Social Engineering

Organizations that want to prove to others – and to themselves – that they have a solid cybersecurity and data privacy program will undergo a SOC 2 audit. As such, a SOC 2 audit is a big deal, and it’s demanding, and it requires some serious preparation. SOC audits were created by the American Institute of CPAs (AICPA) under several evaluation and reporting frameworks comprising the System and Organization Controls headers SOC 1, SOC 2,…

Read More

Vulnerability management vendor Qualys this week announced the trial availability of its TotalCloud with FlexScan offering, an agentless, cloud-native vulnerability detection and response platform designed for use in multicloud and hybrid environments. The software is designed to provide a holistic overview of an organization’s cloud-based workloads and identify known vulnerabilities. The system also scans workloads to check whether they’ve opened network ports, and monitors a host of other factors to offer a detailed picture of…

Read More

The ongoing Russia-Ukraine conflict has resulted in an increase in hacktivist activity in the past year, with state-sponsored threat actors targeting 128 governmental organizations in 42 countries that support Ukraine, according to the European Union Agency for Cybersecurity (ENISA). In addition, some threat actors targeted Ukrainian and Russian entities during the early days of the conflict, likely for the collection of intelligence, according to the 10th edition of the ENISA threat landscape report. The report—this…

Read More

The upper ranks of corporate security are seeing a high rate of change as companies try to adapt to the evolving threat landscape. Many companies are hiring a chief security officer (CSO) or chief information security officer (CISO) for the first time to support a deeper commitment to information security. Follow this column to keep up with new appointments to senior-level security roles and perhaps gain a little insight into hiring trends. If you have…

Read More

There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your questions answered by experts. Fortunately, plenty of great conferences are coming up in the months ahead. If keeping abreast of security trends and evolving threats is critical to your job — and we know it is…

Read More

Multinational food and beverage company Mondelez International and Zurich American Insurance have settled their multiyear litigation surrounding the cyberattack coverage – or lack of such coverage – following the NotPetya malware attack that damaged the Mondelez network and infrastructure. The specifics of the settlement are unknown, but that it would come mid-trial has caught everyone’s attention. The pain was felt on June 27, 2017, when NotPetya wiped out 24,000 laptops and 1,700 servers within the…

Read More

A new espionage campaign, dubbed SandStrike, has been detected using malicious VPN apps to load spyware on Android devices, cybersecurity company Kaspersky reports. It’s an example of how APT (advanced persistent threat) actors are constantly updating old attack tools and creating new ones to launch new malicious campaigns, particularly against mobile devices. “In their attacks, they use cunning and unexpected methods: SandStrike, attacking users via a VPN service, where victims tried to find protection and…

Read More

The US White House this week convened its Second International Counter Ransomware Initiative Summit (CRI), bringing together leaders from 36 countries and the European Union in person to build on the work of its first ransomware summit in 2021. At a press briefing before the Summit, a White House spokesperson said, “While the United States is facilitating this meeting, we don’t view this solely as a US initiative. It’s an international partnership that spans most…

Read More

According to ESG research, 52% of organizations believe that security operations are more difficult today than they were two years ago, due to factors such as the dangerous threat landscape, growing attack surface, and the volume/complexity of security alerts. In analyzing this data, I see a common theme: scale. Security teams must be able to scale operations to deal with the increasing volume of everything coming at them. Faced with a global cybersecurity skills shortage,…

Read More

Java services company Azul has unveiled Azul Vulnerability Detection, a SaaS product that leverages the Azul JVM to continuously monitor Java applications for security vulnerabilities. Azul Vulnerability Detection, introduced November 2, is an agentless cloud service designed for production use. It addresses enterprise risk around software supply chain attacks and eliminates false positives while not impacting performance, Azul said. Accessible from azul.com, Azul Vulnerability Detection identifies code running in the Azul JVM and maps it…

Read More