Category: Uncategorized

Navigating the Cyber Landscape: 5 Insights for Strengthening Cybersecurity Hygiene from Latest C…

Pioneer of Personal Cybersecurity™ BlackCloak Discovers Crucial Vulnerabilities at Affluent Trop…

A Quick Q&A with Jonathan Tomek, Vice President of R&D at Digital Element

PLDT’s Panlilio: new cybercrime bills to protect customers

Trustwave Releases New SpiderLabs Research Focused on Actionable Cybersecurity Intelligence for …

SEC tells companies to “show their work” on cybersecurity

Law firm Fieldfisher launches data breach management tool – Evisos info

Your Guide To Becoming A Metaverse Security Specialist: Safeguarding The Virtual Realm | URECOMM

Rapid7 and USF Collaborate on Cyber Training Initiative

ATT&CKcon 4.0 to Celebrate 10th Anniversary of MITRE ATT&CK® – Mangaloremirror.com

Acko Transforming Customer Experience: Underwriting to Data Protection, Empowered by Emerging Te…

Top 5 behaviors of successful CISOs: Gartner | Cybersecurity Dive

SEC cyber disclosure rules put CISO liability under the spotlight | Cybersecurity Dive

What are Software Supply Chain Attacks?

Cynomi Study Reveals Number of MSPs Providing Virtual CISO Services Will Grow Fivefold By Next Year

Announcing ‘The Cyber Savvy Boardroom: Essentials Explained’ | finanzen.net

The importance of CISOs is not recognised by senior leadership

Magnificent News: The Cybersecurity 202: CISA makes a big-name hire for its crusade against inse…

Scybers and Cyber Leadership Institute Partner to Develop the Next Generation of Cybersecurity L…

Why cyber risk is one of the top critical risks facing organisations today – and why it’s growin…

Cybersecurity in the Industry 4.0 Era | P&T Review

New IDC Report: DNS Threat Intelligence for Proactive Defense

Spotlight on Cybersecurity Leaders: Arun DeSouza

US lawmakers introduce small business cybersecurity bill. ICC to prosecute digital war crimes. N…

The International Criminal Court will start prosecuting cyber war crimes | Entrepreneur Canada

Prompt injection attacks threaten AI chatbots and other news – The News Intel

Mid-year state of the cyber market update

You’re ready for the new SEC cybersecurity rules. Have you included your OT? – E-DeshSeba

CISA advisory committee urges action on cyber alerts and corporate boards

IAM, cloud security to drive new cybersecurity spending

Table of Contents  Asana launches prediction-based AI tools to improve decision makingCharlotte TruemanComputer WorldWork management platform Asana has announced three new features designed to provide greater cross-organizational transparency and improved insights into how employees are collaborating. The new features have been categorized by Asana as decision intelligence, resource intelligence, and…

Table of Contents  While unified platforms have historically been within the means of only large organizations—ones able to build their own cybersecurity ecosystems—that’s no longer the case. Enterprises of all sizes can obtain a readymade platform from a vendor and customize it relatively easily to meet their specifiTrend MicroWhat’s driving…

Table of Contents  Proactive Security Market To Hit USD 87.2 Billion at a 15.80% CAGR by 2030 – Report by Market Research Future (MRFR)Market Research FutureGlobe NewswireNew York, US, March 16, 2023 (GLOBE NEWSWIRE) — According to a comprehensive research report by Market Research Future (MRFR), “Global Proactive Security Market…

… however, this is still reason for concern: a large majority of reported vulnerabilities allow an attacker to gain full control of a single hardware platform’s multi-server environment. Consequently, a close look at detection, containment, and response capabilities for the unique needs of VMs is an important step in integrating virtualization into the organization’s security program.

It is in this phase of incident management, security and infrastructure design teams address the unique challenges associated with virtualization.

A few simple steps – not always so simple to implement – will ensure an organization’s ability to detect unwanted behavior and effectively respond as virtual servers spread across the enterprise, including:

For example, critical or high-value breach targets might reside on a host with more than the recommended two NICs (one for partition management and one for VMs to access the physical network).

Implemented using VLANs configured in a virtual switch and VLAN access control lists (VACLs), this example is one way to help ensure unwanted traffic does not pass from a compromised VM to other VMs on the same host.

Remember that many controls you implement on the physical network must be configured in virtual environments, but VMs are by design isolated from controls on your physical network.

Security teams often face two challenges when trying to remove a physical server from service: retention of potential evidence in volatile storage or removal of a device from a critical business process.

For example, removing power from a server starts the process of mitigating business impact, but it also denies forensic analysis of data, processes, keys, and possible footprints left by an attacker. A VMware snapshot is a point-in-time image of a VM, including RAM and the virtual machine disk file (Siebert, 2011). Administrators typically strive to meet four goals when a virtual server is removed from service: 1) contain a breach or malware infestation by removing the affected server from the network; 2) prevent any further damage to, or loss of, information residing on local storage; 3) remove the server to a secure location for forensics analysis; and 4) restore services provided by the VM.

As I wrote in Step 3: Segment virtual networks, this is easily accomplished using documented steps to isolate one or more virtual network segments.

They examine and help remedy system, network, and process design challenges associated with VM placement, incident detection and containment, and business process recovery unique to virtualization.

Link: http://virtualization.sys-con.com/node/2760475

Shutting down a system in response to an information security incident is arguably the most drastic option that can be taken, but it might be the best option in certain scenarios.

For example, if there were a possibility that an attacker could gain control of a computer system that regulates traffic lights, it would likely be best to disable that system, and thus the traffic lights, because drivers would hopefully know to treat the non-working traffic signals like stop signs.

Such a decision would also depend on the security and availability controls implemented, including if there were controls in place that limited the compromise from spreading to the complete system versus just a compromised account.

In a system that contains no sensitive data and only has availability requirements, the security team could just do a basic calculation of the cost incurred from the downtime versus the recovery cost from containing and remediating the compromised system, and then make a decision based on the numbers.

This will lead into developing a business continuity and disaster recovery plan (BCDRP), which is similar to an incident response plan in that they both need to be developed prior to an incident and periodically tested so if a shutdown becomes necessary, a playbook for dealing with the situation is on hand.

In developing the BCDRP or incident response plan, establish a channel of communication with the necessary people, including the chief information security officer, chief information officer, helpdesk, business owners and marketing so they will be able to quickly make an informed decision about potentially shutting down a system.

For example, a Web server with a Web application susceptible to an SQL injection vulnerability might be shut down while a patch is being developed, a Web application firewall is set up or the configuration is changed to remove access by the Web server to run commands on the system.

Regardless of which option is the best in a given scenario, ensuring a plan and communication channels are in place prior to an incident is critical to minimizing the impact on your organization.

Link: http://searchsecurity.techtarget.com/tip/Security-incident-response-procedures-When-to-do-a-system-shutdown