Here’s an overview of some of last week’s most interesting news: How to allocate budget for a well-rounded cybersecurity portfolio What should a well-rounded cybersecurity portfolio look like? Android devices with pre-installed malware sold in developing markets New low-end Android smartphone devices being sold to consumers in developing markets, many of whom are coming online for the first time, contain pre-installed malware, according to Upstream. An overview of the OT/ICS landscape for cyber professionals Most … More
The post Week in review: The OT/ICS landscape for cyber professionals, putting the Sec into DevSecOps appeared first on Help Net Security.
Site Isolation, the optional security feature added to Chrome 63 late last year to serve as protection against Spectre information disclosure attacks, has been enabled by default for all desktop Chrome users who upgraded to Chrome 67. How Site Isolation mitigates risk of Spectre attacks “In January, Google Project Zero disclosed a set of speculative execution side-channel attacks that became publicly known as Spectre and Meltdown. An additional variant of Spectre was disclosed in May. … More
The post Chrome users get Site Isolation by default to ward off Spectre attacks appeared first on Help Net Security.
A group of researchers from UNSW Sydney, Macquarie University, and Purdue University has released a paper on a new and very promising network-based solution for preventing insider attacks. Dubbed Gargoyle, the solution: Evaluates the trustworthiness of an access request context through a set of Network Context Attributes (NCAs) that are extracted from the network traffic Leverages the capabilities of Software-Defined Network (SDN) for both policy enforcement and implementation Takes advantage of the network controller for … More
The post Gargoyle: Innovative solution for preventing insider attacks appeared first on Help Net Security.
Gartner said many organizations are still not compliant with GDPR legislation even though it has been in force since May 2018. This is because they have not properly audited data handling within their supplier relationships. Sourcing and vendor management (SVM) leaders should, therefore, review all IT contracts to minimise potential financial and reputation risks. “SVM leaders are the first line of defense for organizations whose partners and suppliers process the data of EU residents on … More
The post Want to avoid GDPR fines? Adjust your IT procurement methods appeared first on Help Net Security.
A new study from Juniper Research found that spending on IoT cybersecurity solutions is set to reach over $6 billion globally by 2023. It highlighted rapid growth, with spending by product and service providers (in consumer markets) and end-customers (in industrial and public services markets) to rise nearly 300% over the forecast period. Marked differences across markets Juniper claimed that there are major differences in the way in which IoT business risk is perceived and … More
Cybercriminals are aggressively targeting organizations using cryptomining malware to develop illegal revenue streams, according to Check Point. Meanwhile, cloud infrastructures appear to be the growing target among threat actors. Most prevalent malware globally Between January and June 2018, the number of organizations impacted by cryptomining malware doubled to 42%, compared to 20.5% in the second half of 2017. Cryptomining malware enables cybercriminals to hijack the victim’s CPU or GPU power and existing resources to mine … More
The post 42% of organizations globally hit by cryptomining attacks appeared first on Help Net Security.