar 31 by Bob Violino

Building more robust security for the growing Internet of Things (IoT) has been a focal point for many over the past few years. Might blockchain, the distributed ledger technology for overseeing transactions across a network over time, be an ideal solution?


Read More

Forewarned is Forearmed: Boost Your Cyber Defenses with Threat Hunting

Mar 27 by Angel Icusca

Intrusion detection, incident response, and digital forensics - these are all essential stages of managing a cyberattack. While different in nature, they all share one thing: they come after an attack has breached your systems.

Read More

Legal Sector Has a Big Problem with Intentional Data Breaches

Mar 27 by Silviu Stahie

The legal sector is a prime target for cybercriminals, and the vast majority of IT leaders in the industry consider insider threats a significant concern. 77% think employees are directly responsible for exposing valuable data by mistake.

Read More

4 Million Passwords Tied to Fortune 1000 Companies Are Available on the Dark Web, Research Shows

Mar 26 by Filip Truta

A snapshot of the breach exposure of major enterprises has revealed 23 million pairs of credentials containing Fortune 1000 corporate email addresses and plaintext passwords.

Read More

Are You Ready for Managed Detection and Response?

Mar 25 by Michael Rosen
  • Security’s challenge is matching awareness of external threats to internal goals and the ability to execute
  • Managed Detection and Response addresses key customer gaps in visibility, alerts, skills, and outcomes
  • Outsourcing security operations to a managed SOC allows internal teams to focus on higher-value projects
Read More

Tips for Safe Videoconferencing from Home

Mar 25 by Silviu Stahie

Companies have been using videoconferencing applications for a long time, so the adjustment needed to do it from home is not major. Still, many employees have been thrown into the deep end and suddenly need to master the art of videoconferencing safely.

Read More

As CIOs See Expanding Roles in Customer Experience, Security Must Keep Pace

Mar 23 by George V. Hulme

Let’s face it: CIOs are quite busy as they drive forward with their digital transformation efforts, build their DevOps teams, and continue their work to ensure that their business-technology systems are aligned with business needs — and somewhere within all of that work they have to find a way to keep these systems secure.  

Read More

Hackers Actively Exploiting Enterprise VPN Bugs Amid Covid-19 Telework Trend, says DHS

Mar 20 by Filip Truta

The Coronavirus pandemic has prompted numerous organizations to consider alternate workplaces for employees, in line with recommendations from the World Health Organization. Now the Department of Homeland Security’s (DHS) Cybersecurity & Infrastructure Security Agency (CISA) is issuing a similar alert, complete with recommendations for employers and teleworking staff.

Read More

Forrester Wave for EDR 2020: Bitdefender 'the biggest EDR vendor you haven’t considered but should have'

Bitdefender, a leading global cybersecurity company protecting over 500 million systems worldwide, has been named a “strong performer” in The Forrester Wave™: Enterprise Detection And Response, Q1 2020 report, based on its offering, strategy and market presence.

Read More

More Business Websites Hit by Credit-card Skimming Malware

Mar 19 by Graham Cluley

In the last few days it has come to light that blender manufacturer NutriBullet and guitar tuition website Truefire fell foul of hackers who planted Magecart-style malicious code on their sites which went undetected for months, stealing the credit card details and personal information from users.

Read More

40% of Fortune 1000 Companies Will Suffer a Breach Every Year, New Research Suggests

Mar 19 by Filip Truta

Over 60% of the Fortune 1000 had at least one public breach over the last decade. Things have improved in recent times, but not by much. Researchers now estimate that 40% of the firms on the list will suffer a cyber loss this year and every year after.

Read More

The New Generation of Cybersecurity Solutions: from Features to Outcomes

Mar 18 by Bogdan Carlescu

Today, businesses face a new set of challenges:

  • more aggressive cyber threats (higher exposure to risk)
  • increased attack surface
  • difficulty to find adequate security staff
  • increasing complexity of security architecture

These factors lead to an increase in the number and cost of breaches. The need has never been greater for visibility and insights into the environment, timely and effective response to advanced threats, and simplified security architecture. 

Read More

Bitdefender blocks CVE-2020-0796 ‘EternalDarkness Bug’ at Network Level

Mar 17 by Bogdan Botezatu

A new vulnerability in the SMB protocol allows an unauthenticated attacker to run arbitrary code on vulnerable computers. Bitdefender detects and blocks this type of exploitation at the network level as Exploit.SMB.CVE-2020-0796.EternalDarkness, via the Network Attack Defense module in Bitdefender GravityZone.

Read More

Infosec Pros Agree Human Skills Matter Most in a Cybersecurity Stack

Mar 17 by Filip Truta

Artificial Intelligence (AI) and Machine Learning (ML) offer considerable advantages for cybersecurity professionals, especially in the face of the technology talent gap that has left 45 percent of companies with an understaffed cybersecurity team.

Read More

5 Security Risks for Companies When Adopting Work from Home

Mar 17 by Liviu Arsene

Organizations and companies of all sizes have started adopting work-from-home practices to ensure business continuity and limit employee exposure to a potential viral infection.

Read More

As coronavirus spreads, attackers won’t let up on healthcare systems

Mar 17 by George V. Hulme

As healthcare providers and public health agencies around the world find themselves pressed at capacity to deliver care during the novel coronavirus pandemic, attackers show no signs of mercy as they still target healthcare websites and IT systems — further stressing a system already taxed as patients seek critical care.

Read More

Healthcare Cybersecurity (Part II) - Pernicious Threats and Their Ripple Effects

Cooperation between health professionals and IT staff has never been more important. The data shows it and real-life crises healthcare organizations go through prove it.

What makes healthcare such a high-value target for cybercriminals?

You’ll find the reasons are a lot more nuanced - and even surprising - than you may think.

Read More

The Protocol That's Putting Enterprise IoT At Extreme Risk

Mar 16 by Ericka Chickowski

A protocol little known by executives outside of the networking world may put the future safety of enterprise IoT at extreme risk if organizations don't take action to secure their connections. New research out last week found that the way that many large organizations are using the Long Range Wide Area Networking (LoRaWAN) protocol is making them susceptible to hacking that could cause civic disruption and even put people at risk.

Read More

Two-Thirds of Healthcare Organizations Have Suffered a Security Incident

Mar 12 by Silviu Stahie

The healthcare industry is among the most affected by security incidents, and new research shows that two-thirds of all healthcare organizations in the world have suffered a cyberattack of some form.

Read More

IT Leaders Aim to Outgun Hackers with Bigger Cybersecurity Budgets in 2020

Mar 11 by Filip Truta

More than half of IT professionals are extremely concerned about the security of corporate endpoints in the face of sophisticated attack vectors like ransomware, disruptionware, phishing and others.

Read More

Bitdefender Researchers Discover New Side-Channel Attack

Mar 10 by Shaun Donaldson
  • This new speculative-execution-based attack exploits flaws in the CPU architecture to potentially leak information from protected memory
  • Dubbed LVI-LFB (Load Value Injection in the Line Fill Buffers), this is a novel attack (CVE-2020-0551)
  • Bitdefender has developed a synthetic Proof of Concept which demonstrates the viability of this new attack
  • Existing mitigations for previous attacks, such-as Meltdown, Spectre, and MDS are not sufficient to completely remove the new vulnerability

A Brief History Leading to LVI-LFB

In 2018, two new types of microarchitectural side-channel attacks were disclosed: Meltdown and Spectre. Meltdown allows an attacker to speculatively access memory that is inaccessible, while Spectre allows an attacker to alter the branch prediction structures in order to gain speculative arbitrary code execution. In 2019, another class of microarchitectural side-channel attacks was disclosed: Microarchitectural Data Sampling, or MDS. It allows an attacker to pick-up in-flight data from various microarchitectural data structures (line fill buffers or LFBs - MFBDS, load ports - MLPDS or store buffers - MSBDS).

Read More

Passwords Remain the Main Method of Authentication and Top Cause of Data Breaches

Mar 10 by Filip Truta

The username/password combo is still the dominant method of authentication used to access business devices, apps and data. Conversely, the password is still the top attack vector for organizations of all sizes, new research shows.

Read More

Healthcare Providers Lose an Average $2.75 Million per Data Breach

Mar 09 by Filip Truta

More than half of healthcare vendors have suffered at least one breach of protected health data belonging to patients of the healthcare providers they serve, new research shows. On average, a breach exposes around 10,000 patient records and inflicts $2.75 million in damages.

Read More

Why Is Targeted Ransomware So Dangerous?

Mar 06 by Silviu Stahie

The word “ransomware” strikes fear in the hearts of chief technical officers. Their impulse in the face of an attack is to say it was random, but that’s usually not true. Targeted ransomware is the result of a complex process that involves more than just the initial infection – and it presents more challenges than a regular incident.

Read More

Securing AI: The Next Gen of Enterprise Cybersecurity

Mar 05 by Ericka Chickowski

Recently, a facial recognition vendor that consolidates billions of photos to fuel its artificial intelligence (AI) people-searching platform admitted to a major breach. On its surface, the incident is a pretty standard exposure of client list details. But scratch a little deeper and the problems inherent with the breach highlight some of the dangers and cyber risks hiding under the gigantic iceberg that is AI technology today.

Read More

20% of People Caught in Data Breaches Suffer Financial Info Leaks

Mar 04 by Silviu Stahie

A wide range of information is lost in a data breach, starting from more innocuous things like an email address to more dangerous items such as financial details. In a recent survey, 20% of the people interviewed had their financial data leaked in a data breach.

Read More

Survey Shows Most Organizations Plan to Embrace Zero Trust, yet Remain Unconfident in Ability to Implement

Mar 03 by George V. Hulme

One of the biggest weaknesses in any environment is maintaining effective authentication and authorization controls.

Read More

Cyberattack Fears Haunt State Employees More Than Natural Disasters and Terrorist Attacks

Mar 02 by Filip Truta

Fewer than one in four city employees receive cyber training related to ransomware threats as budgets for managing cyberattacks have stagnated across U.S. state institutions.

Read More

Cloud Security




Subscribe to Blog Updates

Posts by Categories

Latest Tweets