Threat Intelligence

Data Breaches Reported During 2016 Exposed Over 4.2 Billion Records

2016 broke the previous all-time high, set back in 2013, for the number of records exposed from reported data breaches. more

Characterizing the Friction and Incompatibility Between IoC and AI

Many organizations are struggling to overcome key conceptual differences between today's AI-powered threat detection systems and legacy signature detection systems. A key friction area -- in perception and delivery capability -- lies with the inertia of Indicator of Compromise (IoC) sharing; something that is increasingly incompatible with the machine learning approaches incorporated into the new breed of advanced detection products. more

Bug Bounty Programs: Are You Ready? (Part 2)

In Part 1 of "Bug Bounty Programs: Are You Ready?" we examined the growth of commercial bug bounty programs and what organizations need to do before investing in and launching their own bug bounty. In this part, we'll discuss why an organization needs to launch a bug bounty program, and what limits the value they will likely extract from such an investment. more

Dispersing a DDoS: Initial Thoughts on DDoS Protection

Distributed Denial of Service is a big deal -- huge pools of Internet of Things (IoT) devices, such as security cameras, are compromised by botnets and being used for large scale DDoS attacks. What are the tools in hand to fend these attacks off? The first misconception is that you can actually fend off a DDoS attack. There is no magical tool you can deploy that will allow you to go to sleep every night thinking, "tonight my network will not be impacted by a DDoS attack." more

Bug Bounty Programs: Are You Ready? (Part 1)

The premise of crowdsourcing the task of uncovering new bugs and vulnerabilities in an organization's web applications or consumer products sounds compelling to many. What's not to like with the prospect of "many eyes" poking and prodding away at a corporate system for a minimal reward -- and preemptively uncovering flaws that could have been exploited by hackers with nefarious intent? more

New Study Highlights Growing Risk, Lack of Urgency with Mobile and IoT Application Security

Despite widespread concern about the security of mobile and Internet of Things (IoT) applications, organizations are ill-prepared for the risks they pose, according to a research report issued today from Ponemon Institute, IBM Security, and Arxan Technologies. more

Canadian Energy Firms at Bigger Risk of Cyberattack

The Canadian Security Intelligence Service (CSIS) is reported to have warned companies about an increasing risk of cyber espionage and attacks on pipelines, oil storage and shipment facilities. more

Ukraine’s Power Outage Due to Cyberattack, Says Country’s National Power Company

A power blackout in Ukraine's capital Kiev last month was caused by a cyber attack, according to Ukraine's National power company, Ukrenergo which hired investigators to help it determining the cause. more

Former New York City Mayor Rudy Guliani Appointed to “Chair” Cyber Task Force

Transition spokesman Sean Spicer told reporters today that former New York City Mayo, Rudy Giuliani will "chair" the cyber task force that Trump announced last Friday. The task force is given three months from Trump's inauguration to deliver a cybersecurity plan. more

New Report on “State of DNSSEC Deployment 2016” Shows Continued Growth

Did you know that over 50% of .CZ domains are now signed with DNS Security Extensions (DNSSEC)? Or that over 2.5 million .NL domains and almost 1 million .BR domains are now DNSSEC-signed? Were you aware that around 80% of DNS clients are now requesting DNSSEC signatures in their DNS queries? And did you know that over 100,000 email domains are using DNSSEC and DANE to enable secure email between servers? more

Ransomware Crime Bill Goes into Effect in the State of California

As of January 1, the delivery of ransomware is illegal in California as per Senate Bill 1137 going into effect. more

FTC Announces Internet of Things Challenge, Offers $25,000 for Best Technical Solution

The Federal Trade Commission is challenging the public to create an innovative tool to help protect consumers from security vulnerabilities in the software of home devices connected to the Internet of Things. more

Trump Names Former Bush Aide Thomas Bossert Chief Adviser on Cybersecurity, Counterterrorism Role

President-elect Donald J. Trump has named Thomas P. Bossert, a top national security aide under President George W. Bush, to be his homeland security adviser, the Trump transition team announced Tuesday morning," Michael D. Shear reporting in the New York Times. more

Edge Computing, Fog Computing, IoT, and Securing Them All

The oft used term "the Internet of Things" (IoT) has expanded to encapsulate practically any device (or "thing") with some modicum of compute power that in turn can connect to another device that may or may not be connected to the Internet. ... The information security community -- in fact, the InfoSec industry at large -- has struggled and mostly failed to secure the "IoT". This does not bode well for the next evolutionary advancement of networked compute technology. more

China Says It Will Use All Means, Including Military, to Ensure Online Security

"Beijing vowed on Tuesday to use all necessary means, including military ones, to wipe out subversion and attempts to undermine its sovereignty in cyberspace," Zhuang Pinghui reporting in South China Morning Post. more