4 best practices for cyber intelligence in business

Researchers at Carnegie Mellon’s Software Engineering Institute (SEI) have released a study identifying the best practices and major challenges organizations face concerning cybersecurity. With funding from the US Office of the Director of National Intelligence, the report highlights what the best organizations are doing to protect themselves digitally. Digital security is more important than ever as hackers […]

New Spectre variant 4: Our patches cause up to 8% performance hit, warns Intel

Intel’s upcoming microcode updates to address the just-revealed Spectre variant 4 attack are likely to put a significant drain on CPU performance. Intel has anticipated questions about performance this time around by confirming upfront that its combined software and firmware microcode updates to mitigate Spectre variant 4 will cause a performance impact of up to eight percent. […]

I Still WannaCry One Year Later

In May 2017 the biggest ransomware attack in history broke out. Known as “WannaCry,” the now infamous ransomware spread like wildfire, affecting PCs around the world. One year on, the same malware – which exploits the EternalBlue vulnerability – is still prevalent. Avast has detected and blocked more than 176 million WannaCry attacks in 217 […]

Fighting ransomware with network segmentation as a path to resiliency

Recent cybersecurity events involving the use of ransomware (WannaCry and similar variants) represent the latest examples highlighting the need for organizations to not only take an initial hit, but survive, adapt, and endure. In other words, be resilient. All too often, our community is a witness to any number of similar events where an initial breach […]

PCI Security Standards Council publishes PCI DSS 3.2.1

PCI DSS version 3.2.1 replaces version 3.2 to account for effective dates and SSL/early TLS migration deadlines that have passed. No new requirements are added in PCI DSS 3.2.1. PCI DSS 3.2 remains valid through 31 December 2018 and will be retired as of 1 January 2019. “This update is designed to eliminate any confusion around effective […]

Don’t let attackers worm their way in: Increase password security

Passwords are inherently the weakest form of authentication, yet they remain the most prevalent. Many organizations realize that moving beyond this single point of vulnerability is required but replacing passwords or adding multi-factor authentication (MFA) to all use cases can be daunting if not impossible. As such, it is undoubtedly important to enforce strong password […]

One in four APAC firms not sure if they suffered security breach

One in four organisations in Asia-Pacific have experienced a cybersecurity incident, while 27 percent cannot ascertain if they have because they do not conduct any data breach assessment. And when businesses in the region fell prey to cyberattacks, a large enterprise–with more than 500 employees–could potentially suffer an estimated economic loss of US$30 million, revealed […]

Hardcoded admin passwords in Cisco DNA Center could put your enterprise network at risk

Cisco released a list of 16 security advisories on May 16, including three critical flaws in the Cisco Digital Network Architecture (DNA) Center that rated a 10/10 on the CVSS (Common Vulnerability Scoring System) scale. The three critical flaws all give attackers elevated privileges that can compromise the entirety of the DNA Center but go about it in very different ways. […]

Sometimes employees follow cybersecurity best practices beyond company policies

Nearly two-thirds (64%) of employees use a company-approved device for work. However, less than half (40%) of those who use a personal device are regulated when using that personal device, according to a new survey of 1,000 full-time employees published by Clutch. Employees use personal devices for routine, daily work activities. Among those surveyed who […]

Rising concerns about managing risk and proving compliance in the medical device industry

Perforce Software released the results of a global survey of medical device professionals. Key findings show increased concerns for mitigating risk and proving compliance during the development process. “Balancing compliance and risk management with fast-paced innovation is a tough challenge for medical device developers,” said Tim Russell, Chief Product Officer, Perforce. “This year’s survey results illustrate how well respondents […]