Blog - Cyber Security Informer

Extending Endpoint Security with Zero Trust

Heimadal Security

JULY 29, 2022

It goes without saying that a solid cybersecurity strategy considers both network and endpoint security. The post Extending Endpoint Security with Zero Trust appeared first on Heimdal Security Blog. The […].

Network Security

Network Security Cybersecurity

How the Federal Government is Revolutionizing Endpoint Security in a Zero Trust Environment

Security Boulevard

JUNE 15, 2021

Thales TCT is a trusted provider of cybersecurity solutions for US federal defense, intelligence, and civilian agencies. Last year, TCT implemented Votiro in their infrastructure to strengthen their network against zero-day attacks in files and to help them meet CMMC and NIST-800-171 requirements.

Government

Government Cybersecurity

GUEST ESSAY: The case for an identity-first approach ‘Zero Trust’ privileged access management

The Last Watchdog

SEPTEMBER 26, 2022

As enterprises continue to fall victim to increasingly complex attacks, there’s one topic that cybersecurity professionals and vendors can agree on: the importance of Zero Trust. A ‘Zero Trust’ core. The Zero Trust buzzword has exploded in use over the last few years. Dodhiawala.

Ransomware

Ransomware Passwords Data breaches Accountability

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

McAfee Enterprise Defender Blog | MSHTML CVE-2021-40444

McAfee

SEPTEMBER 20, 2021

Microsoft is warning its users of a zero-day vulnerability in Windows 10 and versions of Windows Server that is being leveraged by remote, unauthenticated attackers to execute code on the target system using specifically crafted office documents. More details on Endpoint protection including MVISION EDR are included below.

Ransomware

Ransomware Engineering Internet Internet

Zero Trust Application Access: Protecting Against Compromised Endpoints

Duo's Security Blog

NOVEMBER 16, 2023

In today's interconnected world, ensuring robust security measures is crucial. One of the key aspects of application security is endpoint security, which focuses on protecting the devices that access these applications. Check out the Cisco article Configure Duo and Secure Endpoint to Respond to Threats.

Authentication

Authentication Architecture Risk Engineering

Duo vs. Fraudulent Device Registration

Duo's Security Blog

APRIL 8, 2024

It is a well-known and established point that a password alone is not enough to secure an account. An adversary attempting to or successfully registering their own MFA device has become much more common over the last few years, yet it is still an aspect of zero trust systems that is often overlooked.

Authentication

Authentication Accountability Risk Phishing

Clarity and Transparency: How to Build Trust for Zero Trust

Cisco Security

FEBRUARY 2, 2023

In helping to develop the message that Cisco takes to the market about zero trust, I try to be as impeccable as I can with each word. Clarifying what zero trust means to you comes first. The zero trust principles reflect another of the four agreements: ‘Don’t make assumptions’. Instead, verify it.

Marketing

Marketing Authentication CISO Architecture

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

The Last Watchdog

MAY 5, 2022

Let’s walk through some practical steps organizations can take today, implementing zero trust and remote access strategies to help reduce ransomware risks: •Obvious, but difficult – get end users to stop clicking unknown links and visiting random websites that they know little about, an educational challenge.

Risk

Risk Ransomware Internet Internet

GUEST ESSAY: Securely managing access controls is vital to preserving the privacy of healthcare data

The Last Watchdog

NOVEMBER 8, 2021

However, healthcare data ranks at the top of the list for needing improvements in security and privacy protections. Healthcare data security and privacy is a problem that continues to grow. With the benefits of the cloud comes the heavy responsibility of securing sensitive data. Patient data exposures.

Healthcare

Healthcare Technology Architecture IoT

Heimdal™ Releases New Zero-Trust Feature for Application Control, Privileged Access Management, and Next-Gen Endpoint Antivirus

Heimadal Security

AUGUST 20, 2021

Copenhagen, August 20th, 2021 – Heimdal™ Security (Heimdal™) has just launched a new and market redefining cross-module Zero-Trust Execution Protection functionality that will allow customers to seamlessly protect their organization against zero-hour threats.

Antivirus

Antivirus Marketing

Recognizing and Reporting Phishing

Duo's Security Blog

OCTOBER 18, 2023

Phishing requires you to act with a specific set of instructions Don’t engage and trust nothing. Learn more about common ways to report & block suspicious emails in the National Cyber Security Alliance Phishing Blog. You must avoid email address and perform URL spot-checks as sender verification methods.

Phishing

Phishing Security Awareness Software Media

Why BYOD Is the Favored Ransomware Backdoor

eSecurity Planet

JANUARY 11, 2024

Ransomware remains just one of many different threats and as security teams eliminate key vectors of attack, adversaries will shift tactics. Unmanaged devices consist of any device that connects to the network, cloud resources, or other assets without corporate-controlled security. How Does Remote Encryption Work?

Ransomware

Ransomware Encryption IoT VPN

Announcing Identity Intelligence With Duo

Duo's Security Blog

FEBRUARY 6, 2024

It has been a foundational component in many approaches to zero trust. Traditionally, credentials (such as usernames, passwords or security tokens) have been the gatekeepers of access. Today, we are announcing a private preview of Duo’s identity security capabilities powered by Cisco Identity Intelligence.

Accountability

Accountability Authentication Risk Marketing

Critical Windows Vulnerability Discovered by NSA

Schneier on Security

JANUARY 15, 2020

An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider.

Media

Media Government Software Risk

RSA 2023: Not Under the GenAI Influence Yet!

Anton on Security

MAY 5, 2023

Security business is booming! Not quite, but if you recall, my previous RSA blog , the skeletal grin of XDR stared at you from nearly every booth in 2022. AI, Obviously Before the RSA conference, many people predicted that artificial intelligence (AI) for security will be a big presence. Is XDR finally over?

Artificial Intelligence

Artificial Intelligence Threat Detection Marketing Cybersecurity

RSA 2022 Musings: The Past and The Future of Security

Anton on Security

JUNE 10, 2022

As I was looking at the security vendors and their technologies, I realized that security vendors that apparently peaked in relevance, say, in the mid-2000s had huge booths and did brisk business, selling whatever they sold before. Serving the past is good business in security! Cloud security is very visible!

VPN

VPN Marketing Firewall Passwords

20 Years of SIEM Webinar Q&A

Anton on Security

APRIL 28, 2022

You can review my ideas on the topic in this blog series “Anton and The Great XDR Debate, Part 1” “Anton and The Great XDR Debate, Part 2” “Anton and The Great XDR Debate, Part 3.” Q: What role do you see SIEM playing in Zero Trust? Would I say that you absolutely have to deploy an SIEM to have a robust zero trust deployment?

Threat Detection

Threat Detection Technology VPN Architecture

Modernizing Secure Remote Access for a Hybrid Workforce

Duo's Security Blog

MARCH 25, 2022

While organizations could benefit from giving employees this added flexibility, IT and security teams have had their hands full. The massive influx of remote work has complicated this, as security vulnerabilities could be exposed through a traditional VPN.

VPN

VPN Architecture Authentication Software

Duo Makes Verifying Device Trust as Easy as 1-2-3

Duo's Security Blog

AUGUST 16, 2021

—Alex Stamos, Former Chief Security Officer, Facebook, in WIRED magazine Adopt a Defense-in-Depth Strategy With Device Trust Identifying what devices are accessing corporate applications is critical to understanding the overall security posture of an organization and reducing the risk of unauthorized access.

Authentication

Authentication Data breaches Encryption Retail

It’s Called BadUSB for a Reason

Security Affairs

APRIL 28, 2022

The criminal group had been mailing malware-ridden USBs to various entities in the transport, insurance, and defense industries under the guise that they originated from a trusted source, such as Amazon and the US Department of Health and Human Services. Let’s explore them below: Friend or foe. What you see is not what you get.

Social Engineering

Social Engineering Engineering Insurance DDOS

Zero Trust Meets OS Patch Management

Duo's Security Blog

FEBRUARY 17, 2021

Apple issued a security update release for iOS 14.4 recently, as a patch for three actively exploited Zero Days in iOS 14.2, Remembering back to WannaCry days there was a crying need to patch all endpoints. “A Isn’t confirmation of identity sufficient to establish a level of trust? likely being used as an exploit chain.

CISO

CISO Risk Backups Security Awareness

How MSPs Help Small Businesses with Essential Cyber Insurance Cover

Duo's Security Blog

OCTOBER 7, 2022

Cyber security is a concern for companies of all sizes, but can be particularly significant for smaller businesses who are less likely to have the dedicated technical staff in place to ensure the right controls are in place to protect them. We have been witnessing an avalanche of interest in cyber liability insurance over the last few years.

Small Business

Small Business Cyber Insurance Insurance Cyber Risk

A Defense-in-Depth Approach Could Stop the Next Big Hack in its Tracks

Webroot

MARCH 29, 2021

We learned, for instance, that even IT pros could use a refresher on basic password hygiene through security awareness training. A more substantive lesson is the importance of defense in depth, an approach that prioritizes mutually reinforcing layers of security. Take a hypothetical scenario in which the opposite happens, for example.

Hacking

Hacking DNS Firewall Malware

How Cisco Duo Helps Mitigate Common MITRE ATT&CK® Techniques

Duo's Security Blog

JULY 27, 2023

In our never-ending quest to help customers safeguard their environments and streamline security operations, Cisco Duo maintains constant lookout for rich vulnerability and threat intelligence so that we can provide the strongest protection. That’s where MITRE ATT&CK® comes into play. What else can Cisco Duo do?

Authentication

Authentication Passwords Accountability Firewall

Why Public Agencies Are Struggling to Implement Zero Trust

Thales Cloud Protection & Licensing

MARCH 15, 2022

Why Public Agencies Are Struggling to Implement Zero Trust. The directive’s third section, entitled “Modernizing Federal Government Cybersecurity,” requires Federal Civilian Executive Branch (FCEB) agencies to begin moving to a zero trust architecture (ZTA). Tue, 03/15/2022 - 10:01. on improving U.S. cybersecurity.

Architecture

Architecture Government CSO Technology

The 2024 Duo Trusted Access Report: Navigating Complexity

Duo's Security Blog

FEBRUARY 6, 2024

The 2024 Duo Trusted Access Report: Navigating Complexity , gives us a chance to use the topic of complexity as a backdrop to examine trends (existing and emerging) in both access management and identity. This presents a continuous security risk and operational challenge for many security and IT teams.

Authentication

Authentication Accountability Threat Detection Risk

The Implications of the Uber Breach

Security Boulevard

SEPTEMBER 17, 2022

In my experience, one of the most difficult aspects of protecting an organization is making sure all team members understand the importance of building security into their everyday roles. Employees need to adopt the mindset of "security first." Zero Trust Goes Beyond Products. Building strong policies and procedures.

Social Engineering

Social Engineering Education Technology Artificial Intelligence

The Executive Order – Improving the Nation’s Cyber Security

McAfee

JUNE 11, 2021

The EO also focuses on how federal agencies will govern resource access through Zero Trust and how to comprehensively define and protect hybrid service architectures. The goal of this executive order is not to add additional complexity to an already complex security organization. In reality, they should be viewed collectively.

Architecture

Architecture Government Cyber threats Cybersecurity

RSA 2022 Musings: The Past and The Future of Security

Security Boulevard

JUNE 10, 2022

As I was looking at the security vendors and their technologies, I realized that security vendors that apparently peaked in relevance, say, in the mid-2000s had huge booths and did brisk business, selling whatever they sold before. Serving the past is good business in security! Cloud security is very visible!

VPN

VPN Marketing Firewall Passwords

5 Things Retailers Should Know About Cybersecurity

Duo's Security Blog

FEBRUARY 16, 2022

With growing concerns around security, ransomware and retail breaches, there are a few key considerations that retailers should keep in mind when it comes to protecting their organizations. Dollars earmarked for innovating sales, like for online shopping, now had to compete with securing the remote workforce. million to $4.24

Retail

Retail Cybersecurity Data breaches Passwords

RSA 2023: Not Under the GenAI Influence Yet!

Security Boulevard

MAY 5, 2023

Security business is booming! Not quite, but if you recall, my previous RSA blog , the skeletal grin of XDR stared at you from nearly every booth in 2022. AI, Obviously Before the RSA conference, many people predicted that artificial intelligence (AI) for security will be a big presence. Is XDR finally over?

Artificial Intelligence

Artificial Intelligence Threat Detection Marketing Cybersecurity

Cloud API Services, Apps and Containers Will Be Targeted in 2022

McAfee

NOVEMBER 14, 2021

In this blog, we take a deeper dive into cloud security topics from these predictions focusing on the targeting of API services and apps exploitation of containers in 2022. In most cases, attacks targeting APIs go undetected as they are generally considered as trusted paths and lack the same level of governance and security controls.

IoT

IoT Risk Marketing Software

BloodHound Enterprise Learns Some New Tricks

Security Boulevard

AUGUST 3, 2023

Introduction Our previous blog discussed our strategy for a converged code base and the opportunities it would bring. We’ve also made it much easier to reverse your current path if you accidentally set your start and endpoints backward! Existing customers can reach out to their TAM with questions. Check out [link].

Data collection

Data collection Engineering Risk

Attackers create phishing lures with standard tools in Google Docs to steal credentials

SC Magazine

JUNE 17, 2021

In a blog post, Avanan said hackers are bypassing static link scanners by hosting their attacks on publicly-known services. According to Avanan blog, once the attacker publishes the lure, “Google provides a link with embed tags that are meant to be used on forums to render custom content.

Phishing

Phishing Social Engineering Engineering CISO

It was a LONG weekend — Here’s the vital info on REvil and Kaseya VSA

Cisco Security

JULY 8, 2021

The past few days have been a lot for people in the security industry. The first part involved a zero-day vulnerability in the Kaseya VSA software. VSA is an MSP software management platform, and is used primarily for monitoring, and the management of endpoints. The adversaries compromised these servers with a zero-day exploit.

Ransomware

Ransomware Software Social Engineering Cyber Attacks

(VIDEO) Getting Started With Duo - Step 2: Enrollment & Self-Remediation

Duo's Security Blog

MARCH 5, 2021

Our founders Dug Song and Jon Oberheide believe that security should be elegant, seamless and easy for anyone to use which is why the Duo solution is powerful and simple at the same time. Next we will discuss Step 2: Enrollment and Self-Remediation Step 2: Enrollment and Self-Remediation See the video at the blog post.

CISO

CISO Authentication Software Data breaches

(VIDEO) Getting Started With Duo - Step 3: Admin Dashboard & Device Insight

Duo's Security Blog

MARCH 12, 2021

Next we will discuss Step 3: Admin Dashboard & Device Insight Step 3: Admin Dashboard & Device Insight See the video at the blog post. Try Duo For Free See how easy it is to get started with Duo and secure your workforce, from anywhere and on any device with our free 30-day trial.

Mobile

Mobile Authentication CISO Cybersecurity

Black Hat 2021: Better Than Ever (As Always)

Duo's Security Blog

JULY 13, 2021

PT to learn what’s what when it comes to passwordless, and come prepared to think about the implications of quick response logins (QRLs) and the type of binding necessary for secure passwordless solutions. Organizations have invested in security tools such as MFA, EDRs, MDMs, VPNs and more to mitigate these attacks. PT to learn more.

CISO

CISO CSO Authentication Passwords

Containers Raise the Bar for Zero Trust Security

McAfee

OCTOBER 17, 2019

Containers Raise the Bar for Zero Trust Security. The Zero Trust model first introduced by Forrester Research, works on an assumption that any component irrespective of where it resides with respect to the perimeter can be malicious. It works on a model of “never trust, always verify”.

Software

Passkeys vs. Passwords: The State of Passkeys on Cloud Sites

Duo's Security Blog

SEPTEMBER 1, 2023

After all, passkeys promise both simplicity and security – a tantalizing combination for security teams that are already spread thin. And is it realistic to consider passkeys – and the passwordless solutions they support – as a valid alternative for traditional password security? But how effective are passkeys really?

Passwords

Passwords Authentication Phishing Technology

Ensuring Security in M&A: An Evolution, Not Revolution

Cisco Security

OCTOBER 24, 2022

Scott Heider is a manager within the Cisco Security Visibility and Incident Command team that reports to the company’s Security & Trust Organization. This blog is the final in a series focused on M&A cybersecurity, following Dan Burke’s post on Making Merger and Acquisition Cybersecurity More Manageable.

Education

Education Risk Cybersecurity Technology

The three C’s approach to SASE

Cisco Security

MARCH 17, 2021

The provisioning of remote workforce and branch connectivity at scale creates significant complexity across IT, security, and networking teams. This expanded access requirement also magnifies security threat vectors. The fact that employees now require secure access everywhere compel security services to be everywhere too.

Architecture

Architecture DNS Firewall Accountability

HTML Smuggling Techniques on the Rise: Microsoft

eSecurity Planet

NOVEMBER 16, 2021

HTML smuggling is an evasive technique that uses legitimate HTML5 or JavaScript features to make its way past firewalls and other security technologies. Also see: Top Endpoint Detection & Response (EDR) Solutions. This is a major headache for security product vendors. See also: How to Prevent Ransomware Attacks.

Firewall

Firewall Ransomware Banking Malware

My 2020 Predictions Revisited: What Worked, What Didn't

Duo's Security Blog

JANUARY 8, 2021

Defenses in 2020 The rapid shift to remote work this year propelled digital transformation, cloud adoption, and securing it all with zero trust principles. I’m tempted to say 2020 was the year of zero trust. The other prediction I made was passwordless authentication being on the security roadmap in 2020.

Digital transformation

Digital transformation Phishing Authentication DDOS

Extending Endpoint Security with Zero Trust

How the Federal Government is Revolutionizing Endpoint Security in a Zero Trust Environment

Webinars

Trending Sources

GUEST ESSAY: The case for an identity-first approach ‘Zero Trust’ privileged access management

Webinars

McAfee Enterprise Defender Blog | MSHTML CVE-2021-40444

Zero Trust Application Access: Protecting Against Compromised Endpoints

Duo vs. Fraudulent Device Registration

Clarity and Transparency: How to Build Trust for Zero Trust

GUEST ESSAY: Leveraging ‘zero trust’ and ‘remote access’ strategies to mitigate ransomware risks

GUEST ESSAY: Securely managing access controls is vital to preserving the privacy of healthcare data

Heimdal™ Releases New Zero-Trust Feature for Application Control, Privileged Access Management, and Next-Gen Endpoint Antivirus

Recognizing and Reporting Phishing

Why BYOD Is the Favored Ransomware Backdoor

Announcing Identity Intelligence With Duo

Critical Windows Vulnerability Discovered by NSA

RSA 2023: Not Under the GenAI Influence Yet!

RSA 2022 Musings: The Past and The Future of Security

20 Years of SIEM Webinar Q&A

Modernizing Secure Remote Access for a Hybrid Workforce

Duo Makes Verifying Device Trust as Easy as 1-2-3

It’s Called BadUSB for a Reason

Zero Trust Meets OS Patch Management

How MSPs Help Small Businesses with Essential Cyber Insurance Cover

A Defense-in-Depth Approach Could Stop the Next Big Hack in its Tracks

How Cisco Duo Helps Mitigate Common MITRE ATT&CK® Techniques

Why Public Agencies Are Struggling to Implement Zero Trust

The 2024 Duo Trusted Access Report: Navigating Complexity

The Implications of the Uber Breach

The Executive Order – Improving the Nation’s Cyber Security

RSA 2022 Musings: The Past and The Future of Security

5 Things Retailers Should Know About Cybersecurity

RSA 2023: Not Under the GenAI Influence Yet!

Cloud API Services, Apps and Containers Will Be Targeted in 2022

BloodHound Enterprise Learns Some New Tricks

Attackers create phishing lures with standard tools in Google Docs to steal credentials

It was a LONG weekend — Here’s the vital info on REvil and Kaseya VSA

(VIDEO) Getting Started With Duo - Step 2: Enrollment & Self-Remediation

(VIDEO) Getting Started With Duo - Step 3: Admin Dashboard & Device Insight

Black Hat 2021: Better Than Ever (As Always)

Containers Raise the Bar for Zero Trust Security

Passkeys vs. Passwords: The State of Passkeys on Cloud Sites

Ensuring Security in M&A: An Evolution, Not Revolution

The three C’s approach to SASE

HTML Smuggling Techniques on the Rise: Microsoft

My 2020 Predictions Revisited: What Worked, What Didn't

Stay Connected