Tag: incident response
-
10 Kennzahlen, die CISOs weiterbringen
Geht es um Security-Kennzahlen, sollten CISOs sich auf das Wesentliche fokussieren. Die Security-Performance zu messen, gehört vielleicht nicht zu den aufregendsten Aufgaben eines CISOs kann allerdings sehr nützlich sein, um eine ganze Reihe von Herausforderungen zu bewältigen. Neben der Erkenntnis darüber, wie effektiv ihre Security-Bemühungen sind, können Sicherheitsentscheider mit den richtigen Kennzahlen unter anderem auch…
-
Top cybersecurity products showcased at RSA 2025
Tags: access, ai, attack, automation, awareness, breach, cisco, compliance, control, crowdstrike, cyber, cybersecurity, data, defense, detection, edr, email, firewall, fortinet, framework, identity, incident response, infrastructure, injection, intelligence, login, malicious, open-source, phishing, risk, siem, soc, threat, tool, training, update, vulnerability, zero-trustCisco: Foundational AI Security Model: Cisco introduced its Foundation AI Security Model, an open-source framework designed to standardize safety protocols across AI models and applications. This initiative aims to address the growing concerns around AI security and ensure Safer AI deployments. Cisco also unveiled new agentic AI features in its XDR and Splunk platforms, along…
-
Iranian APT Group Breaches Middle Eastern Critical Infrastructure in Stealth Campaign
Recently, the FortiGuard Incident Response (FGIR) team has released an in-depth analysis detailing a prolonged, state-sponsored intrusion into First seen on securityonline.info Jump to article: securityonline.info/iranian-apt-group-breaches-middle-eastern-critical-infrastructure-in-stealth-campaign/
-
Threat Actors Target Critical National Infrastructure with New Malware and Tools
A recent investigation by the FortiGuard Incident Response (FGIR) team has uncovered a sophisticated, long-term cyber intrusion targeting critical national infrastructure (CNI) in the Middle East, attributed to an Iranian state-sponsored threat group. Spanning from at least May 2023 to February 2025, with evidence of compromise dating back to May 2021, this espionage-driven campaign employed…
-
Private-Public Partnership Vital for Fighting Cybercrime
FBI’s Sanjay Virmani Discusses Recent FBI Takedowns. Developing strong relationships with private sector and international partner organizations is vital for tackling cybercrime. A proactive approach ensures more efficient incident responses, said Sanjay Vermani, the special agent in charge of the FBI in San Francisco First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/private-public-partnership-vital-for-fighting-cybercrime-a-28232
-
What is EDR? An analytical approach to endpoint security
Tags: access, android, antivirus, api, attack, automation, breach, cloud, corporate, data, defense, detection, edr, email, endpoint, firewall, incident response, infection, infosec, infrastructure, intelligence, Intruder, linux, macOS, malicious, malware, network, service, siem, soar, software, threat, tool, trainingEDR vs. antivirus: What’s the difference?: Antivirus software has similar goals to EDR, in that it aims to block malware from installing on and infecting endpoints (usually user PCs). The difference is that antivirus spots malicious activity by trying to match it to signatures, known patterns of code execution or behavior that the security community…
-
The 14 most valuable cybersecurity certifications
Tags: access, ai, application-security, attack, automation, best-practice, blockchain, blueteam, china, cisa, cisco, ciso, cloud, compliance, computer, computing, conference, control, country, credentials, cryptography, cyber, cybersecurity, data, defense, encryption, endpoint, exploit, finance, governance, government, guide, hacker, hacking, incident response, intelligence, Internet, jobs, kali, law, linux, malware, metric, microsoft, monitoring, network, penetration-testing, privacy, reverse-engineering, risk, risk-analysis, risk-management, skills, threat, training, vulnerability, windowsIndustry recognition Who’s to say one certification is more respected than another? Such criteria can be very subjective, so we turned to the most direct and unbiased source to cut through the ambiguity: job listings. In addition to education, skills, and qualifications, employers often specify certs they seek in their ideal candidate. These mentions carry…
-
Chase CISO condemns the security of the industry’s SaaS offerings
Tags: ai, api, ciso, cloud, control, crowdstrike, cybersecurity, data, defense, detection, group, identity, incident response, infrastructure, network, risk, saas, sbom, threatSolutions missing: Fritz Jean-Louis, principal cybersecurity advisor at Info-Tech Research Group, said that he generally agreed with the Chase description of the cybersecurity challenges today.”One of the key points in the letter is that the modern SaaS model concentrates sensitive data behind a handful of cloud front doors. JP Morgan itself has logged multiple third-party…
-
Outlaw Cybergang Launches Global Attacks on Linux Environments with New Malware
The Outlaw cybergang, also known as “Dota,” has intensified its global assault on Linux environments, exploiting weak or default SSH credentials to deploy a Perl-based crypto mining botnet. Detailed insights from a recent incident response case in Brazil, handled by Kaspersky, reveal the group’s evolving tactics. Sophisticated Threat Targets Weak SSH Credentials The attackers target…
-
Enterprise-specific zero-day exploits on the rise, Google warns
Tags: access, apple, apt, attack, china, cisco, cloud, crime, crimes, cyberespionage, detection, endpoint, exploit, finance, flaw, google, group, Hardware, incident response, injection, Internet, ivanti, korea, lessons-learned, mandiant, microsoft, mitigation, network, north-korea, remote-code-execution, russia, service, strategy, technology, threat, tool, update, vpn, vulnerability, zero-daySurge in network edge device exploitation: Of the 33 zero-day vulnerabilities in enterprise-specific products, 20 targeted hardware appliances typically located at the network edge, such as VPNs, security gateways, and firewalls. Notable targets last year included Ivanti Cloud Services Appliance, Palo Alto Networks’ PAN-OS, Cisco Adaptive Security Appliance, and Ivanti Connect Secure VPN.Targeted attacks against…
-
Ransomware-Attacke bei Hitachi Vantara
Tags: breach, cloud, computer, cyberattack, data, group, incident response, infrastructure, ransom, ransomware, serviceDie Ransomware-Gruppe Akira soll bei Hitachis IT-Services- und Infrastruktur-Tochter zugeschlagen haben.Vertreter von Hitachi Vantara haben gegenüber dem Security-Portal Bleeping Computer (BC) eingeräumt, dass das Unternehmen am 26. April mit Ransomware angegriffen wurde und in der Folge einige seiner Systeme offline nehmen musste.Als Tochterunternehmen des japanischen Hitachi-Konzerns ist Hitachi Vantara auf Datenplattformen und Infrastruktursysteme für Unternehmen…
-
Understanding 2024 cyber attack trends
Mandiant has released the M-Trends 2025 report, which outlines global cyber attack trends based on their own incident response engagements from 2024. Key trends and insights … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/24/understanding-2024-cyber-attack-trends/
-
Incident Response in der Praxis – 5 Incident Response Fails und welche Lehren sich daraus ziehen lassen
Tags: incident responseFirst seen on security-insider.de Jump to article: www.security-insider.de/vermeidung-von-fehlern-bei-incident-response-prozessen-a-c91e9f5d4c3be90eb1d91a7f44867ae9/
-
Frequently Asked Questions About the MITRE CVE Program Expiration and Renewal
Tags: advisory, attack, cisa, computer, cve, cybersecurity, data, exploit, government, incident response, infrastructure, mitre, nvd, open-source, risk, tactics, update, vulnerability, vulnerability-managementConcerns about the future of the MITRE CVE Program continue to circulate. The Tenable Security Response Team has created this FAQ to help provide clarity and context around this developing situation. Background The Tenable Security Response Team has compiled this blog to answer Frequently Asked Questions (FAQ) regarding changes around the MITRE CVE Program. As…
-
Schlendrian an den Netzwerkgrenzen torpediert die Cyberresilienz
Sophos hat seinen ‘Annual Threat Report: Cybercrime on Main Street 2025 ” veröffentlicht. Die Cybersecurity-Fachteams analysieren darin die im Jahr 2024 angesammelten Telemetriedaten aus Sophos-Lösungen, Incident-Response-Fällen sowie MDR-Services. Demnach ist Ransomware nach wie vor die größte Bedrohung gerade für KMUs und profitiert stark von veralteten oder falsch konfigurierten Netzwerkgeräten sie waren Einfallstor Nummer […] First…
-
The most dangerous time for enterprise security? One month after an acquisition
Fear of upgrading or purchasing any new security tech. Managers are hesitant to invest because they don’t know what the new parent company will decide, and they don’t want to waste money.Talented security people leave, along with the best people in every business unit. They are worried about being laid off, so they take whatever…
-
Präventive Cybersicherheit mit Threat-Hunting und Attack-Surface-Management
Censys ist als Aussteller auf der diesjährigen Cyber Threat Intelligence Conference des Verbands FIRST (Forum of Incident Response and Security Teams) vertreten. Als Aussteller präsentiert Censys auf der Veranstaltung seine Plattform zur umfassenden Erkennung, Analyse und Überwachung von internetbasierten Assets und Online-Angriffsflächen. Mit den Lösungen können Kunden einschließlich Unternehmen und Behörden verborgene IT-Risiken aufdecken, schädliche…
-
OT-Security: Warum der Blick auf Open Source lohnt
Tags: ai, compliance, control, data, detection, edr, endpoint, Hardware, incident, incident response, intelligence, iot, microsoft, ml, monitoring, network, open-source, PCI, technology, threat, tool, vulnerability, vulnerability-managementAuch im OT-Security-Bereich stellen Open-Source-Lösungen eine kostengünstige Alternative zu kommerziellen Tools dar. Die zunehmende Digitalisierung und Vernetzung in der industriellen Produktion haben OT-Security (Operational Technology-Sicherheit) zu einem Kernthema in Unternehmen gemacht. Produktionsdaten, SCADA-Systeme (Supervisory Control and Data Acquisition) und vernetzte Maschinen sind in vielen Branchen essenziell und äußerst anfällig für Cyberangriffe. Ein Zwischenfall kann…
-
Neuer Report: ‘Freier Eintritt” per Log-in bei 56 Prozent der analysierten Angriffsfälle
Sophos hat die neueste Ausgabe seines Sophos Active Adversary Report 2025 veröffentlicht, der das Verhalten und die Techniken von Cyberkriminellen aus über 400 tatsächlichen Angriffen analysiert, die das MDR-Team (Managed Detection and Response) und die Incident-Response-Spezialisten 2024 durchgeführt haben. Der Report zeigt, dass sich die Angreifenden in erster Linie über externe Remote-Dienste Zugang zu Netzwerken…
-
Top 16 OffSec, pen-testing, and ethical hacking certifications
Tags: access, android, antivirus, application-security, attack, authentication, blockchain, bug-bounty, business, cisco, cloud, computing, credentials, crypto, cryptography, cyber, cybersecurity, data, defense, detection, encryption, exploit, guide, hacker, hacking, incident response, injection, iot, jobs, kali, linux, malware, microsoft, mitigation, mobile, network, penetration-testing, RedTeam, remote-code-execution, reverse-engineering, risk, risk-assessment, sap, skills, sql, technology, threat, tool, training, update, vulnerability, windowsExperiential learning Offensive security can’t be fully mastered through lectures alone. Candidates need hands-on training in lab environments to develop practical skills. Ideally, certification exams should include a practical assessment, such as developing an exploit to compromise a system.Because individuals learn OffSec techniques, such as penetration testing, in different ways, the most effective certifications offer…
-
Adobe Security Update: Patches Released for Multiple Product Vulnerabilities
Adobe has announced critical security updates for several of its popular software products, addressing vulnerabilities that could potentially be exploited by attackers. The Product Security Incident Response Team (PSIRT) has urged all users to apply these updates immediately to protect their systems and data. These updates are part of Adobe’s ongoing commitment to ensuring the…
-
10 things you should include in your AI policy
Tags: access, ai, best-practice, breach, business, ceo, ciso, compliance, cybersecurity, data, data-breach, finance, framework, gartner, GDPR, governance, incident response, insurance, law, monitoring, privacy, regulation, risk, software, strategy, switch, technology, tool, training, updateInput from all stakeholders: At Aflac, the security team took the initial lead on developing the company’s AI policy. But AI is not just a security concern. “And it’s not just a legal concern,” Ladner says. “It’s not just a privacy concern. It’s not just a compliance concern. You need to bring all the stakeholders…
-
Cloud-Sicherheit unter Druck: Mehr als jedes vierte Unternehmen meldet 2024 Datenpannen
Mit der steigenden Komplexität moderner Cloud-Umgebungen wächst auch die Bedrohungslage. Fehlkonfigurationen, mangelnde Incident-Response-Kapazitäten und neue Schwachstellen in Containern und Webanwendungen zählen zu den größten Risiken. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/cloud-sicherheit-unter-druck-mehr-als-jedes-vierte-unternehmen-meldet-2024-datenpannen/a40406/
-
Sec-Gemini v1 Google’s New AI Model for Cybersecurity Threat Intelligence
Google has unveiled Sec-Gemini v1, an AI model designed to redefine cybersecurity operations by empowering defenders with advanced threat analysis, vulnerability assessment, and incident response capabilities. The experimental system, developed by a team led by Elie Burzstein and Marianna Tishchenko, aims to address the critical asymmetry in cybersecurity where attackers need only one vulnerability to…
-
AI programming copilots are worsening code security and leaking more secrets
Tags: access, ai, api, application-security, attack, authentication, best-practice, breach, ceo, ciso, container, control, credentials, cybersecurity, data, data-breach, github, government, incident response, injection, least-privilege, LLM, monitoring, open-source, openai, password, programming, risk, skills, software, strategy, tool, training, vulnerabilityOverlooked security controls: Ellen Benaim, CISO at enterprise content mangement firm Templafy, said AI coding assistants often fail to adhere to the robust secret management practices typically observed in traditional systems.”For example, they may insert sensitive information in plain text within source code or configuration files,” Benaim said. “Furthermore, because large portions of code are…