This article has been indexed from eSecurityPlanet Spending money you hadn’t budgeted to hire experts to clean up an unexpected mess is at the bottom of every manager’s wish list, but in the case of a cyber attack as damaging…
Tag: esecurityplanet
How to Recover From a Ransomware Attack
This article has been indexed from eSecurityPlanet First, we prepare a plan for the possibility, then when a ransomware attack occurs we execute the plan. So easy to say, so difficult to do correctly. To help, we break down the…
Best Ransomware Removal and Recovery Services
This article has been indexed from eSecurityPlanet Malware has been around for nearly 40 years, longer even than the World Wide Web, but ransomware is a different kind of threat, capable of crippling a company and damaging or destroying its…
Multi-Factor Authentication Best Practices & Solutions
This article has been indexed from eSecurityPlanet This post has been updated for 2021. Passwords are the most common authentication tool used by enterprises, yet they are notoriously insecure and easily hackable. But even when passwords are secure, it’s not…
More Than 90 Percent of Malware in Q2 Came Via Encrypted Traffic: WatchGuard
This article has been indexed from eSecurityPlanet A surprising 91.5 percent of all malware detected on networks of WatchGuard Technologies customers in the second quarter came over encrypted connections, raising the security risk for the 80 percent of such organizations…
Chinese Attackers Use New Rootkit in Long-Running Campaign Against Windows 10 Systems
This article has been indexed from eSecurityPlanet A previously unknown but highly skilled Chinese-speaking cyberespionage group is using sophisticated malware to attack government and private entities in Southeast Asia through a long-running campaign that targets systems running the latest versions…
NSA, CISA Release Guidance for Choosing and Hardening VPNs
This article has been indexed from eSecurityPlanet The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released guidance and best practices for securing virtual private network (VPN) solutions. VPNs, an important security tool in an…
Top Cybersecurity Companies for 2021
This article has been indexed from eSecurityPlanet As the demand for robust security defense grows by the day, the market for cybersecurity technology has exploded, as well as the number of available solutions. To help you navigate this growing marketplace,…
McAfee-FireEye Merger Makes STG’s Plans Clearer
This article has been indexed from eSecurityPlanet Private equity firm Symphony Technology Group (STG) has been on a cybersecurity buying spree the last two years, acquiring RSA Security, McAfee’s enterprise business and Mandiant’s FireEye products business (see FireEye, Mandiant to…
Attackers Use Bots to Circumvent Some Two-Factor Authentication Systems
This article has been indexed from eSecurityPlanet Underground services are cropping up that are designed to enable bad actors to intercept one-time passwords (OTPs), which are widely used in two-factor authentication programs whose purpose is to better protect customers’ online…
Best Ransomware Removal Tools
This article has been indexed from eSecurityPlanet Ransomware is everywhere these days, striking fear into the hearts of IT and business managers alike. And studies support that perception, showing ransomware growing in both prevalence and effectiveness. Recent research by Positive…
Microsoft Makes Exchange Server Patches Less Optional
This article has been indexed from eSecurityPlanet Microsoft Exchange is a frequent target of hackers, and often the attack vector is a well known vulnerability that a company just hasn’t gotten around to patching. To try to deal with that…
Bitwarden vs LastPass: Compare Top Password Managers
This article has been indexed from eSecurityPlanet If you’re looking for a password manager for your business, Bitwarden and LastPass might be on your list of potential solutions. Both vendors will help you and your employees store access credentials, improve…
Rapid7 InsightIDR Review: Features & Benefits
This article has been indexed from eSecurityPlanet Rapid7 combines threat intelligence, security research, data collection, and analytics in its comprehensive Insight platform, but how does its detection and response solution – InsightIDR – compare to other cybersecurity solutions? While InsightIDR…
Cynet 360 XDR Review: Features & Benefits
This article has been indexed from eSecurityPlanet If May’s endpoint detection and response (EDR) MITRE evaluations weren’t proof enough, Cynet’s flagship platform – also featuring XDR and MDR capabilities – continues to receive industry recognition. Cynet 360 is the all-in-one…
Could You Be a Ransomware Target? Here’s What Attackers Look For
This article has been indexed from eSecurityPlanet Ransomware is one of the fastest-growing and most destructive cyber threats today. Cybersecurity researchers largely agree that ransomware growth has been astronomical; the only question is by how much. A recent Positive Technologies…
Best Backup Solutions for Ransomware Protection
This article has been indexed from eSecurityPlanet Backup has in some sense always been about the security of data. In the event of a data loss or disaster, you could turn to your backup to retrieve the data. But these…
The Case for Decryption in Cybersecurity
This article has been indexed from eSecurityPlanet Effective encryption has long been critical for protecting sensitive enterprise data, but as hackers increasingly leverage encrypted channels to access and traverse enterprise networks, secure traffic decryption is also key to assessing potential…
Attackers Exploit OMIGOD Flaw in Azure Despite Microsoft Fixes
This article has been indexed from eSecurityPlanet Cybercriminals are targeting Linux-based servers running Microsoft’s Azure public cloud environment that are vulnerable to flaws after Microsoft didn’t automatically apply a patch on affected clients in its infrastructure. According to cybersecurity firm…
Securing Home Employees with Enterprise-Class Solutions
This article has been indexed from eSecurityPlanet The number of employees working remotely skyrocketed during the COVID-19 pandemic, and many companies appear likely to continue with a hybrid work model when things return to normal. Remote work poses unique risks…
Hackers Alter Cobalt Strike Beacon to Target Linux Environments
This article has been indexed from eSecurityPlanet A significant part of hacking consists of diverting the function of existing systems and software, and hackers often use legitimate security tools to perform cyber attacks. Pentesting tool Cobalt Strike has been one…
OWASP Names a New Top Vulnerability for First Time in Years
This article has been indexed from eSecurityPlanet OWASP security researchers have updated the organization’s list of the ten most dangerous vulnerabilities – and the list has a new number one threat for the first time since 2007. The last update…
McAfee Finds Years-Long Attack by Chinese-Linked APT Groups
This article has been indexed from eSecurityPlanet An investigation by McAfee researchers into a case of a suspected malware infection uncovered a cyber attack that had been sitting in the victim organization’s network for years stealing data. The investigators said…
Microsoft Expands Passwordless Sign-on to All Accounts
This article has been indexed from eSecurityPlanet Microsoft for the past few years has been among the loudest vendors calling for a security future that doesn’t include passwords. In 2018, the software giant took the step of doing away with…
Tape Won’t Work for Ransomware Protection. Here’s Why.
This article has been indexed from eSecurityPlanet Tape vendors have been promoting themselves as a solution to the ransomware problem because of their ability to provide air-gapped data backup, but trying to recover terabytes of data from a tape drive…
Apple Patches Vulnerabilities in iOS Exploited by Spyware
This article has been indexed from eSecurityPlanet Apple continues to be haunted by spyware developed by an Israeli security firm that hostile governments used to hack into Apple devices to spy on journalists, activists and world leaders (see Apple Security…
Top Threat Intelligence Platforms for 2021
This article has been indexed from eSecurityPlanet Key features in a top threat intelligence platform include the consolidation of threat intelligence feeds from multiple sources, automated identification and containment of new attacks, security analytics, and integration with other security tools…
Palo Alto Enters Small Business, Remote and Home Markets with Okyo
This article has been indexed from eSecurityPlanet Palo Alto Networks (PANW) is bringing its enterprise-class security to small business and home markets with Okyo, a Wi-Fi 6 hardware device announced today. At $349 a year, the security and router system…
Top 12 Cloud Security Best Practices for 2021
This article has been indexed from eSecurityPlanet From the very beginning of the cloud computing era, security has been the biggest concern among enterprises considering the public cloud. For many organizations, the idea of storing data or running applications on…
Preparing for Ransomware: Are Backups Enough?
This article has been indexed from eSecurityPlanet In a year where ransomware has raised the alert levels everywhere, the go-to answer from many is redundancy through offline, remote backups – but are they enough? Backups are a critical component of…
REvil Ransomware Group Resurfaces After Two Months Away
This article has been indexed from eSecurityPlanet It was a short hiatus for the REvil ransomware group that signed off in July following several high-profile attacks by the Russia-based crew on such companies as global meat processor JBS and tech…
Hackers Leak 87,000 Fortinet VPN Passwords
This article has been indexed from eSecurityPlanet In the latest lesson about the importance of patching, the credentials for 87,000 Fortinet FortiGate VPNs have been posted on a dark web forum by hackers. Fortinet confirmed the veracity of the hackers’…
Vulnerability Could Expose HAProxy to HTTP Request Smuggling Attack
This article has been indexed from eSecurityPlanet A critical vulnerability discovered in the open-source load balancer and proxy server HAProxy could enable bad actors to launch an HTTP Request Smuggling attack, which would let them bypass security controls and gain…
How to Get Started in a Cybersecurity Career
This article has been indexed from eSecurityPlanet There just aren’t enough cybersecurity pros to go around, meaning that people with the right skills and enough dedication have plenty of opportunities to land rewarding and lucrative jobs. And with that well…
Ransomware Group Ragnar Locker Threatens Data Leaks if Law Enforcement Contacted
This article has been indexed from eSecurityPlanet The cybercriminal gang behind the Ragnar Locker ransomware attacks is threatening victims that it will go public with data captured in an attack if they contact law enforcement agencies or hire negotiators. The…
Zero Day Threats: Preparation is the Best Prevention
This article has been indexed from eSecurityPlanet Zero day threats can be the source of some of the most dangerous kinds of cyberattacks. Zero day attacks take advantage of vulnerabilities that haven’t been discovered or are not publicly known yet.…
Salesforce Email Service Used for Phishing Campaign
This article has been indexed from eSecurityPlanet Cybercriminals are using Salesforce’s mass email service to dupe people into handing over credit card numbers, credentials and other personal information in a novel phishing campaign that highlights the threats to corporate networks…
How DMARC Can Protect Against Ransomware
This article has been indexed from eSecurityPlanet Domain-based Message Authentication, Reporting, and Conformance (DMARC) began gaining traction a few years ago as a way to validate the authenticity of emails. Now it may have an even more important role to…
Cybersecurity Risks of 5G – And How to Control Them
This article has been indexed from eSecurityPlanet 5G is on the cusp of widespread adoption. Consumers and organizations are enthused about the operational benefits of more robust mobile connectivity, but the shift to 5G networks doesn’t come without risks. Service…
LockFile Ransomware Uses Unique Methods to Avoid Detection
This article has been indexed from eSecurityPlanet The LockFile ransomware family has made an impression in the relatively short amount of time it’s been around. The malware garnered a lot of attention over the past several months after being detected…
3 Tests to Ensure Zero Trust Network Security
This article has been indexed from eSecurityPlanet The COVID pandemic has highlighted the challenges of ensuring security across an expanding enterprise network forced to support more and more remote workers, an ever-increasing diversity of devices, and frequent mobility. Praveen Jain,…
Microsoft, Google Among Tech Giants Pledging Big Money to Cybersecurity
This article has been indexed from eSecurityPlanet Some of the biggest names in tech are promising to spend more than $30 billion to bolster cybersecurity capabilities, from securing the supply chain and expanding the adoption of the zero trust model…
Best Third-Party Risk Management (TPRM) Tools of 2021
This article has been indexed from eSecurityPlanet Cyberattacks caused by supply chain vulnerabilities mean organizations need a renewed perspective on how to address third-party security. In a developing market, third-party risk management (TPRM) software and tools could be the answer…
Microsoft Issues ProxyShell Advisory After Attacks Begin
This article has been indexed from eSecurityPlanet Microsoft this week issued an advisory about three vulnerabilities referred to collectively as ProxyShell days after security researchers at a federal government cybersecurity agency warned that cybercriminals were actively trying to exploit them.…
Whitelisting vs. Blacklisting: Which Is Better?
This article has been indexed from eSecurityPlanet Cyberattacks are becoming more sophisticated all the time. From phishing scams to ransomware and botnets, it’s hard to keep up with the latest methods that cybercriminals use. It’s not just about stopping unwanted…
Top Code Debugging and Code Security Tools
This article has been indexed from eSecurityPlanet There’s a lot of code in the world, and a lot more is created every day. The browser you’re reading this article on is likely supported by millions of lines of code. And…
Zero Trust Can’t Protect Everything. Here’s What You Need to Watch.
This article has been indexed from eSecurityPlanet Zero trust architecture is an emerging technology in cybersecurity that offers an alternative to the traditional castle-and-moat approach to security. Instead of focusing only on your perimeter to defend against attacks from the…
Neural Fuzzing: A Faster Way to Test Software Security
This article has been indexed from eSecurityPlanet Software vulnerabilities are a grave threat to the security of computer systems. They often go undetected for years until it is too late and the consequences are irreversible. In order to find these…
AWS Unveils Cloud Security Competency Program for MSSPs
This article has been indexed from eSecurityPlanet Amazon Web Services has unveiled a revamped competency for managed security service providers (MSSPs) that is intended to make it simpler for end customers to identify AWS partners that have the most security…
Ransomware Groups Look for Inside Help
This article has been indexed from eSecurityPlanet Ransomware attackers, who use myriad methods to get their malware into the systems of businesses large and small in hopes of pulling down millions of dollars, are now going directly to the source.…
Cloudflare: Mirai Botnet Launched Record-Breaking DDoS Attack
This article has been indexed from eSecurityPlanet Cloudflare last month fought off a massive distributed denial-of-service (DDoS) attack by a botnet that was bombarding 17.2 million requests per second (rps) at one of the internet infrastructure company’s customers in the…
T-Mobile Confirms Data Breach, 47.8 Million Records Exposed
This article has been indexed from eSecurityPlanet Update: T-Mobile USA officials have confirmed that the records of 47.8 million current, former and prospective customers were stolen in a “highly sophisticated cyberattack” late last week. That number is half what hackers…
T-Mobile Confirms Data Breach, Says Too Early to Assess Damage
This article has been indexed from eSecurityPlanet T-Mobile USA officials have confirmed they are investigating a breach of company systems, but say it’s too early to tell whether the personal data of 100 million customers has been exposed, as the…
Phishing Campaign Used Morse Code to Evade Detection: Microsoft
This article has been indexed from eSecurityPlanet A phishing campaign that Microsoft security researchers have been tracking for about a year highlights not only the ongoing success of social engineering efforts by hackers to compromise systems, but also the extent…
Top Cybersecurity Companies for 2021
This article has been indexed from eSecurityPlanet As the demand for robust security defense grows by the day, the market for cybersecurity technology has exploded, as well as the number of available solutions. To help you navigate this growing marketplace,…
NordVPN vs ExpressVPN: Compare Top VPNs
This article has been indexed from eSecurityPlanet If you’re shopping for an enterprise VPN, there’s a good chance NordVPN and ExpressVPN are on your list. Both vendors offer competitive VPN solutions that enable you and your employees to use the…
An Investment Firm Built Its Own SIEM. Here’s How.
This article has been indexed from eSecurityPlanet SIEM solutions can be expensive and difficult to manage, so one company built its own – and is pleased with the results. At last week’s Black Hat USA, NYC-based financial technology firm Two…
Best Digital Forensics Tools & Software for 2021
This article has been indexed from eSecurityPlanet For everything from minor network infractions to devastating cyberattacks and data privacy troubles, digital forensics software can help clean up the mess and get to the root of what happened. Since the inception…
1Password vs LastPass: Compare Top Password Managers
This article has been indexed from eSecurityPlanet 1Password and LastPass are probably at the top of your list for password managers, but which one is the best for you? They both do a great job of protecting your employees’ passwords…
Accenture Attack Highlights Evolving Ransomware Threats
This article has been indexed from eSecurityPlanet Accenture officials are saying they staved off a ransomware attack this week by a cybercriminal ring using the LockBit malware even as the hacker group claimed to have captured data from the massive…
Mobile Malware: Threats and Solutions
This article has been indexed from eSecurityPlanet As users have increasingly moved from desktop operating systems to mobile devices as their primary form of computing, cyber attackers have taken notice and malware has followed. While the total volume of mobile…
Attackers Exploit Flaw that Could Impact Millions of Routers, IoT Devices
This article has been indexed from eSecurityPlanet Cybercriminals using an IP address in China are trying to exploit a vulnerability disclosed earlier this month to deploy a variant of the Mirai malware on network routers affected by the vulnerability, according…
Malvertising Campaign Targets IoT Devices: GeoEdge
This article has been indexed from eSecurityPlanet A malicious advertising campaign originating out of Eastern Europe and operating since at least mid-June is targeting Internet of Things (IoT) devices connected to home networks, according to executives with GeoEdge, which offers…
Best LastPass Alternatives: Compare Password Managers
This article has been indexed from eSecurityPlanet Password managers play an important role in maintaining a strong security profile, and LastPass is certainly on our list of Best Password Managers & Tools for 2021. However, LastPass isn’t a perfect solution…
Open Source Security: A Big Problem
This article has been indexed from eSecurityPlanet Open source security has been a big focus of this week’s Black Hat conference, but no open source security initiative is bolder than the one proffered by the Open Source Security Foundation (OpenSSF).…
NSA, CISA Report Outlines Risks, Mitigations for Kubernetes
This article has been indexed from eSecurityPlanet Two of the largest government security agencies are laying out the key cyberthreats to Kubernetes, the popular platform for orchestrating and managing containers, and ways to harden the open-source tool against attacks. In…
SafeBreach Intros New Tools to Automate Zero-Day Detection
This article has been indexed from eSecurityPlanet At Black Hat and Def Con this week, SafeBreach security researchers Peleg Hadar and Tomer Bar will demonstrate two new tools developed to automate the discovery of zero-day vulnerabilities. Both announcements highlight the…
Supply Chain Flaws Found in Python Package Repository
This article has been indexed from eSecurityPlanet Administrators overseeing the Python Package Index (PyPI) in recent days found themselves responding to vulnerabilities found in the repository of open source software, the latest security problems to hit the Python community. Most…
Top Microsegmentation Software for 2021
This article has been indexed from eSecurityPlanet It seems that no matter how many security technologies, network perimeters, and intrusion prevention safeguards are erected, the bad guys somehow find a means of entry. Enter microsegmentation as a way to minimize…
Free Ransomware Decryption Site Celebrates Milestone as New Threats Emerge
This article has been indexed from eSecurityPlanet As Europol celebrated the fifth anniversary of its anti-ransomware initiative this week, menacing new ransomware threats made it clear that the fight against cyber threats is never-ending. The EU law enforcement cooperation agency…
What are Common Types of Social Engineering Attacks?
This article has been indexed from eSecurityPlanet Social engineering is a common technique that cybercriminals use to lure their victims into a false sense of security. Usually, social engineering involves impersonation, deception, and psychological manipulation that ultimately creates an environment…
FBI, CISA Reveal Most Exploited Vulnerabilities
This article has been indexed from eSecurityPlanet The FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) joined counterparts in the UK and Australia today to announce the top 30 vulnerabilities exploited since the start of the pandemic. The…
The State of Blockchain Applications in Cybersecurity
This article has been indexed from eSecurityPlanet Whether perceived or real, a lack of understanding about blockchain technology has slowed the adoption of advanced distributed database technology in the past decade. As the tide turns and more organizations find ways…
LemonDuck Shows Malware Can Evolve, Putting Linux and Microsoft at Risk
This article has been indexed from eSecurityPlanet The LemonDuck malware that for the past couple of years has been known for its cryptocurrency mining and botnet capabilities is evolving into a much broader threat, moving into new areas of cyber…
LastPass: Password Manager Review for 2021
This article has been indexed from eSecurityPlanet LastPass is password management software that’s been popular among business and personal users since it was initially released in 2008. When it was acquired by LogMeIn Inc. in 2015, it became part of…
Holes in Linux Kernel Could Pose Problems for Red Hat, Ubuntu, Other Distros
This article has been indexed from eSecurityPlanet A pair of vulnerabilities in the Linux kernel disclosed this week expose major Linux operating systems that could let a hacker either gain root privileges on a compromised host or shut down the…
Microsoft Security Under Scrutiny After Recent Incidents
This article has been indexed from eSecurityPlanet Microsoft is struggling through a rough July for security issues even as the company continues to add more cybersecurity capabilities through acquisitions. The software giant earlier this month issued an emergency update in…
IoT Devices a Huge Risk to Enterprises
This article has been indexed from eSecurityPlanet When millions of people around the world were sent home to work at the onset of the global COVD-19 pandemic, they left behind not only empty offices but also a host of Internet…
Apple Security Under Scrutiny Amid Fallout from NSO Spyware Scandal
This article has been indexed from eSecurityPlanet Reports that the NSO Group’s Pegasus spyware was used by governments to spy on Apple iPhones used by journalists, activists, government officials and business executives is becoming a global controversy for NSO, Apple…
A New Approach to Finding Cybersecurity Talent: A Conversation with Alan Paller
This article has been indexed from eSecurityPlanet A group of technology luminaries have launched an effort to find and train a new generation of cybersecurity talent, an effort that will gain steam tomorrow with The Cyber Talent CIO Forum. The…