Security News

For decades, the cybersecurity industry has followed a defense-in-depth strategy, which allowed organizations to designate the battlefield against bad actors at their edge firewall. A fundamental rethink is needed by organizations to ensure they are set up to continuously adapt and evolve to meet the rapidly changing nature of threats.

Microsoft has flexed its muscles in the cybersecurity space, and will drop a reported $500 million in cash to acquire RiskIQ, a late stage startup in the threat intelligence and attack surface management business. Microsoft called out the value of RiskIQ's attack surface management capabilities as part of the impetus for the acquisition.

Today's reality is that security breaches are a given. Sophisticated attackers are too numerous and too determined to get caught by perimeter defenses.

Security Compass published the results of a report designed to provide a better understanding of the current state of threat modeling in mid-sized, $100M to $999M and large sized, $1B + enterprises, with a specific focus on the challenges organizations face in scaling threat modeling for the applications they build and deploy. Current performance on threat modeling approaches Only 25% of survey participants indicate their organizations conduct threat modeling during the early phases of software development requirements gathering and design, before proceeding with application development.

Cisco's Talos security unit says it has detected an increased rate of attacks on targets on the Indian subcontinent and named an advanced persistent threat actor named SideCopy as the source. SideCopy's infrastructure, Talos opined, "Indicates a special interest in victims in Pakistan and India," as the malware used only initiates actions if it detects infections in those two countries.

AdaptiveMobile Security announced a new trio of interconnected 5G security platforms that allows carriers to protect against internal and external security threats to their 5G infrastructure. 5G networks must therefore be secured at the interconnects with external networks and systems deployed to prevent nation state adversaries and criminal organizations using other perceived 'trusted' networks to execute missions against an operator's 5G infrastructure.

Theft of U.S. IP is a fundamental part of China's stated intention to be the world leader in science and technology by 2050. The Safeguarding American Innovation Act is designed to prevent foreign powers - and especially China - from stealing or unlawfully acquiring U.S. federally funded research.

In an almost exclusively mobile world and the increased usage of mobile devices to access corporate data, cybercriminals started taking advantage of the vulnerability of such devices. To select a suitable mobile threat defense solution for your business, you need to think about a variety of factors.

Open Cybersecurity Alliance announced it has accepted IBM's contribution of Kestrel, an open-source programming language for threat hunting that is used by Security Operations Center analysts and other cybersecurity professionals. IBM Research and IBM Security jointly developed Kestrel to enable threat hunters to express hunts in an open, composable threat hunting language.

IBM Corp. on Wednesday announced that it is contributing the Kestrel open-source programming language for threat hunting to the Open Cybersecurity Alliance. The Kestrel threat hunting tool helps Security Operations Center analysts and other cybersecurity professionals streamline threat discovery.