Security professionals, penetration testers and malware investigators are preparing to get energized. In just about a week the hacking community will converge on Las Vegas to drop their biggest discoveries of the year at the podiums of Black Hat USA. This annual confab always offers up a range of great new ideas for defenders, red teamers and security researchers—as well as a boatload of new tools. This year's show should be no different. The buzz is already growing for a number of previously unseen tools that will help security pros solve tough problems and break things in whole new ways. Here are a few highlights.
The rising tide of criminal schemes to steal compute cycles for mining cryptocurrency has reached a high-water mark. This month researchers report that cryptojacking malware and attacks have overtaken ransomware as the number one malware threat online today.
Automation is enterprise cybersecurity's biggest buzzword as organizations seek to keep pace with a threat landscape that grows more frenetic by the hour. But as automation spending skyrockets, many enterprises are finding that they're not getting the most out of their investment.
Electric car manufacturer Tesla is facing a nightmare insider attack scenario for which too many companies today fail to prepare. Tesla CEO Elon Musk admitted this week that an employee managed to intentionally wreak havoc with the software code that underpins the company's manufacturing system. The fallout has resulted in "quite extensive and damaging sabotage to our operations," according to Musk in a company-wide email that was leaked to CNBC two days ago.
Last week the team behind Git, a platform that powers millions of the world's developer code repositories--including those on the wildly popular GitHub hosted service--released a crucial security update meant to keep developer environments safe. The patch was made to fix a flaw in how Git handles submodule repository configuration during cloning. It's a dangerous hole that could give attackers the power to create malicious Git repositories and leverage them to run arbitrary code execution on target developer machines.
After years of hype, 2018 may finally see the start of the mainstream adoption of software-defined networking (SDN). And with it, network virtualization and software defined data centers (SDDC) could be on the cusp of big breakthroughs. So say the results of the new research from Enterprise Management Associates (EMA).
We're at less than a month before the EU General Data Protection Regulation (GDPR) regulations go live and global readiness still lags considerably. Companies around the world are in varying states of compliance, with a fair number of organizations out there that still haven't even stepped up to the start line of their GDPR compliance journey.
Last week's DevOps Connect event at RSA Conference brought together some of the leading minds in the DevOps and AppSec communities to discuss DevSecOps. Given the audience, a lot of the discussions focused on awareness themes for security folks still wrapping their heads around the idea of embedding their people into cross-functional DevOps teams. But each year these DevOps confabs at RSAC, the security audience grows savvier in continuous delivery principles, and the programming is trending more toward the real nuts and bolts of instituting DevSecOps.
Building an effective cybersecurity team is no mean feat. Hiring managers struggle to find experienced talent today and according to the most recent figures from ISACA, one in three organizations say it takes six months or longer to fill any given security position.
Cyber attacks, security incidents and breaches initiated through insecure Internet of Things (IoT) devices are on the uptick and most enterprises aren't yet on track to do anything about it, according to several high-profile studies over the last month.
As enterprises bridge their adoption patterns for public cloud from isolated pilot projects to fully scaled environments, they're going to need to get serious about adjusting their cybersecurity strategy and architecture to accordingly. According to the thinkers at McKinsey & Company, that sea change needs to start now. In a new report out last month by the consulting firm, enterprises are finally doubling down on their public cloud experiments over the last decade. And that means an impending cascade of public cloud usage in critical infrastructure that previously remained entrenched in the on-prem world.
The U.S. Securities and Exchange Commission (SEC) put public companies on warning that they need to get better about how and when they disclose not just breaches but material cyber risks to investors. The instructions were part of an updated guidance on breach disclosure from the SEC meant to protect investors and bring greater clarity to what the regulatory board expects from public companies when it comes to how they handle information security transparency.
