British based assets look cheap at the moment, largely driven by the historically low value of the Pound. I live not far from Sophos HQ, sad in a way that they are being acquired...: The endpoint security market today saw the start of another acquisition with private equity firm Thoma Bravo offering to acquire Sophos for $7.40 per share, or about $3.9 billion. Sophos' board of directors plans to "unanimously recommend" the offer to its shareholders. Thoma Bravo has more t...
This is an easy mistake to make. Developer often copy the 'real' database and don't always have the same security controls as production systems. Take a look at your own developers (especially 3rd parties) and check what they're doing and establish some controls to scan for sensitive data that's exposed to the internet...: [...] I’ll start by going back to 2017 when our Cloud WAF, previously known as Incapsula, was under significant load from onboarding new customers and mee
Mildly ironic that Apple has dropped iTunes from the MacOS platform. Update now...: The ransomware operators targeted an "unquoted path" vulnerability in iTunes for Windows to evade detection and install BitPaymer. [...] BitPaymer operators are sophisticated and savvy in launching attacks. A month before they discovered the iTunes zero-day, Morphisec researchers saw the group creating new variants of the ransomware before planting it on a target network, making detecti
This chimes with my anecdotal evidence from CISO conversations recently. How about a simple rule: "You can only have a new shiny toy if you get rid of at least two others."...: [...] Radware recently surveyed some 300 senior executives, security researchers, app developers, and IT professionals from organizations with worldwide operations. The survey focused on the types of application security technologies that organizations are deploying; responsibility for the AppSec func
The thought of joining someone else's conference calls leaves me cold. I don't always like joining the ones I'm supposed to be on! Make sure you, and all your users, update...: [...] An adversary could exploit Prying-Eye to launch an enumeration attack, which leverages automation to detect numeric or alphanumeric sequences that are used as identifiers for public-facing applications. CQ Prime analysts targeted the web conferencing APIs with a bot designed to scan and discover
Remember, just because your data can't be decrypted today it doesn't mean that it's safe forever...: [...] Alongside these benefits is a danger from quantum computing that most people don't realize is here, now, even though the quantum computers aren't ready yet. This is because encrypted information stolen by China from the US government and industry is being stockpiled by China. Cheap data storage and the proliferation of valuable data online increases the feasibility and
I'm not sure if dwell times are over a year in these middle east attacks but this shows what a determined attacker can do and why you need a way of detecting lateral movement as these APT groups make their way around your network...: [...] Researchers at Symantec say the attackers have been operating since July 2018 and appear to be a previously unidentified threat group, which Symantec has christened Tortoiseshell. The group infiltrated at least 11 organizations, mostly in
Worth a read, if only to confirm how fallible we all are...: "People make mistakes" is a common and relatable phrase, but it's also a malicious one in the hands of cybercriminals, more of whom are exploiting simple human errors to launch successful attacks. The Information Security Forum (ISF) explored the topic in "Human-Centered Security: Addressing Psychological Vulnerabilities," a new report published today. Human vulnerabilities, whether triggered by work pressure or...
Given that EternalBlue has been patched for two years, it's a reflection on organisations' patching and update practises that this is still flying around...: [...] "The vulnerability that caused WannaCry to spread rapidly remains an ongoing threat," says Andrew Brandt, principal researcher at Sophos. "The enterprise tendency to defer patching for some kinds of critical updates may, in some limited cases, do more harm than what it attempts to prevent." [...]
In the absence of secure software development practises, it's still a case of "Plus ça change...": [...] There were no surprises in this year's Top 25, agree Buttner and Chris Levendis, MITRE CWE project leader. "A lot of the top weaknesses continue to be in the list, and we continue to see them even as 10 years have passed," Buttner notes. While weaknesses toward the end of the list have fallen out in favor of new ones, the top weaknesses generally remain the same. The h