Security News

Many experts attempt to use traditional threat modeling as their first line of business to address security in the SDLC. But what if everyone is doing threat modeling wrong? The industry standard for how we conduct threat modeling today evolved from past meetings where security professionals piled into a conference room and brainstormed potential threats that might affect their software.

New solutions such as Extended Threat Intelligence are needed. There are some platforms that bring a new approach that integrates Cyber Threat Intelligence, Digital Risk Protection, and External Attack Surface Management capabilities to realign security thinking from that of a defender to that of an attacker.

The U.S. Federal Communications Commission on Friday moved to add Russian cybersecurity company Kaspersky Lab to the "Covered List" of companies that pose an "Unacceptable risk to the national security" of the country. Also added alongside Kaspersky were China Telecom Corp and China Mobile International USA. The block list includes information security products, solutions, and services supplied, directly or indirectly, by the company or any of its predecessors, successors, parents, subsidiaries, or affiliates.

The United Stations Federal Communications Commission has labelled Kaspersky, China Mobile, and China Telecom as threats to national security. Kaspersky is the first non-Chinese company to be added to the FCC's list, but the agency did not tie its decision to Russia's illegal invasion of Ukraine.

Ransomware was a top threat in 2021, and groups have adopted new techniques to evade detection and maximize earnings, a report from Red Canary reveals. The report explores the top 10 threats...

Ransomware dominated the threat landscape in 2021, with groups adopting new techniques such as double extortion and "As-a-service" models to evade detection and maximize their earnings, a Red Canary report reveals. The report describes the new tactics that ransomware groups used in 2021, such as double extortion, which applies pressure to victims in more than one way to coerce them to pay a ransom.

A Logicalis survey reveals that while 94% of CIOs acknowledge some form of serious threat over the next 12 months, only 27% list business continuity and resilience as a top-three priority during...

The study which surveyed 1,000 CIOs from around the world, finds that 47% of respondents see data breaches as the biggest risk to their organization. 30% of CIOs cite lack of staff awareness as a security issue, down from 50% last year.

While NASA has a fully operational insider threat program for its classified systems, the vast majority of the Agency's information technology systems - including many containing high-value assets or critical infrastructure - are unclassified and are therefore not covered by its current insider threat program. While NASA's exclusion of unclassified systems from its insider threat program is common among federal agencies, adding those systems to a multi-faceted security program could provide an additional level of maturity to the program and better protect agency resources.

A research from Trend Micro warns of spiraling risk to digital infrastructure and remote workers as threat actors increase their rate of attack on organizations and individuals. "Attackers are always working to increase their victim count and profit, whether through quantity or effectiveness of attacks," said Jon Clay, VP of threat intelligence at Trend Micro.