Security Boulevard

via the comic humor & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Númenor Margaritaville’ appeared first on Security Boulevard.

Torrance, Calif., Oct. 7, 2024, CyberNewswire — Criminal IP, a renowned Cyber Threat Intelligence (CTI) search engine developed by AI SPERA, has partnered with Hybrid Analysis, a platform that provides advanced malware analysis and threat intelligence, to … (more…)

The post News alert: Hybrid Analysis adds Criminal IP’s real-time domain scans, boosts malware detection first appeared on The Last Watchdog.

The post News alert: Hybrid Analysis adds Criminal IP’s real-time domain scans, boosts malware detection appeared first on Security Boulevard.

Infostealers, Data Breaches, and Credential Stuffing Unquestionably, infostealers still take the top spot as the most prominent source for newly compromised credentials (and potentially other PII as well). Access brokers are buying, selling, trading, collecting, packaging, and distributing the raw logs and collections of the extracted stolen credentials at a rate of millions of lines […]

The post The Past Month in Stolen Data appeared first on Security Boulevard.

Get Online Student Safety Alerts & Reporting using Content Filter by ManagedMethods As students spend more time on social media and screens, concerns about the impact on their mental health are growing. According to the American Psychological Association, U.S. teens spend an average of 4.8 hours per day using popular social media apps. Additionally, 60% ...

The post Your Headaches, Our Solutions: Student Safety Alerts & Reporting using Content Filter by ManagedMethods appeared first on ManagedMethods Cybersecurity, Safety & Compliance for K-12.

The post Your Headaches, Our Solutions: Student Safety Alerts & Reporting using Content Filter by ManagedMethods appeared first on Security Boulevard.

The Indian Securities and Exchange Board (SEBI) recently took a significant step to enhance software security by incorporating software bill of materials (SBOM) mandates under its Cybersecurity and Cyber Resilience Framework (CSCRF).

The post Simplifying SBOM compliance with Sonatype under India’s cybersecurity framework appeared first on Security Boulevard.

Authors/Presenters:Jason Lei, Vishal Shrivastav

Our sincere thanks to USENIX, and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI '24) content, placing the organizations enduring commitment to Open Access front and center. Originating from the conference’s events situated at the Hyatt Regency Santa Clara; and via the organizations YouTube channel.

Permalink

The post USENIX NSDI ’24 – Seer: Enabling Future-Aware Online Caching in Networked Systems appeared first on Security Boulevard.

Cybercrime remains one of the primary risks facing companies across the United States. The following statistics highlight the most pressing cybersecurity risks organizations face today and underscore the importance of proactive security measures. Top Cybersecurity statistics Cyber attack stats for Small-to-Medium Enterprises Cybersecurity is a growing concern for small businesses, with over 20% identifying it […]

The post <span style="color:#f05f2a;">Facts and Stats</span> about Cybersecurity and Compliance appeared first on PreVeil.

The post Facts and Stats about Cybersecurity and Compliance appeared first on Security Boulevard.

Introduction Imagine you’re the CISO of a rapidly growing tech company. Your infrastructure is expanding daily, and with each new line of code, the potential attack surface grows. How do...

The post PTaaS vs. Bug Bounty Programs: Complementary or Competing Approaches? appeared first on Strobes Security.

The post PTaaS vs. Bug Bounty Programs: Complementary or Competing Approaches? appeared first on Security Boulevard.

Torrance, United States / California, 7th October 2024, CyberNewsWire

The post Hybrid Analysis Utilizes Criminal IP’s Robust Domain Data for Better Malware Detection appeared first on Security Boulevard.

Understanding reachability is increasingly important for enterprises, as it can significantly influence their risk management strategies.

The post Reachability and Risk: Prioritizing Protection in a Complex Security Landscape appeared first on Security Boulevard.

As the threat landscape continues to evolve, businesses must understand the specific cybersecurity risks they face and take proactive measures to protect themselves. One of the most significant challenges in cybersecurity is the increasing diversity of threats and the need to address risks specific to each industry. From data centers to healthcare, each sector has..

The post Tips for Cybersecurity Awareness Month  appeared first on Security Boulevard.

Security leaders face the challenge of managing a vast, interconnected attack surface, where traditional approaches to managing cyber risk are no longer sufficient. Modern threats exploit vulnerabilities across domains, requiring a more holistic approach to avoid operational disruption, safety risks and financial losses.

In today’s rapidly evolving digital landscape, security leaders face an unprecedented challenge: managing and mitigating risks across both IT and operational technology (OT) environments. What was once a relatively straightforward task of defending a defined network perimeter has transformed into a complex battle to secure a vast, interconnected web of IT, OT and internet of things (IoT) systems where the lines between each are increasingly blurred. While integrating these systems reduces operational costs and drives efficiency, it also expands the attack surface, leaving organizations vulnerable to cyberthreats. A recent report by ESG showed that 76% of organizations have suffered a cyberattack as a result of an unknown, unmanaged or poorly managed internet-facing asset.

In other words, the attack surface has never been wider — or more difficult to protect.

The convergence of IT and OT has fundamentally shifted the role of security leaders. No longer confined to safeguarding traditional IT environments, cybersecurity leaders are finding themselves responsible for securing OT systems, cloud infrastructures, mobile and IoT devices, smart technologies, advanced AI systems and even shadow IT assets. Every new connection introduces unique vulnerabilities that must be managed to avoid devastating consequences — from operational disruption to safety risks and financial losses from ransomware and compliance failures. This evolving responsibility makes comprehensive cybersecurity increasingly challenging.

Image source: “Blackbox to blueprint: The security leader’s guidebook to managing OT and IT risk,” Tenable, October 2024

Why you need to think differently about risk

Traditional approaches to managing risk are no longer sufficient. Securing an organization today requires more than basic network defenses and a myriad of siloed security tools that provide an incomplete picture of the attack surface. Today’s threats exploit vulnerabilities across IT, OT and IoT environments, and attackers can move laterally across these domains to maximize the impact of their efforts. An overlooked attack vector or misconfiguration in a single system can lead to operational disruptions, safety risks and significant financial impact. Adapting to the evolving threat landscape means changing how you think about risk in your converged environment.

“76% of organizations have suffered a cyberattack as a result of an unknown, unmanaged, or poorly managed internet-facing asset.”

— Enterprise Strategy Group (ESG), “Elevating Security with Risk-based Vulnerability Management,” June 2024

While OT systems were once isolated and presumed to be “air-gapped” and safe from cyberattacks, they are now often exposed to the internet (whether directly or through laptops, management applications and other IT systems). Legacy OT systems, designed for longevity and reliability, often lack modern cybersecurity controls and are particularly sensitive to disruptions. IoT devices, meanwhile, are frequently insecure by design, creating blind spots in security postures if not properly accounted for.

In the infamous 2017 NotPetya breach, attackers exploited a vulnerability in Ukrainian accounting software M.E.Doc to infiltrate IT systems worldwide, including those at Maersk, the world's largest shipping conglomerate. The malware spread rapidly by combining two potent tools: EternalBlue, which exploited a Windows vulnerability, and Mimikatz, which extracted user credentials to move laterally across networks. This allowed the malware to propagate even on systems that had been patched, infecting thousands of machines in minutes.

At Maersk, the attack initially crippled their IT infrastructure, including essential systems that managed global shipping logistics. As the malware spread unchecked, it impacted OT environments by locking out systems responsible for controlling port logistics, crane operations and container management. The lack of adequate network segmentation between Maersk's IT and OT systems allowed the malware to jump from IT to OT, causing widespread operational paralysis. For days, Maersk's terminals around the world were forced to revert to manual processes, disrupting global shipping routes and creating massive logistical bottlenecks.

Attacks like NotPetya underscore the urgent need for security leaders to adopt a more holistic and integrated approach to managing IT and OT risk. Modern cyberthreats can quickly traverse from the IT network over to OT environments, exploiting vulnerabilities and causing cascading damage. To prevent these attacks, unified security strategies are required that focus on OT-specific defenses and full visibility across both IT and OT environments.

So, what can security leaders do to meet this growing challenge?

Where to start: Future-proof strategies for managing OT and IT risk

Effectively managing the security of your IT, OT and IoT assets requires a tailored approach. Each asset type comes with unique challenges — ranging from traditional OT systems, such as programmable logic controllers (PLCs) and industrial controllers, to the rapidly expanding deployment of IoT devices and sensors. A one-size-fits-all approach can’t provide the level of visibility and control needed to safeguard such a diverse environment.

OT assets are typically highly specialized, designed for longevity and operate in controlled environments in which downtime is costly or dangerous. Traditional IT security tools like endpoint detection and response fall short in such sensitive environments. Ensuring OT systems are secured requires purpose-built solutions that don't disrupt critical processes.

Similarly, IoT devices introduce unique complexities. Many IoT assets are “insecure by design” and evade traditional discovery and assessment techniques. While IoT architectures may share characteristics with both IT and OT environments, they require a dedicated strategy to ensure they don't become blind spots in your security posture.

Download the white paper, Blackbox to blueprint: The security leader’s guidebook for managing OT and IT risk, to learn how to extend your IT vulnerability management program to confidently close the cyber exposure gaps that put your connected operations and cyber-physical systems at risk. In this guide, we explore the key challenges facing today’s security leaders and offer actionable strategies to help minimize risk, protect critical assets, and develop a future-proof security approach.

• Considerations for securing hybrid environments: Dive into proven strategies for gaining visibility into OT and IT assets, even when legacy systems and proprietary protocols are involved.
• Tips to prevent operational disruption: Learn why traditional IT security tools are not sufficient for OT environments and how purpose-built solutions can help ensure both security and operational continuity.
• How to streamline compliance and reporting: Understand the unique compliance challenges of securing converged OT/IT environments and how to streamline and automate audit, reporting and regulatory compliance processes.

These strategies are designed to put OT cybersecurity and resilience at the core of your digital transformation efforts.

#CPS #OTSecurity #ICSSecurity #BMS #DigitalTransformation #CISO

Learn more

• Join an expert discussion on how to unlock Advanced IoT Visibility to secure connected OT/IT environments
• Discover how the latest release of Tenable OT Security redefines discovery and classification of IoT device relationships
• Explore how Tenable helps assess NIS2 risk‑based security measures from three key perspectives across the enterprise
• Find out how Splunk and Tenable together deliver more robust OT/IT security
• Learn how to get started with Tenable OT Security

The post Managing OT and IT Risk: What Cybersecurity Leaders Need to Know appeared first on Security Boulevard.

The digital world has revolutionized the way we live and work, but it has also opened up a new realm for cybercriminals. The rise of the dark web has provided a breeding ground for hackers and other malicious actors to trade stolen data and launch attacks against companies worldwide. This blog post provides a summary …

The post How Cybercriminals Use Stolen Data to Target Companies — A Deep Dive into the Dark Web appeared first on Security Boulevard.

Authors/Presenters:Vamsi Addanki, Maciej Pacut, Stefan Schmid

Our sincere thanks to USENIX, and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI '24) content, placing the organizations enduring commitment to Open Access front and center. Originating from the conference’s events situated at the Hyatt Regency Santa Clara; and via the organizations YouTube channel.

Permalink

The post USENIX NSDI ’24 – Credence: Augmenting Datacenter Switch Buffer Sharing with ML Predictions appeared first on Security Boulevard.

The National Association of State CIOs (NASCIO) held its annual conference in New Orleans, La., this past week. Here are some of the highlights, along with some thoughts about what the future holds for state CIOs.

The post Learning from the NASCIO Annual Conference 2024 appeared first on Security Boulevard.

Authors/Presenters:Farzad Tashtarian, Abdelhak Bentaleb, Hadi Amirpour, Sergey Gorinsky, Junchen Jiang, Hermann Hellwagner, Christian Timmerer

Our sincere thanks to USENIX, and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI '24) content, placing the organizations enduring commitment to Open Access front and center. Originating from the conference’s events situated at the Hyatt Regency Santa Clara; and via the organizations YouTube channel.

Permalink

The post ARTEMIS: Adaptive Bitrate Ladder Optimization for Live Video Streaming appeared first on Security Boulevard.

Authors/Presenters:Vibhaalakshmi Sivaraman, Pantea Karimi, Vedantha Venkatapathy, Mehrdad Khani, Sadjad Fouladi, Mohammad Alizadeh, Frédo Durand, Vivienne Sze

Our sincere thanks to USENIX, and the Presenters & Authors for publishing their superb 21st USENIX Symposium on Networked Systems Design and Implementation (NSDI '24) content, placing the organizations enduring commitment to Open Access front and center. Originating from the conference’s events situated at the Hyatt Regency Santa Clara; and via the organizations YouTube channel.

Permalink

The post USENIX NSDI ’24 – Gemino: Practical and Robust Neural Compression for Video Conferencing appeared first on Security Boulevard.

“If you cannot count it, you cannot manage it.” – Every CISO and CIO ever Asset deduplication is a crucial challenge in exposure management (and CAASM). In today’s complex IT environments, effective management of vulnerabilities and other findings relies on accurate asset inventories to understand and mitigate potential risks. Assets from different data sources must …

Read More

The post Why is asset deduplication a hard problem? appeared first on Security Boulevard.

via the comic humor & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Ingredientsl’ appeared first on Security Boulevard.

Discover why Escape is a better API security solution.

The post Escape vs Invicti appeared first on Security Boulevard.