SIEM is your Analyst’s Best Technology Partner
For the average security analyst, it’s no secret that their days are overloaded with more “hair on fire” moments than “Zen” moments. The 2016 SANS Incident Response Survey paints a clear and sobering picture of the demands being placed on security analysts. The survey lists, in order, the following impediments to effective incident response: Lack […] more…Eating an Elephant: How the ESM 10 UX team reenergized SecOps
The first of a two-part series For some reason, elephants figure frequently in our conversations – “seeing different parts of the elephant”, “memory like an elephant,” and now, “eating an elephant.” This phrase, definitely meant as an analogy, expresses the lengthy, enormous, and daunting task that our development team faced in reimagining the user experience […] more…Cisco Launches New Firepower Firewalls
Cisco announced on Wednesday the launch of four new threat-focused Firepower next-generation firewalls (NGFWs) designed for banks, retailers and other businesses that conduct a high volume of sensitive transactions. read more more…Financial cyberthreats in 2016
In 2016 we continued our in-depth research into the financial cyberthreat landscape. We’ve noticed over the last few years that large financial cybercriminal groups have started to concentrate their efforts on targeting large organizations – such as banks, payment processing systems, retailers, hotels and other businesses where POS terminals are widely used. For example, the […] more…Worried about hacks, senators want info on Trump’s personal phone
Two senators have written to the U.S. Department of Defense about reports that President Donald Trump may still be using an old unsecured Android phone, including to communicate through his Twitter account. “While it is important for the President to have the ability to communicate electronically, it is equally important that he does so in […] more…Unix: A Game Changer in the Ransomware Landscape?
by Joachim Suico (Threat Research Engineer) 2016 was the year when ransomware reigned. Bad guys further weaponized extortion into malware, turning enterprises and end users into their cash cows by taking their crown jewels hostage. With 146 families discovered last year compared to 29 in 2015, the rapid expansion and development of ransomware is projected […] more…US visitors may have to reveal social media passwords to enter country
US Department of Homeland Security Secretary John Kelly has informed Congress that the DHS is considering requiring refugees and visa applicants from seven Muslim-majority nations to hand over their social media credentials from Facebook and other sites as part of a security check. “We want to get on their social media, with passwords: What do […] more…U.S. Could Ask Visa Applicants for Social Media Passwords
US embassies could ask visa applicants for passwords to their own social media accounts in future background checks, Homeland Security Secretary John Kelly said Tuesday. Kelly said the move could come as part of the effort to toughen vetting of visitors to screen out people who could pose a security threat. read more more…Connected Relationships Survey 2017: #RT2Win a Truly Lovable Prize
Valentine’s Day is all about taking time to tell those who make you feel warm and fuzzy just how much they mean to you. Plus, delicious chocolates don’t hurt either! Our relationship with technology has become serious lately, with social media and connected devices bringing the world to our fingertips. All of this scrolling has […] more…Online card fraud up as thieves avoid more secure chip cards for in-store payments
One unfortunate side effect from the use of chip cards for in-store purchases has been an increase in online credit-card fraud. Hackers have taken the path of least resistance, moving from in-store fraud to e-commerce fraud, according to security experts. Deterred by the security capabilities of chip cards for in-store payments, thieves have resorted to […] more…KopiLuwak: A New JavaScript Payload from Turla
On 28 January 2017, John Lambert of Microsoft (@JohnLaTwC) tweeted about a malicious document that dropped a “very interesting .JS backdoor“. Since the end of November 2016, Kaspersky Lab has observed Turla using this new JavaScript payload and specific macro variant. This is a technique we’ve observed before with Turla’s ICEDCOFFEE payloads, detailed in a […] more…Rethinking Toxic Data in Light of GDPR
Toxic data is sensitive information that you would rather not retain, but must for the sake of business operations. read more more…Fraud for online holiday sales spikes by 31%
Fraud attempts on digital retail sales jumped 31% from Thanksgiving to Dec. 31 over the previous year, according to a survey of purchasing data from ACI Worldwide. The fraud increase was based on hundreds of millions of online transactions with major merchants globally. Also, the number of e-commerce transactions grew by 16% for the same […] more…Oracle patches raft of vulnerabilities in business applications
Oracle released its first batch of security patches this year, fixing 270 vulnerabilities, mostly in business-critical applications. Many of the flaws can be exploited remotely without authentication. The majority of the fixes are for flaws in business products such as Oracle E-Business Suite, Oracle Fusion Middleware, Oracle PeopleSoft, Oracle Retail Applications, Oracle JD Edwards, Oracle […] more…BBC launches probe into leak of Russian-dubbed Sherlock finale
Experts suggest the leaking is Kremlin retaliation for the BBC expanding its Russian-language programming more…D-Link Hires Government Watchdog to Fight FTC Charges
Connectivity solutions provider D-Link Systems has retained the Cause of Action Institute to help it fight against the “unwarranted and baseless” charges brought by the U.S. Federal Trade Commission (FTC). read more more…More information
- Wearables to boost security of voice-based log-in
- Google patches “in-the-wild” Chrome zero-day – update now!
- Microsoft Windows Device Guard CVE-2017-8746 Local Security Bypass Vulnerability
- DuckDuckGo Ups Ante: Gives $300K to ‘Raise the Standard of Trust’
- Inside Uber’s $100,000 Payment to a Hacker, and the Fallout
- Xen CVE-2019-19579 Incomplete Fix Local Privilege Escalation Vulnerability
- 2018 Texting Slang Update: How to Decode What Your Teen is Saying Online
- Pokémon-themed Umbreon Linux Rootkit Hits x86, ARM Systems
- 10 Gboard shortcuts that’ll give you Android typing superpowers
- Team Poison hacker jailed over Tony Blair security breach