HOPLIGHT, a critical backdoor Trojan linked to North Korean APT group Lazarus, has been found in the wild, warn the FBI and the Department of Homeland Security in a new malware analysis report.
Cyber-attacks and threat actors have become more numerous and more sophisticated, creating new threats that lurk unseen, ready to wreak havoc on Security Operations Centers. The stakes are high: cybercrime costs climbed 12% last year to $13 million per company.
Incidents like the attack on Norsk Hydro are expected to grow more common, according to a survey on cybersecurity trends in industries using industrial control systems (ICS) and operational technology (OT).
- VMware NSX-T Data Center 2.4 release now includes Guest Introspection services via agentless endpoint protection.
- Bitdefender GravityZone Security for Virtualized Environment (SVE) is the first, and currently the only, security vendor that integrates NSX-T Guest Introspection.
- If you are upgrading to NSX-T Bitdefender solves real operational challenges for highly-dense, large scale datacenter deployments.
Senator Elizabeth Warren is proposing an amendment that would establish criminal liability for negligent executive officers of major corporations.
While digital transformation and the e-commerce bubble in late '90s have reshaped the way companies do business, increasingly sophisticated cyber-attacks call for immediate and sometimes overly complex defenses. Security tool vendors have been more than willing to provide an ever expanding array of tools and technologies, many with dubious value.
Healthcare organizations are still looking for a cybersecurity cure or at the very least an effective security management regimen. As we covered recently, Healthcare continues to be a prime target for cyber attacks. That post was based on a survey conducted by the non-profit global advisory organization HIMSS and found that most healthcare organizations had experienced a significant security incident in the previous year.
Most enterprises are aware that business disruption carries heavy costs, but still they fail to prioritize the security of business-critical applications.
When it comes to managing cybersecurity risks, too many enterprises today remain focused on doing little more than making sure their baseline compliance and security controls are in place. They’ll check the boxes: Passwords more than 8 characters with two numbers and a special character? Check. Firewall? Check. VPN? Check. Antimalware? Check.
It has long been accepted as truth that staff, an organization’s first and last line of defense, is the vulnerability that malicious actors most take advantage of to steal data or deploy malware. But newer studies show an increase in malicious insiders, and one survey indicates that most IT security leaders believe this to be the case in their organization.
The effectiveness of security incident investigation and resolution is key to the effectiveness of all defense efforts. But improving incident investigation and resolution does not come without challenges: Too many alerts to handle and poor correlation between alerts.
One of the biggest concerns and challenges in cyber security is knowing who has access to which data and applications within an enterprise at any given time. This has become all the more complex for IT and security management with the growth in cloud services and the increased use of mobile devices, which create many more points of access within organizations.
