Building more robust security for the growing Internet of Things (IoT) has been a focal point for many over the past few years. Might blockchain, the distributed ledger technology for overseeing transactions across a network over time, be an ideal solution?
Intrusion detection, incident response, and digital forensics - these are all essential stages of managing a cyberattack. While different in nature, they all share one thing: they come after an attack has breached your systems.
The legal sector is a prime target for cybercriminals, and the vast majority of IT leaders in the industry consider insider threats a significant concern. 77% think employees are directly responsible for exposing valuable data by mistake.
A snapshot of the breach exposure of major enterprises has revealed 23 million pairs of credentials containing Fortune 1000 corporate email addresses and plaintext passwords.
- Security’s challenge is matching awareness of external threats to internal goals and the ability to execute
- Managed Detection and Response addresses key customer gaps in visibility, alerts, skills, and outcomes
- Outsourcing security operations to a managed SOC allows internal teams to focus on higher-value projects
Companies have been using videoconferencing applications for a long time, so the adjustment needed to do it from home is not major. Still, many employees have been thrown into the deep end and suddenly need to master the art of videoconferencing safely.
Let’s face it: CIOs are quite busy as they drive forward with their digital transformation efforts, build their DevOps teams, and continue their work to ensure that their business-technology systems are aligned with business needs — and somewhere within all of that work they have to find a way to keep these systems secure.
The Coronavirus pandemic has prompted numerous organizations to consider alternate workplaces for employees, in line with recommendations from the World Health Organization. Now the Department of Homeland Security’s (DHS) Cybersecurity & Infrastructure Security Agency (CISA) is issuing a similar alert, complete with recommendations for employers and teleworking staff.
Bitdefender, a leading global cybersecurity company protecting over 500 million systems worldwide, has been named a “strong performer” in The Forrester Wave™: Enterprise Detection And Response, Q1 2020 report, based on its offering, strategy and market presence.
In the last few days it has come to light that blender manufacturer NutriBullet and guitar tuition website Truefire fell foul of hackers who planted Magecart-style malicious code on their sites which went undetected for months, stealing the credit card details and personal information from users.
Over 60% of the Fortune 1000 had at least one public breach over the last decade. Things have improved in recent times, but not by much. Researchers now estimate that 40% of the firms on the list will suffer a cyber loss this year and every year after.
Today, businesses face a new set of challenges:
- more aggressive cyber threats (higher exposure to risk)
- increased attack surface
- difficulty to find adequate security staff
- increasing complexity of security architecture
These factors lead to an increase in the number and cost of breaches. The need has never been greater for visibility and insights into the environment, timely and effective response to advanced threats, and simplified security architecture.
A new vulnerability in the SMB protocol allows an unauthenticated attacker to run arbitrary code on vulnerable computers. Bitdefender detects and blocks this type of exploitation at the network level as Exploit.SMB.CVE-2020-0796.EternalDarkness, via the Network Attack Defense module in Bitdefender GravityZone.
Artificial Intelligence (AI) and Machine Learning (ML) offer considerable advantages for cybersecurity professionals, especially in the face of the technology talent gap that has left 45 percent of companies with an understaffed cybersecurity team.
Organizations and companies of all sizes have started adopting work-from-home practices to ensure business continuity and limit employee exposure to a potential viral infection.
As healthcare providers and public health agencies around the world find themselves pressed at capacity to deliver care during the novel coronavirus pandemic, attackers show no signs of mercy as they still target healthcare websites and IT systems — further stressing a system already taxed as patients seek critical care.
Cooperation between health professionals and IT staff has never been more important. The data shows it and real-life crises healthcare organizations go through prove it.
What makes healthcare such a high-value target for cybercriminals?
You’ll find the reasons are a lot more nuanced - and even surprising - than you may think.
A protocol little known by executives outside of the networking world may put the future safety of enterprise IoT at extreme risk if organizations don't take action to secure their connections. New research out last week found that the way that many large organizations are using the Long Range Wide Area Networking (LoRaWAN) protocol is making them susceptible to hacking that could cause civic disruption and even put people at risk.
The healthcare industry is among the most affected by security incidents, and new research shows that two-thirds of all healthcare organizations in the world have suffered a cyberattack of some form.
More than half of IT professionals are extremely concerned about the security of corporate endpoints in the face of sophisticated attack vectors like ransomware, disruptionware, phishing and others.
- This new speculative-execution-based attack exploits flaws in the CPU architecture to potentially leak information from protected memory
- Dubbed LVI-LFB (Load Value Injection in the Line Fill Buffers), this is a novel attack (CVE-2020-0551)
- Bitdefender has developed a synthetic Proof of Concept which demonstrates the viability of this new attack
- Existing mitigations for previous attacks, such-as Meltdown, Spectre, and MDS are not sufficient to completely remove the new vulnerability
A Brief History Leading to LVI-LFB
In 2018, two new types of microarchitectural side-channel attacks were disclosed: Meltdown and Spectre. Meltdown allows an attacker to speculatively access memory that is inaccessible, while Spectre allows an attacker to alter the branch prediction structures in order to gain speculative arbitrary code execution. In 2019, another class of microarchitectural side-channel attacks was disclosed: Microarchitectural Data Sampling, or MDS. It allows an attacker to pick-up in-flight data from various microarchitectural data structures (line fill buffers or LFBs - MFBDS, load ports - MLPDS or store buffers - MSBDS).
The username/password combo is still the dominant method of authentication used to access business devices, apps and data. Conversely, the password is still the top attack vector for organizations of all sizes, new research shows.
More than half of healthcare vendors have suffered at least one breach of protected health data belonging to patients of the healthcare providers they serve, new research shows. On average, a breach exposes around 10,000 patient records and inflicts $2.75 million in damages.
The word “ransomware” strikes fear in the hearts of chief technical officers. Their impulse in the face of an attack is to say it was random, but that’s usually not true. Targeted ransomware is the result of a complex process that involves more than just the initial infection – and it presents more challenges than a regular incident.
Recently, a facial recognition vendor that consolidates billions of photos to fuel its artificial intelligence (AI) people-searching platform admitted to a major breach. On its surface, the incident is a pretty standard exposure of client list details. But scratch a little deeper and the problems inherent with the breach highlight some of the dangers and cyber risks hiding under the gigantic iceberg that is AI technology today.
A wide range of information is lost in a data breach, starting from more innocuous things like an email address to more dangerous items such as financial details. In a recent survey, 20% of the people interviewed had their financial data leaked in a data breach.
One of the biggest weaknesses in any environment is maintaining effective authentication and authorization controls.
Fewer than one in four city employees receive cyber training related to ransomware threats as budgets for managing cyberattacks have stagnated across U.S. state institutions.
