Category Archives: News

Data breach: Why it’s time to adopt a risk-based approach to cybersecurity

The recent high-profile ransomware attack on foreign currency exchange specialist Travelex highlights the devastating results of a targeted cyber-attack. In the weeks following the initial attack, Travelex struggled to bring its customer-facing systems back online. Worse still, despite Travelex’s assurances that no customer data had been compromised, hackers were demanding $6 million for 5GB of sensitive customer information they claim to have downloaded. Providing services to some of the world’s largest banking corporations including HSBC, … More

The post Data breach: Why it’s time to adopt a risk-based approach to cybersecurity appeared first on Help Net Security.

How to detect and prevent issues with vulnerable LoRaWAN networks

IOActive researchers found that the LoRaWAN protocol – which is used across the globe to transmit data to and from IoT devices in smart cities, Industrial IoT, smart homes, smart utilities, vehicle tracking and healthcare – has a host of cyber security issues that could put network users at risk of attack. Such attacks could cause widespread disruption or in extreme cases even put lives at risk. Session Keys and Functions in LoRaWAN v1.0.3 Vulnerable … More

The post How to detect and prevent issues with vulnerable LoRaWAN networks appeared first on Help Net Security.

52% of companies use cloud services that have experienced a breach

Seventy-nine percent of companies store sensitive data in the public cloud, according to a McAfee survey. Anonymized cloud event data showing percentage of files in the cloud with sensitive data While these companies approve an average of 41 cloud services each, up 33 percent from last year, thousands of other services are used ad-hoc without vetting. In addition, 52 percent of companies use cloud services that have had user data stolen in a breach. By … More

The post 52% of companies use cloud services that have experienced a breach appeared first on Help Net Security.

Benefits of blockchain pilot programs for risk management planning

Through 2022, 80% of supply chain blockchain initiatives will remain at a proof-of-concept (POC) or pilot stage, according to Gartner. One of the main reasons for this development is that early blockchain pilots for supply chain pursued technology-oriented models that have been successful in other sectors, such as banking and insurance. However, successful blockchain use cases for supply chain require a different approach. “Modern supply chains are very complex and require digital connectivity and agility … More

The post Benefits of blockchain pilot programs for risk management planning appeared first on Help Net Security.

Recommendations for navigating the dynamic cybercrime landscape

In this interview, Mark Sangster, VP & Industry Security Strategist at eSentire, talks about the most pressing issues CISOs are dealing with in today’s fast-fast paced threat environment. How has the cybersecurity threat landscape evolved in the past 5 years? What are some of the most notable threats eSentire is seeing that were not an issue in the past? The past five years have seen significant progress in both the recognition of cybercrime, but also … More

The post Recommendations for navigating the dynamic cybercrime landscape appeared first on Help Net Security.

You can upgrade Windows 7 for free! Why wouldn’t you?

“Doomsday is here! The sky is falling! Windows 7 is out of support and all hell will break loose!” – or, at least, that’s what some cybersecurity experts and press outlets want you to think. In this article, I will offer some advice to businesses of all sizes that may need to continue using Windows 7, while understanding the risk. This is my opinion and should be taken as advice only. Every company is different, … More

The post You can upgrade Windows 7 for free! Why wouldn’t you? appeared first on Help Net Security.

Patients believe stronger privacy protections are more important than easier health data access

Patients and consumers deserve better access to personalized, actionable health care information to empower them to make better, more informed decisions – but it should not drive up health care costs or compromise the privacy of their personal health data, according to a poll of patients and consumers from Morning Consult and America’s Health Insurance Plans (AHIP). Personal privacy outweighs increased transparency A strong majority (62%) of patients want their data and privacy protected more … More

The post Patients believe stronger privacy protections are more important than easier health data access appeared first on Help Net Security.

Top 10 policy trends to watch for globally in 2020

The 10 top trends that will drive the most significant technological upheavals this year have been identified by Access Partnership. “Shifts in tech policy will disrupt life for everyone. While some governments try to leverage the benefits of 5G, artificial intelligence, and IoT, others find reasons simply to confront Big Tech ranging from protectionism to climate urgency. “Techlash trends highlighted in our report lay bare the risks of regulatory overreach: stymied innovation and economic growth … More

The post Top 10 policy trends to watch for globally in 2020 appeared first on Help Net Security.

Week in review: Kubernetes security challenges, NIST Privacy Framework, Mitsubishi Electric breach

Here’s an overview of some of last week’s most interesting news and articles: Mitsubishi Electric discloses data breach, possible data leak Japanese multinational Mitsubishi Electric has admitted that it had suffered a data breach some six months ago, and that “personal information and corporate confidential information may have been leaked.” It’s time to patch your Cisco security solutions again Cisco has released another batch of security updates and patches for a variety of its offerings, … More

The post Week in review: Kubernetes security challenges, NIST Privacy Framework, Mitsubishi Electric breach appeared first on Help Net Security.

MDhex vulnerabilities open GE Healthcare patient monitoring devices to attackers

Researchers have discovered six critical and high-risk vulnerabilities – collectively dubbed MDhex – affecting a number of patient monitoring devices manufactured by GE Healthcare. The flaws may, according to GE Healthcare, allow an attacker to make changes at the device’s OS level that may render the device unusable or interfere with its function, make changes to alarm settings on connected patient monitors, and utilize services used for remote viewing and control of multiple devices on … More

The post MDhex vulnerabilities open GE Healthcare patient monitoring devices to attackers appeared first on Help Net Security.

Lessons from Microsoft’s 250 million data record exposure

Microsoft has one of the best security teams and capabilities of any organization in the technology industry, yet it accidentally exposed 250 million customer records in December 2019. The data was accessible to anyone with a browser, who knew the server location, for about a month in total before an external researcher detected the problem. The database held records of customer support engagements dating back to 2005. Once alerted, Microsoft quickly closed the hole, investigated … More

The post Lessons from Microsoft’s 250 million data record exposure appeared first on Help Net Security.

CISOs: Make 2020 the year you focus on third-party cyber risk

While cybersecurity professionals are certainly aware of the growing threat posed by sharing data with third parties, many seem to lack the urgency required to address this challenge. If there is one work-related New Year’s resolution I’d like CISOs to make as we enter 2020, it’s to give the challenge of third-party cyber risk the attention it needs. In fact, I no longer see this as optional or as an extension of an enterprise risk … More

The post CISOs: Make 2020 the year you focus on third-party cyber risk appeared first on Help Net Security.

More authentication and identity tech needed with fraud expected to increase

The proliferation of real-time payments platforms, including person-to-person (P2P) transfers and mobile payment platforms across Asia Pacific, has increased fraud losses for the majority of banks. FICO recently conducted a survey with banks in the region and found that 4 out of 5 (78 percent) have seen their fraud losses increase. Further to this, almost a quarter (22 percent) say that fraud will rise significantly in the next 12 months, with an additional 58 percent … More

The post More authentication and identity tech needed with fraud expected to increase appeared first on Help Net Security.

IoC Scanner shows if Citrix appliances have been compromised via CVE-2019-19781

Citrix and FireEye have teamed up to provide sysadmins with an IoC scanner that shows whether a Citrix ADC, Gateway or SD-WAN WANOP appliance has been compromised via CVE-2019-19781. Finding evidence of compromise By now it should be widely known that CVE-2019-19781 – aka “Shitrix” – is a real and present danger: exploits for it abound and attackers are using them, while we wait for fixes for all affected devices to be released. Though the … More

The post IoC Scanner shows if Citrix appliances have been compromised via CVE-2019-19781 appeared first on Help Net Security.

It’s time to patch your Cisco security solutions again

Cisco has released another batch of security updates and patches for a variety of its offerings, including many of its security solutions. Security fixes for security solutions Among the security holes plugged is CVE-2019-16028, a critical authentication bypass vulnerability affecting the Cisco Firepower Management Center – a device that provides visibility into an organization’s network and allows admis to centrally manage critical Cisco network security solutions. “The vulnerability is due to improper handling of Lightweight … More

The post It’s time to patch your Cisco security solutions again appeared first on Help Net Security.

Cybercriminals using fake job listings to steal money, info from applicants

Be extra careful when looking for a job online, the Internet Crime Complaint Center (IC3) warns: cybercriminals are using fake job listings to trick applicants into sharing their personal and financial information, as well as into sending them substantial sums of money. “While hiring scams have been around for many years, cyber criminals’ emerging use of spoofed websites to harvest PII and steal money shows an increased level of complexity. Criminals often lend credibility to … More

The post Cybercriminals using fake job listings to steal money, info from applicants appeared first on Help Net Security.

Zero Trust: Beyond access controls

As the Zero Trust approach to cybersecurity gains traction in the enterprise world, many people have come to recognize the term without fully understanding its meaning. One common misconception: Zero Trust is all about access controls and additional authentication, such as multi-factor authentication. While these two things help organizations get to a level of Zero Trust, there is more to it: a Zero Trust approach is really an organization-wide architecture. Things aren’t always as they … More

The post Zero Trust: Beyond access controls appeared first on Help Net Security.

There is no easy fix to AI privacy problems

Artificial intelligence – more specifically, the machine learning (ML) subset of AI – has a number of privacy problems. Not only does ML require vast amounts of data for the training process, but the derived system is also provided with access to even greater volumes of data as part of the inference processing while in operation. These AI systems need to access and “consume” huge amounts of data in order to exist and, in many … More

The post There is no easy fix to AI privacy problems appeared first on Help Net Security.

CIOs using AI to bridge gap between IT resources and cloud complexity

There’s a widening gap between IT resources and the demands of managing the increasing scale and complexity of enterprise cloud ecosystems, a Dynatrace survey of 800 CIOs reveals. IT leaders around the world are concerned about their ability to support the business effectively, as traditional monitoring solutions and custom-built approaches drown their teams in data and alerts that offer more questions than answers. CIO responses in the research indicate that, on average, IT and cloud … More

The post CIOs using AI to bridge gap between IT resources and cloud complexity appeared first on Help Net Security.

Did Apple drop end-to-end encrypted iCloud backups because of the FBI?

Two years ago, Apple abandoned its plan to encrypt iPhone backups in the iCloud in such a way that makes it impossible for it (or law enforcement) to decrypt the contents, a Reuters report claimed on Tuesday. Based on information received by multiple unnamed FBI and Apple sources, the report says that the decision was made after Apple shared its plan for end-to-end encrypted iCloud backups with the FBI and the FBI objected to it. … More

The post Did Apple drop end-to-end encrypted iCloud backups because of the FBI? appeared first on Help Net Security.

Honeywell Maxpro VMS/NVR systems vulnerable to hijacking

Honeywell’s Maxpro VMS and NVR, network video recorders and video management systems deployed in commercial, manufacturing and energy facilities around the world, sport critical vulnerabilities that may allow attackers to take control of them. Patches available for the Honeywell Maxpro vulnerabilities Two vulnerabilities have been discovered and reported by Joachim Kerschbaumer: CVE-2020-6959, stemming from an unsafe deserialization of untrusted data, which could allowed an attacker to remotely modify deserialized data using a specially crafted web … More

The post Honeywell Maxpro VMS/NVR systems vulnerable to hijacking appeared first on Help Net Security.

Container security requires continuous security in new DevSecOps models

When Jordan Liggitt at Google posted details of a serious Kubernetes vulnerability in November 2018, it was a wake-up call for security teams ignoring the risks that came with adopting a cloud-native infrastructure without putting security at the heart of the whole endeavor. For such a significant milestone in Kubernetes history, the vulnerability didn’t have a suitably alarming name comparable to the likes of Spectre, Heartbleed or the Linux Kernel’s recent SACK Panic; it was … More

The post Container security requires continuous security in new DevSecOps models appeared first on Help Net Security.

Companies risk revenue growth due to innovation achievement gap

While a majority of CEOs express strong confidence in the effectiveness of their current IT systems, most are struggling to close the innovation achievement gap to drive growth and revenue, according to a global study by Accenture. The is based on Accenture’s largest enterprise IT study conducted to date, including survey data from more than 8,300 organizations across 20 countries and 885 CEOs. Innovation achievement gap: Adopting new technologies The research, which analyzed the adoption … More

The post Companies risk revenue growth due to innovation achievement gap appeared first on Help Net Security.

Email security industry miss rates when encountering threats are higher than 20%

Email security miss rates are definitely a huge issue. Malicious files regularly bypass all of today’s leading email security products, leaving enterprises vulnerable to email-based attacks including ransomware, phishing and data breaches, according to BitDam. BitDam conducted an empirical study to measure leading email security products’ ability to detect unknown threats at first encounter. Unknown threats are produced in the wild, sometimes hundreds in a day. The study employs the retrieval of fresh samples of … More

The post Email security industry miss rates when encountering threats are higher than 20% appeared first on Help Net Security.

State CIOs see innovation as critical priority, only 14% report extensive innovation

Most state CIOs see innovation as a major part of their job – 83% said innovation is an important or very important part of their day-to-day leadership responsibilities – while only 14% reported extensive innovation initiatives within their organizations, Accenture and the National Association of State Chief Information Officers (NASCIO) reveal. Previously, NASCIO had highlighted innovation as a top ten current issue facing state CIOs. “The pace of technological change keeps accelerating, bringing new challenges … More

The post State CIOs see innovation as critical priority, only 14% report extensive innovation appeared first on Help Net Security.

Download: State of Breach Protection 2020 survey results

What are the key considerations security decision makers should take into account when designing their 2020 breach protection? To answer this, Cynet polled 1,536 cybersecurity professionals to understand the common practices, prioritizations and preferences of organization today in protecting themselves from breaches. Security executives face significant challenges when confronting the evolving threat landscape. For example, what type of attacks pose the greatest risk and what security products would best address them? Is it better to … More

The post Download: State of Breach Protection 2020 survey results appeared first on Help Net Security.

Micropatch simulates workaround for recent zero-day IE flaw, removes negative side effects

ACROS Security has released a micropatch that implements the workaround for a recently revealed actively exploited zero-day RCE flaw affecting Internet Explorer (CVE-2020-0674). Remote code execution vulnerability affecting IE Last Friday, Microsoft released an out-of-band security advisory notifying Internet Explorer users of a remote code execution vulnerability affecting IE 11, 10 and 9 on various versions od Windows and Windows Server, which they know is being exploited in “limited targeted attacks”. Flagged by researchers from … More

The post Micropatch simulates workaround for recent zero-day IE flaw, removes negative side effects appeared first on Help Net Security.

First patches for the Citrix ADC, Gateway RCE flaw released

As attackers continue to hit vulnerable Citrix (formerly Netscaler) ADC and Gateway installations, Citrix has released permanent fixes for some versions and has promised to provide them for other versions and for two older versions of SD-WAN WANOP by January 24. A short timeline before the situation update CVE-2019-19781, a critical vulnerability affecting Citrix ADC and Gateway that may allow unauthenticated attackers to achieve remote code execution and obtain direct access to an organization’s local … More

The post First patches for the Citrix ADC, Gateway RCE flaw released appeared first on Help Net Security.

Researchers create OT honeypot, attract exploits and fraud

Trend Micro announced the results of research featuring a honeypot imitating an industrial factory. The highly sophisticated Operational Technology (OT) honeypot attracted fraud and financially motivated exploits. Hardware equipment that ran the factory Complex investigation The six-month investigation revealed that unsecured industrial environments are primarily victims of common threats. The honeypot was compromised for cryptocurrency mining, targeted by two separate ransomware attacks, and used for consumer fraud. “Too often, discussion of cyber threats to industrial … More

The post Researchers create OT honeypot, attract exploits and fraud appeared first on Help Net Security.

Mitsubishi Electric discloses data breach, possible data leak

Japanese multinational Mitsubishi Electric has admitted that it had suffered a data breach some six months ago, and that “personal information and corporate confidential information may have been leaked.” The company, though, claims that “sensitive information on social infrastructure such as defense, electric power, and railways, highly confidential technical information, and important information concerning business partners have not been leaked.” What was compromised in the Mitsubishi Electric data breach? Mitsubishi Electric is a manufacturer of … More

The post Mitsubishi Electric discloses data breach, possible data leak appeared first on Help Net Security.

Data-driven vehicles: The next security challenge

Companies are increasingly building smart products that are tailored to know the individual user. In the automotive world, the next generation passenger vehicle could behave like a personal chauffeur, sentry and bodyguard rolled into one. Over the next decade, every car manufacturer that offers any degree of autonomy in a vehicle will be forced to address the security of both the vehicle and your data, while also being capable of recognizing and defending against threats … More

The post Data-driven vehicles: The next security challenge appeared first on Help Net Security.

Review: Enzoic for Active Directory

Seemingly every day news drops that a popular site with millions of users had been breached and its user database leaked online. Almost without fail, attackers try to use those leaked user credentials on other sites, making password stuffing one of the most common attacks today. Users often use the same username/email and password combination for multiple accounts and, unfortunately, enterprise accounts are no exception. Attackers can, therefore, successfully use leaked credentials to access specific … More

The post Review: Enzoic for Active Directory appeared first on Help Net Security.

Techniques and strategies to overcome Kubernetes security challenges

Five security best practices for DevOps and development professionals managing Kubernetes deployments have been introduced by Portshift. Integrating these security measures into the early stages of the CI/CD pipeline will assist organizations in the detection of security issues earlier, allowing security teams to remediate issues quickly. Kubernetes as the market leader The use of containers continues to rise in popularity in test and production environments, increasing demand for a means to manage and orchestrate them. … More

The post Techniques and strategies to overcome Kubernetes security challenges appeared first on Help Net Security.

Revenue from cloud IT infrastructure products declines

Vendor revenue from sales of IT infrastructure products (server, enterprise storage, and Ethernet switch) for cloud environments, including public and private cloud, declined in the third quarter of 2019 (3Q19) as the overall IT infrastructure market continues to experience weakening sales following strong growth in 2018, IDC reveals. The decline of 1.8% year over year was much softer than in 2Q19 as the overall spend on IT infrastructure for cloud environments reached $16.8 billion. IDC … More

The post Revenue from cloud IT infrastructure products declines appeared first on Help Net Security.

A look at cybersecurity for rail systems, building automation and the future of critical infrastructure

Waterfall Security Solutions announced a major expansion into new markets and industry verticals. In support of this expansion, Waterfall has secured a significant new funding round to enable aggressive growth. We caught up with Lior Frenkel, CEO and co-founder of the company, to find out more. So Lior, you folks just announced a big new expansion and investment. What are your main priorities for Waterfall Security in the next 5 years? Well, let me first … More

The post A look at cybersecurity for rail systems, building automation and the future of critical infrastructure appeared first on Help Net Security.

NIST Privacy Framework 1.0: Manage privacy risk, demonstrate compliance

Our data-driven society has a tricky balancing act to perform: building innovative products and services that use personal data while still protecting people’s privacy. To help organizations keep this balance, the National Institute of Standards and Technology (NIST) is offering a new tool for managing privacy risk. Version 1.0 of the NIST Privacy Framework The agency has just released Version 1.0 of the NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management. … More

The post NIST Privacy Framework 1.0: Manage privacy risk, demonstrate compliance appeared first on Help Net Security.

Business units and IT teams can no longer function in silos

Over the next two years, 50% of organizations will experience increased collaboration between their business and IT teams, according to Gartner. The dispute between business and IT teams over the control of technology will lessen as both sides learn that joint participation is critical to the success of innovation in a digital workplace. “Business units and IT teams can no longer function in silos, as distant teams can cause chaos,” said Keith Mann, senior research … More

The post Business units and IT teams can no longer function in silos appeared first on Help Net Security.

Week in review: Windows crypto flaw, API security risks, exploits for Citrix security hole abound

Here’s an overview of some of last week’s most interesting news and articles: Cable Haunt: Unknown millions of Broadcom-based cable modems open to hijacking A vulnerability (CVE-2019-19494) in Broadcom‘s cable modem firmware can open unknown millions of broadband modems by various manufacturers to attackers, a group of Danish researchers has warned. High-risk Google account owners can now use their iPhone as a security key Google users who opt for the Advanced Protection Program (APP) to … More

The post Week in review: Windows crypto flaw, API security risks, exploits for Citrix security hole abound appeared first on Help Net Security.

Microsoft Application Inspector: Check open source components for unwanted features

Want to know what’s in an open source software component before you use it? Microsoft Application Inspector will tell you what it does and spots potentially unwanted features – or backdoors. About Microsoft Application Inspector “At Microsoft, our software engineers use open source software to provide our customers high-quality software and services. Recognizing the inherent risks in trusting open source software, we created a source code analyzer called Microsoft Application Inspector to identify ‘interesting’ features … More

The post Microsoft Application Inspector: Check open source components for unwanted features appeared first on Help Net Security.

IoT cybersecurity’s worst kept secret

By improving access to data and taking advantage of them in fundamentally different ways to drive profitability, IT security executives are rapidly changing perceptions of their office. Although making better sense of and use of data may be standard fare in other areas of the enterprise, who knew that modern IoT cybersecurity solutions would become network security’s newest professional lever? Actually, we should have seen it coming, because digital transformation always starts with visibility and … More

The post IoT cybersecurity’s worst kept secret appeared first on Help Net Security.

New infosec products of the week: January 17, 2020

Masergy Shadow IT Discovery: Automatically identify unauthorized SaaS applications Masergy Shadow IT Discovery immediately scans and identifies all applications, providing clients visibility through the SD-WAN management portal. Until now, IT departments have had to rely on a variety of endpoint security solutions and guesswork to access this information. The time savings and decreased threat exposure will help IT organizations increase their security posture and keep up with the blind spots created by unsanctioned usage. STEALTHbits … More

The post New infosec products of the week: January 17, 2020 appeared first on Help Net Security.

How to govern cybersecurity risk at the board level

Rapidly evolving cybersecurity threats are now commanding the attention of senior business leaders and boards of directors and are no longer only the concern of IT security professionals. A report from University of California, Berkeley’s Center for Long-Term Cybersecurity (CLTC) and Booz Allen Hamilton uses insights gleaned from board members with over 130 years of board service across nine industry sectors to offer guidance for boards of directors in managing cybersecurity within large global companies. … More

The post How to govern cybersecurity risk at the board level appeared first on Help Net Security.

Worldwide IT spending to total $3.9 trillion in 2020

Worldwide IT spending is projected to total $3.9 trillion in 2020, an increase of 3.4% from 2019, according to the latest forecast by Gartner. Global IT spending is expected to cross into $4 trillion territory next year. “Although political uncertainties pushed the global economy closer to recession, it did not occur in 2019 and is still not the most likely scenario for 2020 and beyond,” said John-David Lovelock, distinguished research vice president at Gartner. “With … More

The post Worldwide IT spending to total $3.9 trillion in 2020 appeared first on Help Net Security.

White Ops appoints Rhushabh ‘Rush’ Mehta as Sr. VP of Engineering

White Ops, the global leader in bot mitigation verifying the humanity of more than 1 trillion digital interactions per week, announced the appointment of Rhushabh ‘Rush’ Mehta, former Head of Foundational Technology at Audible, an Amazon Company, to White Ops Sr. Vice President of Engineering. In his new role, Rush will lead White Ops’ development efforts to further accelerate the innovation of the White Ops Bot Mitigation platform and associated products including White Ops Advertising … More

The post White Ops appoints Rhushabh ‘Rush’ Mehta as Sr. VP of Engineering appeared first on Help Net Security.

Facebook users will be notified when their credentials are used for third-party app logins

Facebook will (finally!) explicitly tell users who use Facebook Login to log into third-party apps what information those apps are harvesting from their FB account. At the same time, users will be able to react quickly if someone managed to compromise their Facebook accounts and is using their credentials to access other apps and websites. Login Notifications The new feature, called Login Notifications, will deliver notifications to users via the Facebook app and user’s associated … More

The post Facebook users will be notified when their credentials are used for third-party app logins appeared first on Help Net Security.

Embedding security, the right way

As organizations proceed to move their processes from the physical world into the digital, their risk profile changes, too – and this is not a time to take risks. By not including security into DevOps processes, organizations are exposing their business in new and surprising ways. DevOps DevOps has accelerated software development dramatically, but it has also created a great deal of pain for traditional security teams raised up on performing relatively slow testing. Moving … More

The post Embedding security, the right way appeared first on Help Net Security.

Emotet remains the dark market leader for delivery-as-a-service

The vast majority of nationally sponsored cybersecurity incidents take the form of espionage through data exfiltration, with frequent employment of remote access tool Plug-X, according to the annual threat report by eSentire. Emotet is the leader The report found that Emotet accounted for almost 20% of confirmed malware incidents, reinforcing its role in the black market as the preferred delivery tool. Emotet was the most observed threat both on networks and on endpoints, achieving this … More

The post Emotet remains the dark market leader for delivery-as-a-service appeared first on Help Net Security.

Six trends attracting the attention of enterprise technology leaders

Organizations around the world will accelerate enterprise technology investment in 2020, leveraging digital improvements to make them more competitive, improve connections with consumers, and keep up with the increasing demands of privacy regulation and security needs. Hyland has identified six technology trends that will drive these improvements and demand the attention of CIOs CTOs in the coming year and beyond. Prioritize cloud control Organizations will opt for managed cloud services to increase security and efficiency. … More

The post Six trends attracting the attention of enterprise technology leaders appeared first on Help Net Security.

Global security services industry to experience spend growth of more than $80 billion

The global security services industry is poised to experience spend growth of more than $80 billion between 2019-2024 at a CAGR of over 8% during the forecast period, according to SpendEdge. Factors such as the increase in the instances of IP infringement, the frequency of economic and sporting events are exposing masses to significant security risks. This is creating a pressing requirement to engage security services across the domestic and business sectors across the globe … More

The post Global security services industry to experience spend growth of more than $80 billion appeared first on Help Net Security.

Kubernetes bug bounty program open to anyone, rewards up to $10,000

The Cloud Native Computing Foundation is inviting bug hunters to search for and report vulnerabilities affecting Kubernetes. Offered bug bounties range between $100 to $10,000. What is Kubernetes? Kubernetes is an open-source container-orchestration system for automating application deployment, scaling, and management. It was designed by Google but has been open sourced and handed over to the Cloud Native Computing Foundation to continue its maintenance and has become a community project. The Kubernetes bug bounty program … More

The post Kubernetes bug bounty program open to anyone, rewards up to $10,000 appeared first on Help Net Security.

Companies increasingly reporting attacks attributed to foreign governments

More than one in four security managers attribute attacks against their organization to cyberwarfare or nation-state activity, according to Radware. Nation-state intrusions soaring In 2018, 19% of organizations believed they were attacked by a nation-state. That figure increased to 27% in 2019. Companies in North America were more likely to report nation-state attribution, at 36%. “Nation-state intrusions are among the most difficult attacks to thwart because the agencies responsible often have significant resources, knowledge of … More

The post Companies increasingly reporting attacks attributed to foreign governments appeared first on Help Net Security.

Cyber attackers turn to business disruption as primary attack objective

Over the course of 2019, 36% of the incidents that CrowdStrike investigated were most often caused by ransomware, destructive malware or denial of service attacks, revealing that business disruption was often the main attack objective of cybercriminals. Another notable finding in the new CrowdStrike Services Report shows a large increase in dwell time to an average of 95 days in 2019 — up from 85 days in 2018 — meaning that adversaries were able to … More

The post Cyber attackers turn to business disruption as primary attack objective appeared first on Help Net Security.

Budgetary, policy, workforce issues influencing DOD and intelligence community IT priorities

Information Technology spending by Department of Defense (DOD) and Intelligence Community (IC) agencies will continue to grow as they work to keep pace with the evolution of both the threat landscape and technology development, according to Deltek. Intelligence community The increasing sophistication of adversaries, expanding threat landscape, rapid pace of technology advancement and data proliferation continue to fuel the IC’s demand for tools and resources to meet mission objectives. IT solutions such as cloud computing, … More

The post Budgetary, policy, workforce issues influencing DOD and intelligence community IT priorities appeared first on Help Net Security.