Here’s an overview of some of last week’s most interesting news and articles: Why threat hunting is obsolete without context Threat hunting is one of the more recent methodologies implemented by IT professionals to find dormant or active threats on their network to better understand and harness network visibility and threat actor entry points. Yet this capability can only be effectively leveraged when practiced in a broader security context. 90% of security leaders view bot … More
The post Week in review: Top security threats for power plants, defending against Windows RDP attacks appeared first on Help Net Security.
Elevate Security unveils human attack surface management platform Pioneering a new category in cybersecurity, human attack surface management, the Elevate Security Platform ingests the entirety of an organization’s data to gain benchmarked visibility into human error, enabling CISOs to proactively tailor security controls and create ‘safety nets’ for the riskiest employees. LoginID WordPress plugin allows websites using WordPress to enable strong authentication in five clicks The LoginID WordPress plugin enables websites to install strong passwordless … More
The web application firewall (WAF) is dead, they say, and DevOps is the culprit, found over the body in the server room with a blade in its hand and splattered code on its shirt. But although some could argue that DevOps had the means, motive, and opportunity, the fact is that WAF isn’t dead at all, nor is it likely to be anytime soon. You can only get rid of WAF if you fully implement … More
The post DevOps didn’t kill WAF, because WAF will never truly die appeared first on Help Net Security.
As a multi-tenant cloud environment, the public cloud offers companies with vast amounts of data a highly affordable option. However, it also presents a number of limitations including reliability challenges, a lack of control and transparency, and information security issues. First, uptime reliability can be a major issue for public cloud architectures. Popular cloud platforms – including Google Cloud, Microsoft Azure, Amazon AWS, and IBM Cloud – typically offer a 99.99% uptime guarantee, but relying … More
The post Maximizing a hybrid cloud approach with colocation appeared first on Help Net Security.
As more private data is stored and shared digitally, researchers are exploring new ways to protect data against attacks from bad actors. Current silicon technology exploits microscopic differences between computing components to create secure keys, but AI techniques can be used to predict these keys and gain access to data. Now, Penn State researchers have designed a way to make the encrypted keys harder to crack. Led by Saptarshi Das, assistant professor of engineering science … More
The post Researchers design a way to make encrypted keys harder to crack appeared first on Help Net Security.
Cybersecurity researchers that publicize exploit code used in cyberattacks are giving a clear and unequivocal advantage to attackers, new research conducted by Kenna Security and Cyentia Institute has found. “This data-driven research, built over the course of several years, should remove any doubt,” said Ed Bellis, CTO of Kenna Security. “Practices that have long been central to the cybersecurity ecosystem, that many of us thought were beneficial, are in fact harmful to defenders.” Exploit code … More
The post When exploit code precedes a patch, attackers gain a massive head start appeared first on Help Net Security.