Security News

Ransomware Prevention – Are Meeting Password Security Requirements Enough
2023-05-16 14:04

Although CISA doesn't provide specific password recommendations in the ransomware guidance, it recommends following the NIST password security guidelines. In one analysis it was discovered 83% of compromised passwords satisfy the password length and complexity requirements of regulatory password standards.

Protect Your Company: Ransomware Prevention Made Easy
2023-04-05 11:49

Every year hundreds of millions of malware attacks occur worldwide, and every year businesses deal with the impact of viruses, worms, keyloggers, and ransomware. Businesses need to defend against malware entering the network, and then on top of that have systems and processes in place to restrict the damage that malware can do if it infects a user device.

Data loss prevention company hacked by Tick cyberespionage group
2023-03-15 11:10

ESET researchers have uncovered a compromise of an East Asian data loss prevention company. The attackers utilized at least three malware families during the intrusion, compromising both the internal update servers and third-party tools utilized by the company.

Tick APT Targeted High-Value Customers of East Asian Data-Loss Prevention Company
2023-03-15 09:23

A cyberespionage actor known as Tick has been attributed with high confidence to a compromise of an East Asian data-loss prevention company that caters to government and military entities. "The attackers compromised the DLP company's internal update servers to deliver malware inside the software developer's network, and trojanized installers of legitimate tools used by the company, which eventually resulted in the execution of malware on the computers of the company's customers," ESET researcher Facundo Muñoz said.

Lessons Learned on Ransomware Prevention from the Rackspace Attack
2023-02-08 15:04

The ransomware attack on Rackspace has taught us the importance of good cybersecurity habits. Rackspace took to social media on December 6, 2022, posting on Twitter that the outage resulted from a ransomware attack.

Getting data loss prevention right
2023-01-02 05:00

Before digging into DLP specifics, consider the deceptive marketing behind data loss prevention "As a service." The name implies that DLP is just one aspect of maintaining a security posture, when in fact, preventing data loss encompasses almost all of cybersecurity. An organization must ensure they have the right people, with the right experience, and enough of them to implement DLP properly.

Advanced Threat Prevention with VMware NSX Distributed Firewall
2022-12-19 11:00

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.

How an effective fraud prevention strategy can force fraudsters to invest more in their attacks
2022-11-29 04:30

Since the early stages of the pandemic, account takeover fraud has significantly transformed, quickly becoming one of the fastest-growing cybersecurity threats with 22% of adults in the US falling victim to this attack. With new user fraud, synthetic ID, IRSF and promo abuse increasing rapidly, the new avenues for account takeover have turned this scheme into a beast that feels unstoppable.

Your Account Takeover Prevention Checklist: 5 Steps to Minimise the Risk
2022-09-14 00:00

Many cyberattacks begin with the same weakness: user accounts. More specifically, they exploit user credentials, with 89% of web application attacks in 2021 involving stolen or misused usernames and passwords.

What Is Your Security Team Profile? Prevention, Detection, or Risk Management
2022-09-05 14:29

As attackers rely on a range of automated offensive testing tools to scan their targets' attack surfaces and propagate inside their network, a purely reactive defensive stance based on detection and response is increasingly likely to be overwhelmed by an attack. The logical tactical move is to emulate attackers' TTPs and behaviors beforehand by integrating attack simulation tools to continuously validate the impermeability of the attack surface as a whole, the efficacy of security controls, as well as access management and segmentation policies, etc.