Digital transformation, IoT, Network Security and Risk

MY TAKE: Why new tools, tactics are needed to mitigate risks introduced by widespread encryption

The Last Watchdog

FEBRUARY 18, 2020

TLS is the glue that holds together not just routine website data exchanges, but also each of the billions of machine-to-machine handshakes occurring daily to enable DevOps, cloud computing and IoT systems. Without TLS, digital transformation would come apart at the seams.

Encryption

Encryption Firewall Risk IoT

MY TAKE: Log4j’s big lesson – legacy tools, new tech are both needed to secure modern networks

The Last Watchdog

MARCH 29, 2022

By no means has the cybersecurity community been blind to the complex security challenges spinning out of digital transformation. A methodical drive has been underway for at least the past decade to affect a transition to a new network security paradigm – one less rooted in the past and better suited for what’s coming next.

Firewall

Firewall Digital transformation Internet Internet

How the CISO has adapted to protect the hybrid workforce

IT Security Guru

FEBRUARY 28, 2022

Given the connectivity needs of a remote workforce – and knowing a hybrid workforce is here to stay – many IT teams have had to make sudden changes in the way workers connect to corporate systems that could introduce new cyber risks and vulnerabilities. . This means staying one step ahead of the next potential threat.

CISO

CISO Digital transformation Artificial Intelligence Risk

Gartner Security & Risk Management Summit 2018 Trip Report

Thales Cloud Protection & Licensing

JUNE 19, 2018

Every June, Gartner hosts a terrific security conference near Washington, D.C. called Gartner Security & Risk Management Summit. This event is focused on the needs of senior IT and security professionals, such as CISOs, chief risk officers, architects, IAM and network security leaders.

Risk

Risk Digital transformation IoT Firewall

Healthcare – Patient or Perpetrator? – The Cybercriminals Within

Security Affairs

NOVEMBER 8, 2021

Traditional security software, such as NAC, EPS, IDS, or IoT Network Security, fails to provide the Layer 1 visibility required to detect and accurately identify all hardware assets. Cyberattacks on healthcare providers are a very serious matter as patients’ lives are at risk, as is the country’s national security.

Healthcare

Healthcare Identity Theft Digital transformation Data collection

Are Data Breaches the New Reality for Retail?

Thales Cloud Protection & Licensing

OCTOBER 18, 2018

As digital transformation takes hold, the retail industry is under siege from cyber criminals and nation states attempting to steal consumers’ personal information, credit card data and banking information. Lines are now blurred between physical and digital experiences. And criminals are moving online. Nearly 95 percent of U.S.

Retail

Retail Data breaches Digital transformation Big data

SHARED INTEL: Report details how cyber criminals leverage HTTPS TLS to hide malware

The Last Watchdog

APRIL 21, 2021

This surge in TLS abuse has shifted the security community’s focus back to a venerable network security tool, the firewall. These are the data packets arriving at a trusted destination, i.e. the firewall’s home network, from an untrusted source, i.e. the public Internet.

Malware

Malware Firewall Encryption Digital transformation

SHARED INTEL: FireMon survey shows security lags behind fast pace of hybrid cloud deployments

The Last Watchdog

MARCH 18, 2020

Yet ignorance persists when it comes to a momentous challenge at hand: how to go about tapping the benefits of digital transformation while also keeping cyber exposures to a minimum level. One big muddle revolves around the so-called “ shared responsibility ” security model, espoused by Amazon, Microsoft and Google.

Digital transformation

Digital transformation Software Technology Network Security

7 Types of Penetration Testing: Guide to Pentest Methods & Types

eSecurity Planet

JUNE 28, 2023

As enterprise IT environments have expanded to include mobile and IoT devices and cloud and edge technology, new types of tests have emerged to address new risks, but the same general principles and techniques apply. This ensures the entirety of the network and its endpoints are marked for testing and evaluation.

Penetration Testing

Penetration Testing Social Engineering Wireless Engineering

Where Exactly Are Code Signing Machine Identities Used?

Security Boulevard

APRIL 13, 2022

In addition, IT teams and other groups may rely on shell scripts to automate critical business functions such as onboarding new employees, backing up critical databases, or performing network security functions. If your software teams haven’t started securing their software build environments with code signing, act now.

Software

Software Firmware IoT Internet

FCC: Phone Network Bugs Must Be Fixed — But are SS7/Diameter Beyond Repair?

Security Boulevard

APRIL 5, 2024

The post FCC: Phone Network Bugs Must Be Fixed — But are SS7/Diameter Beyond Repair? appeared first on Security Boulevard. Fast enough for government work: The Federal Communications Commission is finally minded to do something about decades-old vulnerabilities.

Government

Government Digital transformation Social Engineering Telecommunications

PRC State Hacking: ‘Chinese Edward Snowden’ Spills I?Soon Secrets in Huge Dump of TTPs

Security Boulevard

FEBRUARY 22, 2024

The post PRC State Hacking: ‘Chinese Edward Snowden’ Spills I‑Soon Secrets in Huge Dump of TTPs appeared first on Security Boulevard. Underpaid, overworked and angry: Whistleblower in hacker contractor firm for Chinese government blows lid off tactics, techniques and procedures.

Hacking

Hacking Government Digital transformation Social Engineering

NSA iPhone Backdoor? Apple Avoids Russian Blame Game

Security Boulevard

DECEMBER 28, 2023

Apple Avoids Russian Blame Game appeared first on Security Boulevard. “No Ordinary Vulnerability” — Operation Triangulation research uncovers new details of fantastic attack chain. The post NSA iPhone Backdoor?

Digital transformation

Digital transformation Social Engineering Spyware Data privacy

SSH FAIL: Terrapin Attack Smashes ‘Secure’ Shell Spec

Security Boulevard

DECEMBER 20, 2023

The post SSH FAIL: Terrapin Attack Smashes ‘Secure’ Shell Spec appeared first on Security Boulevard. Testy Testudine: Lurking vuln in SSH spec means EVERY implementation must build patches.

Digital transformation

Digital transformation Social Engineering Data privacy Authentication

U.S. and UK Ban More Chinese Kit as Xi’s Grip Weakens

Security Boulevard

NOVEMBER 28, 2022

and UK Ban More Chinese Kit as Xi’s Grip Weakens appeared first on Security Boulevard. Two key members of the Five Eyes intelligence alliance have made further moves to stop Chinese equipment imports. The post U.S.

Digital transformation

Digital transformation CISO Security Awareness IoT

Federal Agency Data is Under Siege

Thales Cloud Protection & Licensing

JULY 24, 2018

Additionally, initiatives pushing for IT modernization within the federal government mean more data is being stored in the cloud; in big data repositories; being used for IoT purposes; and being stored in containers. What are the risks associated with cloud-based services, and how can a data-centric security approach help?

Encryption

Encryption Data breaches Government Threat Reports

GUEST ESSAY: Lessons learned in 2021 as cloud services, mobility and cybersecurity collided

The Last Watchdog

DECEMBER 9, 2021

Cybercriminals have taken advantage of security challenges that arise from the new model of remote work and collaboration. Last year, we predicted that SASE would be an essential strategic initiative, design approach, and implementation standard for enterprise network and network security deployments around the globe.

Mobile

Mobile IoT Cybersecurity Digital transformation

What is Vulnerability Scanning & How Does It Work?

eSecurity Planet

FEBRUARY 8, 2023

Vulnerability scanning is the process of scanning IT networks and systems to identify security vulnerabilities in hardware and software. The edge, cloud computing, Internet of Things (IoT) devices, and more have led to a much bigger attack surface and have required new vulnerability scanning approaches and tools.

Penetration Testing

Penetration Testing Software IoT Policy Compliance

Hyperautomation and the Future of Cybersecurity

eSecurity Planet

JUNE 22, 2022

Read also: Automating Security Risk Assessments for Better Protection. Examples of Hyperautomated Security Systems. Some possible uses of hyperautomation in security include: An artificial intelligence system reviews emails with Natural Language Processing to identify phishing attempts.

Cybersecurity

Cybersecurity Artificial Intelligence Architecture Technology

Key Cybersecurity Trends for 2024: My Predictions

Jane Frankland

DECEMBER 7, 2023

Digital Transformation In 2024, several trends are expected to shape the landscape of digital transformation. Cloud-native technologies like containerisation and serverless computing will continue to gain traction, enabling scalability and cost-effectiveness in managing digital infrastructure.

Cybersecurity

Cybersecurity Cyber threats Insurance Artificial Intelligence

Best Zero Trust Security Solutions for 2021

eSecurity Planet

JULY 5, 2021

Gartner calls it zero trust network access (ZTNA) and sees ZTNA as something of a fine-grained approach to network access control (NAC) , identity access management (IAM) and privilege access management (PAM) – and at least an adjunct to, if not a replacement for, VPNs and DMZ architectures. Palo Alto Networks.

Authentication

Authentication DDOS Marketing VPN

EPA and White House Raise Alarm on Water Cybersecurity

Security Boulevard

MARCH 20, 2024

The post EPA and White House Raise Alarm on Water Cybersecurity appeared first on Security Boulevard. Iran and China fingered: Biden admin. chides governors: Water infra. lacks “even basic cybersecurity precautions.”

Cybersecurity

Cybersecurity Digital transformation Social Engineering Engineering

Top Breach and Attack Simulation (BAS) Vendors

eSecurity Planet

MAY 5, 2021

Breach and attack simulation (BAS) is a relatively new IT security technology that can automatically spot vulnerabilities in an organization’s cyber defenses, akin to continuous, automated penetration testing. CyCognito is committed to exposing shadow risk and bringing advanced threats into view. 5 stars.

Penetration Testing

Penetration Testing Risk Technology Marketing

Cyber Security Informer

MY TAKE: Why new tools, tactics are needed to mitigate risks introduced by widespread encryption

MY TAKE: Log4j’s big lesson – legacy tools, new tech are both needed to secure modern networks

Trending Sources

How the CISO has adapted to protect the hybrid workforce

Gartner Security & Risk Management Summit 2018 Trip Report

Healthcare – Patient or Perpetrator? – The Cybercriminals Within

Are Data Breaches the New Reality for Retail?

SHARED INTEL: Report details how cyber criminals leverage HTTPS TLS to hide malware

SHARED INTEL: FireMon survey shows security lags behind fast pace of hybrid cloud deployments

7 Types of Penetration Testing: Guide to Pentest Methods & Types

Where Exactly Are Code Signing Machine Identities Used?

FCC: Phone Network Bugs Must Be Fixed — But are SS7/Diameter Beyond Repair?

PRC State Hacking: ‘Chinese Edward Snowden’ Spills I?Soon Secrets in Huge Dump of TTPs

NSA iPhone Backdoor? Apple Avoids Russian Blame Game

SSH FAIL: Terrapin Attack Smashes ‘Secure’ Shell Spec

U.S. and UK Ban More Chinese Kit as Xi’s Grip Weakens

Federal Agency Data is Under Siege

GUEST ESSAY: Lessons learned in 2021 as cloud services, mobility and cybersecurity collided

What is Vulnerability Scanning & How Does It Work?

Hyperautomation and the Future of Cybersecurity

Key Cybersecurity Trends for 2024: My Predictions

Best Zero Trust Security Solutions for 2021

EPA and White House Raise Alarm on Water Cybersecurity

Top Breach and Attack Simulation (BAS) Vendors

Stay Connected