Security News

Today's reality is that security breaches are a given. Sophisticated attackers are too numerous and too determined to get caught by perimeter defenses.

Security Compass published the results of a report designed to provide a better understanding of the current state of threat modeling in mid-sized, $100M to $999M and large sized, $1B + enterprises, with a specific focus on the challenges organizations face in scaling threat modeling for the applications they build and deploy. Current performance on threat modeling approaches Only 25% of survey participants indicate their organizations conduct threat modeling during the early phases of software development requirements gathering and design, before proceeding with application development.

Cisco's Talos security unit says it has detected an increased rate of attacks on targets on the Indian subcontinent and named an advanced persistent threat actor named SideCopy as the source. SideCopy's infrastructure, Talos opined, "Indicates a special interest in victims in Pakistan and India," as the malware used only initiates actions if it detects infections in those two countries.

AdaptiveMobile Security announced a new trio of interconnected 5G security platforms that allows carriers to protect against internal and external security threats to their 5G infrastructure. 5G networks must therefore be secured at the interconnects with external networks and systems deployed to prevent nation state adversaries and criminal organizations using other perceived 'trusted' networks to execute missions against an operator's 5G infrastructure.

Theft of U.S. IP is a fundamental part of China's stated intention to be the world leader in science and technology by 2050. The Safeguarding American Innovation Act is designed to prevent foreign powers - and especially China - from stealing or unlawfully acquiring U.S. federally funded research.

In an almost exclusively mobile world and the increased usage of mobile devices to access corporate data, cybercriminals started taking advantage of the vulnerability of such devices. To select a suitable mobile threat defense solution for your business, you need to think about a variety of factors.

Open Cybersecurity Alliance announced it has accepted IBM's contribution of Kestrel, an open-source programming language for threat hunting that is used by Security Operations Center analysts and other cybersecurity professionals. IBM Research and IBM Security jointly developed Kestrel to enable threat hunters to express hunts in an open, composable threat hunting language.

IBM Corp. on Wednesday announced that it is contributing the Kestrel open-source programming language for threat hunting to the Open Cybersecurity Alliance. The Kestrel threat hunting tool helps Security Operations Center analysts and other cybersecurity professionals streamline threat discovery.

Governments worldwide are too often playing catch-up against private cyberspace operators in what is poised to become a key arena for defending national interests, the International Institute for Strategic Studies said Tuesday. While the US remains the dominant cyberspace power, China is rapidly gaining ground and could soon be a major rival in both the civil and military spheres, the Britain-based research group said after a two-year study.

Organizations need to rethink their approach to threat modeling or risk losing its value as a key defense in their cybersecurity arsenals. The traditional approaches to threat modeling can be very effective, but they don't scale well enough in the current computing and threat landscape.