Subscribe to Email Updates

Subscribe

All about Virtualization and Cloud Security | Recent Articles:

Debunking The BlueKeep Exploit Hype – What You Should Know

Nov 07 by Andra Cazacu

WannaCry is still fresh in our memory, reminding organizations of how distractive an unpatched vulnerability can be especially if weaponized as a wormable threat that delivers ransomware. BlueKeep has been estimated to have the same disruptive potential as EternalBlue (the exploit responsible for WannaCry) if sporting worm-like behavior, especially since RDP is a commonly used service in organizations, allowing IT and security teams to remotely dial into machines.

Read More

Researchers Uncover Threat Actor Supergroup Linked to Stuxnet, Flame, Duqu

Apr 23 by Luana Pascu

Could critical infrastructure attacks be making a comeback? Or did these invisible threats never leave in the first place? Extensive research reveals that as many as four threat actors many have been involved in creating Stuxnet, the sophisticated computer worm that demolished Iran’s nuclear infrastructure in 2007. In light of recent discoveries about similarities in malware samples, cyberespionage appears to be a growing threat that can hide for years before its discovered.

Read More

Cybersecurity – A Top Risk Management Priority for Senior Execs, But Only On Paper

Feb 21 by Filip Truta

As bad actors continue to hone their skills and governments keep raising the penalty for getting breached, large organizations across the globe seem to be doing little to mitigate the risks associated with cybercrime – despite knowing better for years.

Read More

Why CISOs Should Understand the Threat Landscape To Bolster Security in 2018

Feb 08 by Luana Pascu

Doctors can’t prescribe proper treatment for patients without identifying and analyzing symptoms to make a clinical diagnosis. It’s the same for CISOs, who are responsible for their organization’s digital health.

Read More

Businesses rushing to adopt new tech are opening more doors to hackers – research

Jan 27 by Filip Truta

While modern technology makes possible new business models to drive growth and profitability, digital transformation opens your business to more cybersecurity risks, according to a survey by Thales and 451 Research.

Read More

Cyber-attacks now cost businesses over $1M on average, can sink small companies

Sep 26 by Filip Truta

As of 2017, a single cyber incident can put a small company out of business, according to new research by Ponemon Institute. The findings confirm Bitdefender’s predictions for 2017 that targeted attacks would increase due to poor security of corporate networks.

Read More

Email is Deprecated, but Still a Threat

Feb 22 by Bogdan Dumitru

It’s been 38 years since the invention of email and today, it is still the number one communication tool in and out of enterprises. While technology, hardware, infrastructure and the internet itself evolved tremendously in the past almost 4 decades, email is the spoiled child of the family that declines to grow up. 

Read More

Pointers on Not Being an APT Statistic (or How I Learned to Love Bug)

Aug 07 by Horatiu Bandoiu

Several weeks ago we started a series dedicated to considering APTs (Advanced Persistent Threats) and possible ways to mitigate them. In the first post we strived to define and “contain”  the APT as category of threats as the term is abused, and today most all the sophisticated attacks are presented as APTs – the supreme evil.

Working from the definition, we now remain with two aspects:

#1:  Advanced – as APTs are sophisticated, out of the range even for organized crime networks – “we are sorry, no botnets or banking trojans allowed”.

#2:  Persistent – as we have seen and described, we are talking about organized attackers with myriad resources - the most important being time and patience, until they can reach their objective. A modern characteristic is that they prefer, with few exceptions, the “low and slow” approach; doing “the job” as silently as possible.

The thesis we don’t agree with is that APTs can pass over any antimalware technology. As a matter of fact, the majority of their components have been spotted-out as suspicious files prior to being investigated and detection being added.

Read More

Advanced Persistent Threats – Silver Bullets That Fail

Jul 24 by Horatiu Bandoiu

This is the second post from a series we thought necessary to dedicate to APTs (Advanced Persistent Threats) and the new wave of security technologies claiming that they replace or complement antimalware solutions to help organizations defeat this new threat.

Read More

Is your Security losing to Marketing Jiu-Jitsu?

May 29 by Horatiu Bandoiu

We see, day after day, real and so-called security experts announcing the newest security apocalypse we face. Claiming that antivirus is a dead technology, they invite you to uninstall it and buy new next-generation technologies that will automatically collect, analyze and detect malicious intentions of attacks or data compromise from the moment they are born in the minds of the bad guys.

Sometimes they come from people more or less familiar with the topic - Is Anti-Virus Scanning/Detection Obsolete?  - and you can see that most of the opinions there are not so negative, apart from the classic advertising for some AV brands. Other times they come from specialists in the field, trying to give an opinion or just sell their “stuff”

Read More

Virtual Patching Part II: What Makes It So Darn Tricky?

Mar 26 by Shaun Donaldson

In my last blog post I began a conversation about virtual patching. In this post, I’ll further the discussion by talking about why effective virtual patching at the network is so difficult.


The story really begins by considering context, or really, the lack thereof. If a vulnerability exists in an application (a web application, or a browser) there is a certain context associated with the application that is difficult to be aware of at a point outside of the application. The simplest example is a session. A web application may create a session when a user logs-in, destroying the session after a period of inactivity, or when a user logs-out (and when was the last time you logged-out instead of just closing the browser window?).

Read More

Cloud Security




Subscribe to Blog Updates

Latest Tweets