Sandbox environments are a common feature of many cybersecurity solutions in their fight against advanced malware. Firewalls, endpoint protection, and even next-generation machine learning systems use sandboxes as one of their lines of defense. However, not all sandboxes are created equal. Sandboxes can take different approaches towards malware...

According to a hypothetical cyber risk scenario prepared by the Cyber Risk Management (CyRiM) project for risk management purposes, a ransomware strain that can disrupt more than 600,000 businesses worldwide within 24 hours would potentially lead to damages in the amount of billions of dollars. Cyber Risk Management (CyRiM) project is a collaborative...

In September of 2018, Amazon Web Services (AWS) announced the addition of the Session Manager to the AWS Systems Manager. The session manager enables shell or remote desktop level access to your AWS EC2 Windows and Linux instances, along with other benefits. This is a great new feature, but care should be taken when enabling this capability. While the...

With the evolution of technology comes new approaches to solving problems. Sometimes a new approach fixes the problem; sometimes it creates new ones. The good thing is as folks who work in fast-paced, high-tech environment, we information security professionals are great at quickly analyzing the new technologies and applying them to our daily lives. ....

Technology has advanced to a state where clients now expect a constant stream of updates for their software and applications. To fulfill this demand, developers commonly turn to what’s known as a CI/CD pipeline. As noted by Synopsys, this practice embraces two important software development concepts of today’s streamlined world:Continuous Integration ...

Most people do not regard their cybersecurity and privacy documentation as a proactive security measure. On the contrary, many oftentimes view documentation as a passive effort that offers little protection to a company, generally an afterthought that must be addressed to appease compliance efforts. Where documentation may get some much-needed...

European aerospace corporation Airbus SE has revealed that a digital security incident recently affected some of its computer systems. In a press release published on 30 January, Airbus confirmed that its “Commercial Aircraft business” information systems suffered a security incident. The corporation said that the event did not affect Airbus'...

In May 2017, the Equifax data breach compromised critical credit and identity data for 56 percent of American adults, 15 million UK citizens and 20,000 Canadians. The Ponemon Institute estimates that the total cost to Equifax could approach $600M in direct expenses and fines. That doesn’t include the cost of the security upgrades required to bring...

If you have ever heard of the Federal Information Security Management Act, then you are aware of the work done by the National Institute of Standards and Technology. The goal of the Act, not to mention the subsequent documents that resulted from strategies designed around implementing it, led NIST to create works designed to bolster security on the...

The Internet of Things (IoT) broadly refers to devices and equipment that are readable, recognizable, locatable, addressable and/or controllable via the internet. This includes everything from edge computing devices to home appliances, from wearable technology to cars. IoT represents the melding of the physical world and the digital worked, as...

Amazon GovCloud is an isolated Amazon Web Service (AWS) designed to allow customers and the U.S government agencies to move their confidential data into the cloud to address their compliance and specific regulatory requirements. It runs under ITAR, the U.S. International Traffic in Arms Regulations. With this cloud service, US citizens can run...

With the majority of people using smartphones these days, texting is all but a given when trying to communicate with your friends or family. But what about your doctor? A recent study determined that 96 percent of physicians use text messaging for coordinating patient care. This can raise eyebrows and red flags. Anyone with a cheap scanner, which...

This article covers the main techniques cybercriminals use at the initial stage of attacks against enterprise networks. There are several dangerous phases of cyberattacks targeting the corporate segment. The first one encountered by businesses boils down to getting initial access into their systems. The malefactor’s goal at this point is to deposit...

Many organizations have DevOps on their mind going into 2019. This is a global movement. In fact, Puppet and Splunk received responses for their 2018 State of DevOps Report from organizations on every continent except Antarctica. Those organizations varied in their industry, size and level of DevOps maturity, but they were all interested in learning...

As discussed before, the blockchain-based solution is built to provide strong integrity and independent verifiability. An exception to the independent verifiability is private blockchain solutions. In this part, we discuss both of these technological dimensions and detail their applicability and limitations. Public distributed blockchain provides...

Phishers are bypassing common forms of two-factor authentication (2FA) in a campaign targeting hundreds of Google and Yahoo accounts. In a new report, Amnesty International uses several attack emails sent to it by Human Rights Defenders (HRDs) spread across the Middle East and North Africa to analyze the campaign. A typical attack email in this...

Following on from the round-up we released yesterday, today we look through the rest of what our regular contributors shared as their standout moments from 2018. Bob Covello, IT Security Director | @BobCovello "The most memorable event for me in 2018 was a positive one. There was enormous progress made towards getting multi-factor authentication...