Digital risk protection is the strategy and implementation of protecting an organization’s data, reputation, and digital assets from online threats. DRP extends across visible, deep, and dark web environments to identify and mitigate risks that could compromise an organization’s security posture or damage its public image. The process involves continuous monitoring, threat intelligence, and the…
Read More
An advanced thingbot, nicknamed Reaper (or IoTroop), was recently discovered infecting hordes of IoT devices. Reaper ups the ante for IoT security. It has a sophisticated C2 channel system and a Lua code execution environment (to deliver much more complicated attacks), and it comes prepackaged with 100 DNS open resolvers. Researchers are tracking Reaper, even…
Read More
Microsoft has released hotfix updates to address multiple known issues impacting Exchange servers after installing the March 2024 security updates. Although the April 2024 HU is optional, it also adds support for ECC certificates and Hybrid Modern Authentication (HMA) for OWA/ECP. If you have installed the March 2024 SU and have not experienced any known…
Read MorePreviously, I talked about the elegant beauty in offloading parts of your risk portfolio in four distinct ways. The logic is to streamline the company’s mitigation efforts and allow you to focus more time and investment where it matters most—on the unique risks inherent to the business. But there is a fifth element, and it is…
Read MoreWe have already witnessed attackers evolving their methods and markets for making money with compromised IoT devices, just like legitimate businesses and financial markets do, and IoT is a rich, trillion-dollar market based on IDC’s estimations for 2020,* ripe with vulnerable devices waiting to be exploited. Every expectation should be set that attackers will continue…
Read MoreYou’re a chief information security officer (CISO) who’s managing the security requirements for your organization’s value chain. As a former CISO (and current virtual CISO to several companies), I know that’s one of the core functions of our role. How do you know you’re doing a good job? How would you evaluate your performance? The…
Read More
Public sector customers include those in education, nonprofit and on Microsoft’s Government Community Cloud. Microsoft has delayed three deadlines related to Cloud Solution Provider partners selling subscriptions through the vendor’s New Commerce Experience to public sector customers and migrating existing subscriptions on to NCE. The first revised deadline CSP partners need to keep in mind…
Read MoreThankfully, this alert was a mistake and there was no real danger, but the incident raises a far broader question: how many of our critical systems are this vulnerable to human error, poor software design, and insufficient security controls, all of which were factors in the HIEMA incident? Many of the real-world systems we depend…
Read MoreIt’s important for the fashion-conscious hacker to know what’s on trend! Here’s a preview of APT Group Purple Aardvark’s summer line—a few hits, some misses. Source link lol
Read More
Open Extended Detection and Response (XDR) marks a paradigm shift in enterprise security, focusing on using comprehensive data insights to enhance threat detection and response across diverse systems and environments. This approach champions flexibility and interoperability over traditional vendor lock-in, allowing for a tailored security posture that keeps pace with the evolving threat landscape. The…
Read More