Tag: Threat Modeling
With the explosive growth of the Internet of Things, and the increasing threat posed by botnets that leverage IoT, more must be done to ensure IoT devices include security by design, says David Holmes, principal threat researcher at F5 Networks. The Named Data Networking project can play a critical role, Holmes says in an interview with…
Read MoreIt’s inevitable. Every organization needs externally-developed applications to some degree or another. Increasingly, these apps are web-based and accessed over the Internet. As part of a forthcoming report on protecting applications, F5 commissioned a survey with Ponemon. In it, we asked security professionals what percentage of their applications (by category) were outsourced. The top answers…
Read MoreTeam leader, network administrator, data miner, money specialist. These are just some of the roles making a difference at today’s enterprises. The same is also true for sophisticated cyber-gangs. Many still wrongly believe that the dark web is exclusively inhabited by hoodie-clad teenagers and legions of disaffected disruptors. The truth is, the average hacker is…
Read MoreThen there are the technical questions that need to be answered. What data will be captured, shared, and processed? What mobile platforms will the app run on? What server-side platforms will it need to talk to? Internal platforms? Third-party services? You also need to dig into the questions of expectations and dependencies. How important will…
Read MoreIn part one, we laid out how we should react when our organization tells us they want to roll out a mobile app. Short answer: don’t say no, but instead ask lots of questions. After that, we built a threat model that includes the mobile-specific twists on traditional IT security problems. Using this model, we…
Read MoreWhat Is MITRE ATT&CK®? MITRE ATT&CK is a documented collection of information about the malicious behaviors advanced persistent threat (APT) groups have used at various stages in real-world cyberattacks. ATT&CK, which stands for Adversarial Tactics, Techniques, and Common Knowledge, includes detailed descriptions of these groups’ observed tactics (the technical objectives they’re trying to achieve), techniques…
Read MoreRecent Posts
- Leveraging Wazuh for Zero Trust security
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices
- Hackers Strike at Heart of Italian Government
- The Rise of Ransomware-as-a-Service and Decline of Custom Tool Development | BlackFog
- Canadian Suspect Arrested Over Snowflake Data Breach and Extortion Attacks