Blog - Cyber Security Informer

Webroot top performer among security products in PassMark® Software testing

Webroot

JULY 29, 2021

In taking the highest score in the category for 2021, Webroot beat out competitors including BitDefender , McAfee® and ESET® endpoint security solutions. Webroot stood out in several categories in addition achieving the best overall score. Some categories were won by a wide margin. Consider installation time for instance.

Software

Software Government Mobile

How Machine Learning Can Accelerate and Improve the Accuracy of Sensitive Data Classification

Thales Cloud Protection & Licensing

DECEMBER 11, 2023

This blog will explain how Thales is enhancing CipherTrust Data Discovery and Classification (DDC) with ML models that help analyze data, learn from insights, and improve results. CipherTrust DDC uses a ML model for category classification to identify with high probability whether a document is healthcare, finance, legal or HR related.

Unstructured Data

Unstructured Data Data privacy Healthcare Banking

On Surveillance in the Workplace

Schneier on Security

MARCH 12, 2019

Touted as useful management tools, they can augment biased and discriminatory practices in workplace evaluations and segment workforces into risk categories based on patterns of behavior. However, these practices can create punitive work environments that place pressures on workers to meet demanding and shifting efficiency benchmarks.

Surveillance

Surveillance Data collection Technology Risk

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Three quick takes regarding the 2021 updates to the OWASP Top 10 list

Security Boulevard

DECEMBER 28, 2021

It’s been four years since OWASP updated its Top 10 list , but this year we got three brand new categories along with a reshuffling of the rest. Rather than focusing on specific vulnerabilities (or the symptoms of problematic coding from a security perspective), OWASP has opted instead to focus on higher-level categories of vulnerabilities.

Software

Software Risk Authentication

MiraclePtr: protecting users from use-after-free vulnerabilities on more platforms

Google Security

JANUARY 11, 2024

If you need a refresher, you can read our previous blog post detailing MiraclePtr and its objectives. As explained in the previous blog post, when an allocation is quarantined, its contents are overwritten with a special bit pattern. Crash reports Crash reports offer a different perspective on MiraclePtr's effectiveness.

Mapping CVEs and ATT&CK Framework TTPs: An Empirical Approach

NopSec

OCTOBER 11, 2022

This blog post focuses on how to create a bridge / correlation between CVE, CAPEC, CWE and ATT&CK vulnerability and attack taxonomies for the purpose of better understanding attack vectors and methods. CVSS consists of three metric groups: Base, Temporal, and Environmental. X standards. In CVSS score 3.1,

Software

Software IoT Cyber Attacks Social Engineering

Top 3 Data Visualization Capabilities in a CASB Solution

McAfee

APRIL 2, 2020

These capabilities not only enable them to regularly monitor key metrics, but also share this information and visualizations with other security stakeholders and executives. For example, a security admin may want to understand the top 10 cloud service categories by upload volume. Monitor Metrics using Dashboard Cards.

Financial Services

Financial Services Risk

SOCwise Series: A Tale of Two SOCs with Chris Crowley

McAfee

APRIL 19, 2021

In reference to the Charles Dickens’ classic, Chris explained how survey responses fell into two categories: SOCs that h ad management support or those that did not. . Chris shared other survey takeaways including how SOCs gauge their value, metrics and tools. . SOC METRICS . SOC INDICATORS AND PERCEIVED VALUE .

Technology

Technology Artificial Intelligence VPN Firewall

Threat Trends: DNS Security, Part 1

Cisco Security

MARCH 11, 2021

Part 1: Top threat categories. Our Threat Trends blog series takes a look at the activity that we see in the threat landscape and reports on those trends. We’ll look at DNS queries to domains that fall into certain categories of malicious activity, and in some cases specific threats, between January and December of 2020.

DNS

DNS Phishing Ransomware Internet

How Do You Quantify Risk? Best Techniques

Centraleyes

FEBRUARY 13, 2024

This blog aims to serve as a guide to navigating the intricate terrain of cyber risk quantification, providing insights into its significance, methodologies, and the transformative impact it can have on organizational cybersecurity strategies. Enter the need for a more precise and actionable approach — Cyber Risk Quantification.

Risk

Risk Cyber Risk Cybersecurity Penetration Testing

New White House Announcement on the Vulnerability Equities Process

Schneier on Security

NOVEMBER 17, 2017

You can read the new policy or the fact sheet , but the best place to start is Cybersecurity Coordinator Rob Joyce's blog post. We also clarify what categories of vulnerabilities are submitted to the process and ensure that any decision not to disclose a vulnerability will be reevaluated regularly. Improved transparency is critical.

Government

Government Cybersecurity Accountability Software

As a CISO, Are You a Builder, Fixer, or Scale Operator?

Lenny Zeltser

MAY 10, 2023

As you reflect on the past few years of work, determine which of the following categories fits you the most: Builder: You’re great at building a security program (or significant parts of it) from scratch. You enjoy defining the initial structure, standards, templates, processes, guardrails, and metrics.

CISO

CISO Technology Media Cybersecurity

Threat Trends: DNS Security

Cisco Security

MARCH 11, 2021

Our Threat Trends blog series takes a look at the activity that we see in the threat landscape and reports on those trends. We’ll look at DNS queries to domains that fall into certain categories of malicious activity, and in some cases specific threats, between January and December of 2020. Organizations and malicious DNS activity.

DNS

DNS Phishing Ransomware Internet

HIPAA Compliance for Healthcare Apps

Security Boulevard

NOVEMBER 2, 2021

According to the Office of the National Health Coordinator for Health Information Technology (ONC) , 1 in 8 Americans tracked a health metric using some form of technology in 2013. HIPAA outlines three categories of covered entities and an additional business associate category. HIPAA Security Rule. Covered Entities.

Healthcare

Healthcare Insurance Technology Software

The Best 10 Vendor Risk Management Tools

Centraleyes

MARCH 25, 2024

With security ratings based on ten categories and continuous monitoring of cybersecurity issues, SecurityScorecard offers businesses insight into potential vulnerabilities across their vendor ecosystem.

Risk

Risk Data collection Architecture Government

How to Conduct a Vulnerability Assessment

Centraleyes

JANUARY 4, 2024

Act : This phase segregates identified vulnerabilities into three categories—remediate, mitigate, or accept. The acceptance category may include devices or software earmarked for replacement, requiring no immediate action. The acceptance category may include devices or software earmarked for replacement, requiring no immediate action.

Risk

Risk Wireless Data breaches Education

Introduction to the NIST AI Risk Management Framework (AI RMF)

Centraleyes

JANUARY 24, 2024

Bias categories—systemic, computational and statistical, and human-cognitive—highlight the multifaceted nature of bias. It includes: Identifying and applying appropriate methods and metrics. Nevertheless, privacy considerations involve trade-offs with security, bias, and transparency, necessitating a nuanced approach.

Risk

Risk Artificial Intelligence Government Accountability

Exploring the Cost of a Data Breach and Its Implications

Centraleyes

APRIL 9, 2024

Breaking Down the Cost of a Data Breach Data breach costs can be dissected into distinct categories. Understanding ROI A crucial metric in the data breach landscape is Return on Investment (ROI). These sectors serve as the battlegrounds where the war for data security is most intense.

Data breaches

Data breaches Cyber Insurance Insurance Ransomware

GUEST ESSAY: The story behind how DataTribe is helping to seed ‘Cybersecurity Valley’ in Maryland

The Last Watchdog

JUNE 4, 2019

To date, DataTribe has co-founded nine startups, partnering with technology domain masters to create startups operating at the forefront of cybersecurity innovation and creating entirely new categories of products that did not exist previously. Also disrupting new technology categories are BlueRidge AI and Refirm Labs.

Cybersecurity

Cybersecurity Computers and Electronics Technology Marketing

Demystifying the 18 Checks for Secure Scorecards

Security Boulevard

AUGUST 4, 2021

Founded in August 2020, OpenSSF is a Linux Foundation-funded project focused on establishing metrics, tooling, best practices, developer identity validation, and vulnerability disclosures to improve open source software security. The criteria are grouped into six categories: Basics. Who is OpenSSF? code review process. Change control.

Software

Software Risk Government Technology

How an Attacker Could Use Instance Metadata to Breach Your App in AWS?

McAfee

APRIL 6, 2020

However, in every cloud environment, whether AWS, Azure, GCP or others, there is a new category of risk. Using a direct API-integration with AWS, MVISION Cloud continuously monitors CloudWatch Metrics which tell you the version of IMDS you’re using in every EC2 instance. . appeared first on McAfee Blogs.

Software

Software Architecture Internet Internet

Machine Learning in Cybersecurity Course – Part 1: Core Concepts and Examples

NopSec

MARCH 25, 2019

In this blog post, we summarize the first part of that webinar, without going into the three specific applications and the challenges. We will cover those in Part 2 of this blog series, so stay tuned for next week’s post. For more details, that entire webinar is now available on demand here. Model evaluation.

Cybersecurity

Cybersecurity Artificial Intelligence Phishing Malware

Establishing Security Maturity Through CIS Cyber Defense Framework

McAfee

APRIL 20, 2020

The cyber threat landscape is evolving at an astronomical rate; we are living in the age where the four key pillars of cybersecurity – Confidentiality, Integrity, Availability and Assurance of Information systems are no longer considered a nice to have but are a metric for business resilience and operational existence of businesses across the globe.

Architecture

Architecture Risk Data breaches Cyber threats

Top MDR Services for 2021

eSecurity Planet

MAY 5, 2021

However, the metrics it provides clients are limited. This is in part due to its impressive user interface that offers a clear view into the most relevant metrics. Expel hosts a blog that covers a wide variety of topics, such as cloud detection techniques and SOC metrics, that can be accessed by anyone.

Threat Detection

Threat Detection Technology Artificial Intelligence Cybersecurity

From frustration to clarity: Embracing Progressive Disclosure in security design

Cisco Security

SEPTEMBER 1, 2023

This blog was written by Annika Mammen, former User Experience Engineer at Cisco There are so many areas to consider when dealing with protecting and detecting threats, unfortunately cognitive overload is one problem that is often overlooked. Similarly, the security world is filled with alerts, metrics, targets, etc.

Engineering

Engineering Risk Marketing Accountability

Common Terminology in Adversarial Machine Learning

NetSpi Executives

NOVEMBER 21, 2023

ML can be further divided into different categories, such as supervised learning, unsupervised learning, and reinforcement learning, each suited for different types of learning tasks. Decision Boundaries The dividing lines or surfaces that separate different classes or categories in a classification problem.

Artificial Intelligence

Artificial Intelligence Penetration Testing Engineering Architecture

Welcome to the New Have I Been Pwned Domain Search Subscription Service

Troy Hunt

AUGUST 7, 2023

We then wanted to distribute the number of domains that would fall into the commercial category roughly equally between those 4 tiers, so it was pretty much a matter of taking what was left after the free ones and dividing them into 4 groups and putting a price on them. This is a big one. A massive one.

Data breaches

Data breaches Accountability Cryptocurrency Banking

Lockscreen and Authentication Improvements in Android 11

Google Security

SEPTEMBER 22, 2020

This blog post outlines recent improvements around how users interact with the lockscreen on Android devices and more generally with authentication. SAR is a metric first introduced in Android P, and is intended to measure how resilient a biometric is against a dedicated attacker.

Authentication

Authentication Passwords Architecture Backups

Malware Analysis: Moving Beyond the CVSS Score

NopSec

MAY 17, 2016

Today’s blog post will focus on how to evaluate risk, including what is the CVSS (Common Vulnerability Scoring System) and other factors that help predict whether or not a vulnerability has malware associated with it, and how to analyze these malware factors today for better remediation prioritization tomorrow.

Malware

Malware Authentication Risk Media

Black Hat USA 2023 NOC: Network Assurance

Cisco Security

AUGUST 28, 2023

The image below shows some of the metrics captured by ThousandEyes, including average latency information in the top half of the image, and Layer 3 hops in the bottom half of the image with latency tracked for each network leg between the Layer 3 hops. You can find the code and guide at this GitHub repository and the guide in this blog post.

Wireless

Wireless DNS Mobile Technology

Authentication and the Have I Been Pwned API

Troy Hunt

JULY 18, 2019

Well let's pull the logs from Cloudflare and see: This is the output of a little log analyser I wrote that breaks requests down by ASN (and other metrics) over the past hour. Even with the rate limit of 1 request every 1,500ms per IP address enforced, that graph shows a very clear influx of requests peaking at 14k per minute.

Authentication

Authentication Firewall Data breaches Mobile

GUEST ESSAY: Advanced tools, tactics required to defend latest attack variant — ‘DeepSea phishing’

The Last Watchdog

JULY 14, 2022

Unfortunately, the former category is becoming less and less effective as phishing becomes more and more sophisticated, with email clones looking increasingly indistinguishable from the real thing. Thus, the goal of the modern cybersecurity company must be to empower enterprises at the sweet spot between protection and productivity.

Phishing

Phishing Education Cybersecurity Threat Detection

Cisco Secure Democratizes Extension Security for Firefox and Edge

Duo's Security Blog

MAY 5, 2021

Chrome Ups and Downs Since we last compiled our metrics on the Chrome Web Store in 2019, Chrome has taken steps to improve the security of its extensions and encourage safer practices among creators. This number has since increased to 165,365 Chrome extensions and apps.

Risk

Risk Malware Mobile Accountability

Cyber Security Informer

Webroot top performer among security products in PassMark® Software testing

How Machine Learning Can Accelerate and Improve the Accuracy of Sensitive Data Classification

Webinars

Trending Sources

On Surveillance in the Workplace

Webinars

Three quick takes regarding the 2021 updates to the OWASP Top 10 list

MiraclePtr: protecting users from use-after-free vulnerabilities on more platforms

Mapping CVEs and ATT&CK Framework TTPs: An Empirical Approach

Top 3 Data Visualization Capabilities in a CASB Solution

SOCwise Series: A Tale of Two SOCs with Chris Crowley

Threat Trends: DNS Security, Part 1

How Do You Quantify Risk? Best Techniques

New White House Announcement on the Vulnerability Equities Process

As a CISO, Are You a Builder, Fixer, or Scale Operator?

Threat Trends: DNS Security

HIPAA Compliance for Healthcare Apps

The Best 10 Vendor Risk Management Tools

How to Conduct a Vulnerability Assessment

Introduction to the NIST AI Risk Management Framework (AI RMF)

Exploring the Cost of a Data Breach and Its Implications

GUEST ESSAY: The story behind how DataTribe is helping to seed ‘Cybersecurity Valley’ in Maryland

Demystifying the 18 Checks for Secure Scorecards

How an Attacker Could Use Instance Metadata to Breach Your App in AWS?

Machine Learning in Cybersecurity Course – Part 1: Core Concepts and Examples

Establishing Security Maturity Through CIS Cyber Defense Framework

Top MDR Services for 2021

From frustration to clarity: Embracing Progressive Disclosure in security design

Common Terminology in Adversarial Machine Learning

Welcome to the New Have I Been Pwned Domain Search Subscription Service

Lockscreen and Authentication Improvements in Android 11

Malware Analysis: Moving Beyond the CVSS Score

Black Hat USA 2023 NOC: Network Assurance

Authentication and the Have I Been Pwned API

GUEST ESSAY: Advanced tools, tactics required to defend latest attack variant — ‘DeepSea phishing’

Cisco Secure Democratizes Extension Security for Firefox and Edge

Stay Connected