Subscribe to Email Updates


All about Virtualization and Cloud Security | Recent Articles:

Compromised Employee Accounts Inflicted the Costliest Data Breaches Over the Past Year

Jul 31 by Filip Truta

A global study on the financial impact of data breaches revealed this week that cyber incidents cost companies $3.86 million per breach on average, and that compromised employee accounts were the most expensive root cause.

Read More

Bitdefender Releases Landmark Open Source Software project - Hypervisor-based Memory Introspection

Jul 30 by Shaun Donaldson
  • Bitdefender contributes unique technology to the open-source community 
  • Hypervisor-based Memory Introspection (HVMI) is a sub-project of Xen Project 
  • We continue commercial support of GravityZone Hypervisor Introspection  

Bitdefender Hypervisor Introspection has been in a class of its own since the solution was launched. The gist of it is this  get ahead of the results of an attack (malware in general; ransomware being a timely example) by using APIs within hypervisors – based on CPU instructions - to gain access to raw memory events within running virtual machines and apply security logic by taking advantage of the role of hypervisors in the workload stack to stop attacks. 

Read More

92% of Security Teams Lack the Tools Needed to Close Security Gaps, Research Shows

Jul 30 by Filip Truta

A global survey of IT professionals reveals that the vast majority of organizations lack tools to detect known security threats and close existing security gaps. More than half of IT pros indicated their security program lacks proper executive support.

Read More

Enterprises See Rise in Data Breach Costs, Shift in Security Spending Focus

Jul 29 by George V. Hulme

A study of more than 5,500 companies within eight countries found that businesses affected by cyber incidents witnessed their losses rise from $10,000 per incident to $57,000.

Read More

Study Links Cybersecurity Directly to Employee Stress and Exhaustion

Jul 28 by Silviu Stahie

A new study looked at why people make cybersecurity mistakes that can easily lead to breaches and other major events. It turns out that it's not a question of “if” but of “when,” as most people make mistakes during their tenure in any company. 

Read More

CISOs Who Close Critical Skills Gaps Stand the Best Chance of Minimizing the Impact of Cyberattacks

Jul 28 by Filip Truta

CISOs who reduce or close their critical IT departments’ skills gaps have the highest probability of minimizing the business impact of cyberattacks – even when budgets and staffing are constrained, according to a SANS Institute study.

Read More

Over 1000 Twitter Staff and Contractors Had Access to Internal Tools that Helped Hackers Hijack Accounts

Jul 27 by Graham Cluley

As Twitter and law enforcement agencies investigate the high profile attack that saw a number of public figures' accounts hacked to spew out a cryptocurrency scam, there is a clear lesson for other businesses to learn.

Read More

Poor Privacy Practices Sharply Boost Likelihood of a Data Breach, Study Shows

Jul 27 by Filip Truta

Companies that don’t change their perception about data protection are increasing their odds of suffering a data breach by a whopping 80% and, in the event of a breach, will face fines seven times larger than companies with the best scores, according to a new report.

Read More

Routers Are Full of Vulnerabilities, But What If ISPs Could Fix That?

Jul 24 by Silviu Stahie

Imagine a world where routers with vulnerabilities are protected by the software running on them, which doesn't need to be upgraded via firmware images that often arrive late or never at all. It’s a feature that would benefit everyone – consumers, IoT manufacturers, and ISPs - and the scenario is not far-fetched. 

Read More

Cybersecurity Market Expected to Grow by 2.5% in Worst-Case Scenario

Jul 24 by Silviu Stahie

Cybersecurity spending will grow by 5.6% year-on-year in 2020, despite the financial problems that all economies face right now. In fact, the entire cybersecurity market will likely grow by 2.5% this year, according to a new report from Canalys. 

Read More

Raft of Healthcare Breaches Continue

Jul 23 by George V. Hulme

Attacks targeting healthcare organizations just won’t let up. In early June, the University of California San Francisco (UCSF) announced that their IT team identified a limited security breach within a part of the UCSF School of Medicine’s IT environment.

Read More

Securing the Human Layer – The First Sane Step Towards Achieving a Strong Cybersecurity Posture

Jul 22 by Filip Truta

Employees typically access 59 risky URLs per week, or 8.5 per day, according to new data. That’s more than once per hour in an eight-hour workday. Depending on their knowledge of the threat landscape, corporate employees can be as dangerous as an external cyber-attack on the company – especially if those employees are working remotely.

Read More

92% of Businesses Give Criminals Access to Customer Data through Vulnerable JavaScript Integrations

Jul 21 by Filip Truta

Sensitive data, like personally identifiable information (PII) and credit card information, has never been more at risk, while security is becoming less effective, new research shows.

Read More

Report Says Data in the Cloud is Creating ‘Fear and Trust’ Issues for Security Professionals

Jul 20 by Bob Violino

A patchwork of tools, the presence of misconfigured services, and confusion around data security ownership in the cloud has created a crisis of confidence among IT security professionals that will only be fixed by organizations making security part of their business culture.

Read More

Media Is the Most Targeted Industry in Credential Stuffing Attacks

Jul 17 by Silviu Stahie

The media industry is a prime target for credential stuffing attacks, with more than 17 billion incidents reported from January 2018 to December 2019, according to a report from Akamai. 

Read More

Email Impersonation on the Rise as Workforce Grows Increasingly Distracted and Dispersed

Jul 17 by Filip Truta

Over a third of organizations are seeing email-based attacks hit their inbox daily, new data shows. IT professionals now say they need to remediate an email-based attack every day –including suspending compromised email accounts.

Read More

HVI Blocks SIGRed, Prevents Zero-Day Execution from Suspicious Memory Regions

Jul 16 by Michael Rosen
  • Windows DNS server remote code execution vulnerability permits full takeover of infected systems
  • Wormable exploits can spread via malware between vulnerable computers without user interaction
  • SIGRed vulnerability impacts nearly all versions of DNS in Windows Server dating back over 17 years
  • Hypervisor Introspection (HVI) prevents zero-day code execution from suspicious memory regions

On July 14, Microsoft published Security Vulnerability CVE-2020-1350 describing a longstanding, broad-based Windows DNS server remote code execution vulnerability whereby Windows Domain Name servers fail to properly handle malformed DNS requests, allowing an attacker to corrupt memory and run arbitrary code in the context of the Local System Account. All Windows servers that are configured as DNS servers are at risk from this critical (CVSS 10) vulnerability—which Microsoft acknowledges dates back at least 17 years—putting directly at risk multiple versions of Windows Server 2008, 2012, 2016, and 2019 in widespread production worldwide.

Read More

MDR Creates New Revenue Opportunities for Managed Services Providers

Jul 16 by Michael Rosen
  • Managed Detection and Response is one of the fastest growing areas of cybersecurity with a 30.4% CAGR
  • Huge revenue opportunity with MDR for MSPs to help customers that lack security extended teams
  • Opportunities involving MDR tend to be larger, stickier, and foster deeper customer relationships than tools
  • MDR solves key customer gaps in alert response management, technical skills, and overall security outcomes

MSPs, are you thinking about jumping into managed security services?

Read More

SOC Employees Continue to Battle Stress and Skill Shortages, Study Finds

Jul 15 by Silviu Stahie

Security operations center (SOC) performance is getting worse, and the human element continues to battle stress, causing employees to search for new jobs in higher numbers, according to a study from Devo Technology and the Ponemon Institute. 

Read More

Researchers Reveal the Countries Most Targeted by Cyberattacks

Jul 14 by Silviu Stahie

A study using data from the Center for Strategic and International Studies (CSIS) looked at how cyberattacks are distributed across the globe and the most common techniques used in cyberattacks. 

Read More

Most Companies Now Accept BYOD Policies But 30% Don’t Use Endpoint Protection for Those Devices

Jul 13 by Silviu Stahie

Bring your own device (BYOD) policies are changing around the world, and the latest report by Bitglass shows that companies are now much more permissive in this regard, although the shift is likely caused by necessity and not choice. 

Read More

One in 2 Companies Unable to Cope with Remote Work Security Risks

Jul 10 by Filip Truta

Half of infosec professionals in a recent Bitdefender study revealed that their organization doesn’t have a contingency plan in place, or didn’t know if they did, for a situation like COVID-19 or a similar scenario.

Read More

The Key Reason Why Some Enterprises Outright Refuse to Enable BYOD

Jul 09 by Filip Truta

Most IT professionals say employees are allowed to use personal devices for work. And while the use of personal devices at work is growing rapidly, many are unprepared to balance productivity with security, new data shows.

Read More

Is Your Malware Detection Future-Proof? 7 Adaptable Technologies for Elusive Threats

Jul 09 by Andrei Pisau

While the media have extensively covered the recent spike in malware, a certain aspect seems to have been downplayed. The truth is, not only have cyber-attacks grown significantly during the pandemic (in March alone, 832 million records were breached through malware), but their complexity has also visibly increased as well.

Read More

US Secret Service Warns of Attacks on MSPs

Jul 08 by Silviu Stahie

The United States Secret Service issued an advisory warning of an increase in cyberattacks against managed service providers (MSP) in an effort to compromise companies using their services. 

Read More

Businesses Now Spend a Third of Their Cybersecurity Budget on SOC

Jul 07 by Filip Truta

Organizations with a dedicated security operations center (SOC) know how much it helps combating cyber threats. 72% of IT security practitioners in organizations with a SOC categorize the unit as “essential” or “very important” to their organization’s cybersecurity strategy. However, 60% of SOC team members are considering changing careers or quitting due to stress.

Read More

Many CIOs Believe Expired TLS Certificates Could Affect Their Business

Jul 06 by Silviu Stahie

Most Chief Information Officers (CIO) are worried about the security risks associated with the proliferation of TLS machine identities, which is aggravated by the fact that many of them don’t have an accurate account of the number of certificates deployed in their infrastructure. 

Read More

Are Companies Ready for the Risks of IoT?

Jul 04 by Bob Violino

The Internet of Things (IoT) and Industrial IoT (IIoT) are beginning to see some real momentum, particularly in industries such as manufacturing, healthcare, and retail. More and more devices, equipment, vehicles, buildings, and other objects are being equipped with sensors and connected, enabling the sharing of data that provides useful insights for businesses.

Read More

Why Vulnerable IoT Is a Double-Sided Problem for ISPs and Their Customers

Jul 03 by Silviu Stahie

A scan of the Japanese Internet infrastructure showed how many devices could be compromised with common user names and passwords, and ISPs helped the authorities make that determination. But ISPs also seemed to lack the tools to make those determinations by themselves, in a way that secures their networks and customers at the same time.

Read More

CISA and FBI Issue Advisory on Dealing with Tor Malicious Internet Traffic

Jul 03 by Silviu Stahie

The Cybersecurity Security and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued an advisory for companies regarding the detection and mitigation of malicious traffic coming from Tor (The Onion Router.) 

Read More

10 Stats About SOC Performance, Practices, and Analyst Attitudes in 2020

Jul 02 by Ericka Chickowski

Recent studies show that the modern SOC has evolved to become the lynchpin for most enterprise security strategies. Organizations spend a significant chunk of their security budget on SOC operations and many depend upon the SOC to help them detect and hunt for threats, respond to incidents, and maintain visibility into the organization's cyber risk posture. However, SOC effectiveness still varies greatly from organization to organization.

Read More

Remote Workers Encounter 8 Risky URLs per Day, New Research Shows

Jul 02 by Filip Truta

Given enough time, employees – especially those working remotely – will click on a link to a potentially dangerous website. But how much time? According to recent data, less than an hour.

Read More

DDoS Attacks Increase Almost 300% in Just One Year, Study Shows

Jul 01 by Silviu Stahie

DDoS attacks are on the rise at a time of the year that's usually a lot less uneventful, according to a report from Nexusguard that reveals a 278% increase in DDoS attacks compared to Q1 2019. 

Read More

Business Email Compromise (BEC) Attacks Jump 200 Percent from April to May

Jul 01 by Filip Truta

New data shows a sharp increase in monthly business email compromise (BEC) attacks focused on invoice or payment fraud.

Read More

Cloud Security

Subscribe to Blog Updates

Latest Tweets

Posts by Month