Before getting more scanning tools, think about what’s needed to defend your organization’s environment and devise a plan to ensure all needed tools can work together productively. To effectively manage cyber-risk, organizations need to gain visibility into existing application and infrastructure vulnerabilities while also learning how to manage them proactively. This can feel like an
New advisory from the UK’s NCSC and the NSA throws fresh light on activity first revealed by Symantec in June. A new report from the United Kingdom’s National Cyber Security Center (NCSC) shows that the Russia-backed cyber espionage group Turla has carried out more attacks than previously thought using infrastructure and malware hijacked from Iranian
Researchers report Lyceum, otherwise known as Hexane, has targeted organizations in South Africa and the Middle East. Newly discovered threat group Lyceum has been spotted attacking critical infrastructure firms in the oil and gas, and possibly telecommunications, industries with the goal of gaining and expanding access inside target networks, Secureworks’ Counter Threat Unit researchers report.
The convergence of OT and IP-based IT networks makes society more vulnerable, requiring CISOs to rethink defense. Thanks to technology advances in operational technology (OT) and critical infrastructure, physical and cyber systems can now be combined and leveraged in new ways that were unimaginable just a decade ago. These new capabilities provide the ability to
Despite the declining values of cryptocurrencies, criminals continue to hammer away at container management platforms, cloud APIs, and control panels. The cloud-based infrastructures that enterprise organizations are increasingly using to run their business applications have become a major target for illicit cryptomining operations. According to new research from AT&T Cybersecurity, cryptomining has become the primary
Last November, the former, somewhat awkwardly named National Protection and Programs Directorate (NPPD) was elevated within the U.S. Department of Homeland Security (DHS) to become the Cybersecurity and Infrastructure Security Agency (CISA) following enactment of the Cybersecurity and Infrastructure Security Agency Act of 2018. CISA is responsible for protecting the country’s critical infrastructure from physical
In an era of tighter privacy laws, it’s important to create an online environment that uses threat intelligence productively to defeat disinformation campaigns and bolster democracy. When we think of critical infrastructure in the cyber context, we tend to think about industrial control systems for power plants and water treatment facilities, or the electronic ballet