Every connected device is now considered a part of the Extended Internet of Things (XIoT). When securing XIoT devices that connect to networks, it can be hard to account for all the nuances required to secure them. What simplifies the process of delivering contextually aware threat detection and recommendations is an...
Federal authorities are warning about seven vulnerabilities affecting a software agent used to remotely manage an array of medical devices and other connected gear. If exploited, the vulnerabilities could enable hackers to gain full control of the affected devices or alter their configurations.
The Microsoft Vulnerabilities Report compiles every Microsoft security bulletin from the past 12 months, analyzes the trends, and includes viewpoints from security experts. This provides a consolidated view and analysis of Microsoft patch Tuesdays, providing a crucial barometer of the threat landscape for the...
Critical cybersecurity gaps in smart infusion pumps have put the data and care of hundreds of patients at risk, according to researchers at Unit 42 of cybersecurity firm Palo Alto Networks. They say that 75% of the 200,000 smart infusion pump networks they scanned contained known security gaps.
Since 2019, the Global Cyber Alliance has been using a custom IoT honeypot solution that identifies global attack risks and collects data about IoT attacks. Leslie Daigle discusses its findings about how threats have evolved and offers advice on how to better secure IoT devices and tech.
IT security teams today face the daunting task of defending an extended perimeter and attack surface due to the increased use of cloud services and the sheer volume of mobile devices that access corporate applications.
Enterprise use of cloud apps continues to climb, while employees typically use multiple devices...
According to a new threat report from Expel, business email compromise should now be viewed as "public enemy #1." Jonathan Hencinski of Expel is joined by Theodore Peterson of Datasite to support that claim and discuss how best to strategize against these schemes.
An early eBook from the CyberTheory Institute library, co-authored by founder, Steve King, and Cliff Kittle, a frequent contributor to our corpus of thought leadership, this time about Zero Trust and its influence from the principles of Maneuver Warfare.
Based upon the rapid increase in malware variants designed to...
Things are not always what they seem, says incident response expert Joseph Carson, pointing to a case involving ransomware that infected a company in Ukraine, but for which there was no external attack path. Ultimately, his investigation found that ransomware had been used to hide internal fraud.
Defending against insider threats is more than just picking the right security
solutions. It’s also defining and creating a security program that pulls people,
processes, and technology together to effectively defend against these kinds
The following checklist will help you define an insider threat...
Like most large financial institutions, this Fortune 100 financial
services company has a complex network. From M&A activity to cloud
development to securing critical suppliers, it was challenging for the
company to identify and monitor all of its internet-connected assets. And
without a complete and accurate IT...
Several global Computer Emergency Response Teams have issued alerts as well as fixes for Google Chrome browser and Android operating system vulnerabilities. Countries issuing the alerts include France, India and Canada.
Technology giant Microsoft has released patches for 51 vulnerabilities as part of its Patch Tuesday announcement. Of the total, none of the fixes are for critical bugs, and three are rereleased patches. Separately, the company says it will block internet macros by default in its Office applications.
Federal authorities are again warning healthcare and public health sector entities about potential threats posed by ransomware-as-a-service group LockBit 2.0, despite the cybercrime gang's claim that it does not target healthcare organizations.
It’s important to remember that MDR providers can only detect and respond to what they can see. For uncovered
layers of the attack surface, security teams must have the people, process and technology to monitor, detect and
respond to advanced and evasive threats. The critical decisions you must address are: