Top IT Security Bloggers

  • 12 Common Threat Intelligence Use Cases

    Graham Cluley
    Graham Cluley Security News is sponsored this week by the folks at Recorded Future. Thanks to the great team there for their support!
    Recorded Future provides the only complete threat intelligence solution powered by patented machine learning to help security teams defend against cyberattacks.
    Are you using threat intelligence to its full potential?
    The term “threat intelligence” is often misunderstood and with so many security options out there, organizations struggle to find the right solution to meet their needs. The Gartner "Market Guide for Security Threat Intelligence Products and Services” explains the different use cases and how to best leverage threat intelligence in your organization.
    You will learn how to:

    Identify 12 common threat intelligence use cases.
    Align these use cases to your specific requirements.
    Implement strategies for getting value from threat intelligence.
    Evaluate vendors based on your business needs.

    Download this report to get clarity on threat intelligence definitions and learn how to make the right decisions for your organization today.

    If you’re interested in sponsoring my site for a week, and reaching an IT-savvy audience that cares about computer security, you can find more information here.
  • Telegram IM security flaw – what you see is NOT always what you get

    Sophos - Naked Security
    Crooks revived an old visual trick to disguise files that would otherwise look dangerous right away.
  • What’s on CISOs Minds in 2018?

    Network World - Networking Nuggets and Security Snippets
    I’ve just begun a research project on CISO priorities in 2018.  What I’m finding so far is that CISOs are increasing their focus in several areas including the following:
    Business risk. Yes, CISOs have always been employed to protect critical business assets but in the past, this was really executed with a bottom-up perspective – from IT and security infrastructure up to business processes.  Fast forward to 2018 and CISOs are moving to a top down view from business processes down to the technology.  This broadens their view of risk and mandates that security controls work collectively to protect ALL the technologies used to accomplish business processes.  This is a profound change that challenges even the best CISOs and security organizations.
    The cyber supply chain. Most organization have customers, suppliers, and business partners with round-the-clock access to their networks.  As the old security adage goes, ‘the security chain is only as strong as its weakest link,’ and the OMB and Target breaches demonstrate that third-parties often represent the weakest link in the chain.  As part of their focus on business risk, CISOs are spending much more time on areas like cyber supply chain security and vendor risk management. 
    Cyber-adversaries. In the past, organizations really thought of malware and hackers in generic terms.  The goal was simple – block bad things from happening regardless of what those bad things were.  While basic prevention is still important, organizations realize that there are individuals and groups living in Odessa, Rio, or Teheran who are committed to breaking into their networks and stealing valuable data assets.  In response, CISOs want to know all they can about these folks – who they are, where they are, their motivations, and the tactics, techniques, and procedures (TTPs) they use to exploit them.  Armed with this knowledge, they can alert executives on pending risks and invest in the right countermeasures.  As Sun Tzu stated, ‘If you know the enemy and know yourself, you need not fear the results of a hundred battles.’
    Data security. I believe this focus area is related to three things: Cloud computing, mobility and regulations like GDPR.  Sensitive data is moving to the cloud and being accessed by mobile users over public networks.  In this scenario, the security perimeters must center on specific control points like identity and data security.  As a result, CISOs want to know where the sensitive data resides, who can access it, and how well its protected.  Oh, and data security priorities are only exacerbated by the impending GDPR deadline in May.
    Security awareness training. This is nothing new but security awareness training was often treated as a checkbox exercise in the past.  Rather than simply meeting corporate governance goals, CISOs are now trying to create cybersecurity education programs that deliver measurable results. 

    This is the tip of the iceberg but I’m already seeing patterns.  Happy to chat with any CISO who can help educate me on what else is changing in their world. To read this article in full, please click here
  • Google’s big plans for email will give it even more power

    Sophos - Naked Security
    Google's about to make your inbox a much more interesting place
  • This Week in Security News: Senate Hearings and Equifax Breaches

    Trend Micro - Cloud Security Blog
    Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, leaders of six security agencies testified before the Senate Intelligence Committee, the Equifax hack grew in severity, and hackers used the power of Machine Learning to spread...
  • TippingPoint Threat Intelligence and Zero-Day Coverage – Week of February 12, 2018

    Trend Micro - Cloud Security Blog
    Valentine’s Day was earlier this week, and there was so much love in the air. There was also a lot of love in the Trend Micro world as our teams worked diligently to make sure our customers were protected from this month’s bevy of critical vulnerabilities across several vendors. This week, we focus on Microsoft,...
  • Why Chrome’s ad filter isn’t an adblocker

    Sophos - Naked Security
    Optimistic news coverage has described this as the arrival of adblocking in Chrome, it isn't.
  • Facebook accused of spamming 2FA phone numbers

    Sophos - Naked Security
    The social network is messaging users on their 2FA phone numbers and then posting their "PLEASE STOP!!" replies
  • Musical Chairs Playing Tetris

    Arbor Networks
    Introduction ASERT has discovered new command-and-control infrastructure controlled by the APT actors behind the Musical Chairs campaign.  The security research community has associated these actors with significant campaigns in the past, including the pivotal Night Dragon campaign reported on by McAfee in 2011.  The actors […]
  • How a Bitcoin phishing gang made $50 million with the help of Google AdWords

    Graham Cluley
    A cybercrime gang based in Ukraine is estimated to have made as much as $50 million after tricking Bitcoin investors into handing over the login credentials for their online wallets.
    Read more in my article on the Tripwire State of Security blog.

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release