It’s commonly accepted that your users are the weakest link in your security chain. That is actually not true in a lot of cases, though. The reality is that your true Achilles heel is probably your board of directors. Rick Howard, chief security officer of Palo Alto Networks, pointed out that board members, on the other hand, are not employees and generally operate completely outside the scope and protection of your information security tools and policies—using personal computers and mobile devices.
Whether it's ransomware or a data breach, it feels like every day we read about a new cyberattack that leaves our organizations - or us, as individuals - at risk for cybertheft. Understanding the threat landscape is critical to prevent cyberattacks, and regardless of your title within the organization, understanding more of that landscape contributes to the well-being of the organization. October is National Cyber Security Awareness Month, so I sat down with Rick Howard, CSO at Palo Alto Networks to talk about the top five cybersecurity books that he recommends every CIO read to learn more about the cyberthreat playing field.
A group of hackers is using a sophisticated technique of hijacking ongoing email conversations to insert malicious documents that appear to be coming from a legitimate source and infect other targets participating in the same conversational thread.
A newly identified spearphishing campaign targeting banks, companies and individuals across Eurasia wielded particularly effective tactics and malware, according to new research published by the cybersecurity firm Palo Alto Networks.
A persistent wave of headlines about data breaches and cyberattacks reinforces that cybersecurity remains fundamental to the future of our digital age and preservation of the economic and societal benefits that the internet provides. While new technology innovations continue to bring tremendous benefits to business productivity and our way of life, our increasing digital dependence is also broadening the cyberthreat landscape and creating more risk for enterprises and consumers alike.
VICE News asked women who work in tech how they’d fix the industry’s gender gap, and they pointed to three main areas for improvement: hiring, education, and retention. We spoke to women at various stages of their careers to find out which of these areas needs the biggest push.
An analysis of a recently discovered webshell used to harvest credentials from an unnamed Middle Eastern organization has unearthed a complex malicious infrastructure that appears to be targeting Israeli institutions and may possibly be linked to the Iranian APT group OilRig, according to researchers.
DevOps is the most important innovation to the IT sector since the invention of the personal computer. Nearly everyone I have talked to in my travels, these past few years, says they are building their own DevOps shop.
Telefónica, working with Palo Alto Networks, has launched a software service that provides a cloud-based security layer over customers’ Internet access.
The Spain-based service provider natively embedded the new service, Clean Pipes 2.0, into its platforms. It is available now to Telefónica Business Solutions’ multinational customers.
John Davis has seen cyberthreats from both the public and private sector. Currently serving as the Vice President and Federal Chief Security Officer at cybersecurity firm Palo Alto Networks, Davis is responsible for expanding cybersecurity initiatives and improving policy for organizations and governments around the world.
Each day, businesses are connecting thousands of devices to the internet. From conference room smart TVs to thermostats, most of these devices were purpose-built to perform a single function without security in mind. While this influx of technology is instrumental to the evolution of our digital age, it also presents a new layer of risk to organizations. With Gartner projecting the number of connected devices to reach 20 billion by 2020, even a small percentage of infected devices could present a major security threat to broader systems and networks.
Researchers at Unit 42, the Palo Alto Networks team, have found a vulnerability in all versions of the Android operating system prior to the recent release, version 8.0 Oreo - that is, virtually all Android smartphones sold in Brazil. Through it, criminals can offer applications that create fake screens on smartphones. These screens overlap the true screen and thus conceal malicious action.
Security company Palo Alto Networks issued an alert on Thursday that company experts have found a vulnerability in Android that allows applications to create fake screens that overlap the original screen to deceive the owner of the phone. The attack circumvents two protections existing in Android to prevent this type of fraud.
The vast majority of Android devices are at risk of a 'Toast' overlay attack that builds on Cloak and Dagger exploits. The bug could lead to remote control of the device unless Google's latest security patch is applied.
Mobile security experts from Palo Alto Networks have detailed a new attack on Android devices that uses "Toast" notifications to help malware in obtaining admin rights or access to Android's Accessibility service — often used to take over users’ smartphones.
A social engineering scam orchestrated by the ElTest hacking group just had its final payload switched from ransomware to a remote access trojan, indicating a possible change in motive, researchers at Palo Alto Networks have reported.
Industry discussions about the Internet of Things (IoT) usually quote big numbers -- e.g., 30 billion connected devices by 2022 and a global IoT market valued at $14.4 trillion. For service providers, there is an urgent need to scale up, meet those new network requirements, and capture their share of the IoT market opportunity.
Rinki Sethi, senior director of security operations and strategy for Palo Alto Networks, spends a lot of time thinking about how to attract a more diverse workforce in the cybersecurity field, where only 11% of workers are women.
A good CISO always looks for ways to increase the skills of staff – in fact, it’s a necessity given the constantly changing threat landscape. One way to flex the muscles of the threat hunting team might be to take a look at a blog this week from Jeff White of Palo Alto Networks’ Unit 42 threat intelligence team, who writes about how he investigated another in a long series of PowerShell attacks.
Hackers with believed ties to the North Korean government have taken to targeting defense contractors working with the United States government, according to security researchers.
Network and enterprise security company Palo Alto Networks released new research Monday that suggested Lazarus Group, a collective of hackers who are often linked to North Korea, are behind a number of cyber attacks aimed at defense industry companies.
According to a blog post by Palo Alto Networks' Unit 42 division, this newly discovered campaign uses the same infrastructure, tools, tactics, and files that were employed in the 2014 Sony Pictures hack, as well as a recent campaign, detailed in April, that targeted Korean-speaking individuals.
NHS trusts, water and energy companies, the highways agency and other organisations that provide essential infrastructure services could face fines of millions of pounds if they fail to protect themselves from cyberattacks.
The rising number of cyberattacks and the increasing level of sophistication of these events are creating pressures on companies to make sure their IT teams are communicating threats to their C-suites and boards in a way that they can understand. We asked three experts–Rick Howard of security firm Palo Alto Networks Inc.; Suzie Smibert, chief information security officer for Finning International Inc., a distributor of Caterpillar products; and Ed Stroz, co-founder of security company StrozFriedberg–to talk about how to bridge this communications gap.