QA on Securing FlexPod Architectures With Next-Generation Firewalls
FlexPod is a pre-designed infrastructure stack for data centers, built on the Cisco Unified Computing System, Cisco Nexus, and NetApp FAS storage components.
Healthcare and Cybersecurity: Take Action Now; Don’t Wait for a Master Plan
Healthcare is a great example of an industry that finds itself at the crossroads of much needed technology innovations and improved security.
By Type
By Topic
By Product Category
By Services
By Technologies
By Industry
By Audience
By Language
Displaying 1 to 30 of 1422
The CyberWire Daily Podcast for 05.19.17
Palo Alto Networks Rick Howard discusses research on Shamoon, adversary playbooks, and credential theft.
How CISOs can answer difficult questions from CEOs
The CEO puts all the trust in the chief security officer to keep the company off the front page and out of danger. But as the number of attacks across the internet skyrockets, that trust has slowly eroded or at the very least is increasingly questioned.
President Trump signs cybersecurity executive order
President Trump signed a long-awaited executive order on Thursday designed to improve the nation's cybersecurity.
Nemucod delivering credential-stealing trojan, Palo Alto
Researchers at Palo Alto Networks have spent the past five months examining a malware campaign that uses the Nemucod downloader to ultimately deliver a trojan that siphons out credentials, according to a post on the company blog.
Women in cybersecurity need to take more risks
Rinki Sethi, director of information security at Palo Alto Networks, needed to bring a lot of confidence and skills to the gates of cybersecurity when she began her career.
Malware Analysis Done Right
The reality facing the cybersecurity industry today is as soon as network defenders develop a new way to spot malware, cyberadversaries are quick to find a way to circumvent it. With the number of cyberattackers growing every day, the time elapsed between deploying a protection and a bad actor finding a way around it grows ever shorter.
Credential theft is the oxygen that fuels successful attacks
As senhas são as clássicas necessidades do ambiente virtual e, quando combinadas com nomes de usuários, formam as credenciais. Quase toda atividade online exige a criação de credenciais, seja para contas de e-mail, contas bancárias, acesso a redes corporativas, redes sociais, jogos, serviços de streaming, ou qualquer registro online.
The CyberWire Daily Podcast for 05.04.17
Rick Howard from Palo Alto Networks previews the Cyber Canon awards ceremony.
Malware for video devices is able to erase data
Os pesquisadores da Unit 42, unidade de pesquisa da Palo Alto Networks, identificaram um novo malware para IoT chamado Amnesia. O malware é uma variação do botnet Tsunami e mira vulnerabilidades de execução de códigos remotos presentes em dispositivos DRV (gravadores de vídeos digitais) fabricados por cerca de 70 empresas no mundo.
Palo Alto Networks Identifies Malware for IoT
Os pesquisadores da Unit 42 Palo Alto Networks identificaram um novo malware para IoT chamado Amnesia, que é uma variação do botnet Tsunami.
The CyberWire Daily Podcast for 04.27.17
Palo Alto Networks Rick Howard outlines a new white paper on credential theft.
Cardinal RAT reigns under the radar two years
Palo Alto Networks researchers spotted a previously unknown remote access trojan (RAT) dubbed the Cardinal RAT which uses a unique technique involving malicious Excel macros.
The CyberWire Daily Podcast for 04.17.17
Rick Howard from Palo Alto Networks ponders the first principle of automotive security.
Securing the Government Cloud
Cloud service deployments at the federal, state and city levels that benefit from the cloud's operational and cost efficiencies have been unprecedented. The federal government launched its Federal Risk and Authorization Management Program, or FedRAMP, to certify a consistent way for cloud service providers to offer security assessment, authorizations and continuous monitoring to government organizations. State and city governments rely on third-party contractors to assess cloud providers for them.
Credential Theft: The Key to Shamoon 2 Data Destruction
The problem of stolen credentials is a well-known threat in the security industry. But knowing something is a problem and understanding the full scope are two different things. The Shamoon 2 attacks targeting critical organizations across Saudi Arabia should serve as a clear demonstration about how significant the problem of credential theft is and how taking steps to prevent it can yield truly significant, tangible results in protecting against attacks.
Malware for IoT begins to show destructive behavior
Hackers começaram a adicionar rotinas de limpeza de dados em malwares que são feitos para infectar aparelhos embutidos e de Internet das Coisas (IoT). Dois ataques observados recentemente mostram esse comportamento, mas provavelmente para objetivos diferentes.
IoT Botnet "Amnesia" Hijacks DVRs via Unpatched Flaw
A new Linux/IoT botnet named “Amnesia” has been targeting digital video recorders (DVRs) by exploiting an unpatched remote code execution vulnerability disclosed more than one year ago. The threat, believed to be a variant of the Tsunami botnet, has been analyzed in detail by researchers at Palo Alto Networks. The botnet targets embedded systems, particularly DVRs made by China-based TVT Digital, which are sold under more than 70 brands worldwide.
The CyberWire Daily Podcast for 04.06.17
Palo Alto Networks Rick Howard describes the cloud paradigm shift.
Research links four malware programs to campaign targeting U.S. and Middle Eastern users
A joint investigation by Palo Alto Networks and ClearSky Cyber Security has shed light on a recently discovered malware campaign that tries to infect U.S. and Middle Eastern targets with four distinct families of Windows and Android-based downloaders and information stealers.
Introducing the Cybesecurity Canon
For those that want more, there’s the Cybersecurity Canon project, of which I’m a member. Canon members include industry experts such as Christina Ayiotis, co-chair of the Georgetown Cybersecurity Law Institute, Dawn-Marie Hutchinson of Optiv, Brian Kelly CISO at Quinnipiac University and more.
Disttrack Malware Distribution Suggests Link between Shamoon 2 and Magic Hound
In November 2016, the security community first learned of a series of attacks known as “Shamoon 2.” The campaign has launched three waves as of this writing. In the first wave, bad actors infected an organization in Saudi Arabia with Disttrack.
Open-source developers targeted in sophisticated malware attack
For the past few months, developers who publish their code on GitHub have been targeted in an attack campaign that uses a little-known but potent cyberespionage malware. The attacks started in January and consisted of malicious emails specifically crafted to attract the attention of developers, such as requests for help with development projects and offers of payment for custom programming jobs.
This Stealthy Malware Remained Unnoticed for Three Years
Stealthy command and control methods allowed a newly discovered malware family to fly under the radar for more than three years, Palo Alto Networks security researchers reveal. Dubbed Dimnie, the threat was discovered in mid-January 2017, when it was targeting open-source developers via phishing emails.
Someone is putting lots of work into hacking Github developers
Open source developers who use Github are in the cross-hairs of advanced malware that can steal passwords, download sensitive files, take screenshots, and self-destruct when necessary.
Why Healthcare Network Security is a Critical Provider Tool
Covered entities are quickly implementing more technology into daily operations, which could potentially open the door for cyber criminals or even unauthorized insider access. Healthcare network security measures must be current and comprehensive, ensuring that patient data does not fall into the wrong hands.
As Malware Gets Smarter, Bare Metal Analysis Can Keep You Secure
Android adware has embraced an innovative way to promote potentially malicious apps: abuse Android plugin frameworks. They say a rising tide lifts all boats; unfortunately, the proverb applies to cybercriminals, too. While the inexpensive availability of compute processing power and broadband connectivity has made technologies like virtualization and cloud computing possible, that same ready access makes it possible for even a novice cybercriminal to leverage some of the most advanced malware available today.
Android adware abusing plugin frameworks to promote potentially malicious apps
Android adware has embraced an innovative way to promote potentially malicious apps: abuse Android plugin frameworks. App promotion isn't anything new on the Android platform. In the past, we've seen adware install paid applications once they've landed on an device. But to the chagrin of these less-than-honest developers, anti-malware technology can block these efforts.
Two-factor authentication, one-time passwords key to prevent credential theft: Report
Another vendor has joined the crowd of voices urging infosec pros to enable two-factor or multi-factor authentication where they can to better secure IT systems. Effective prevention of credential theft should focus on four strategies: Having more than one factor of authentication, one-time passwords, password managers and employee training, a discussion paper released Tuesday by the Unit 42 intelligence division of Palo Alto Networks.
The CyberWire Daily Podcast for 03.17.17
Palo Alto Networks Rick Howard describes a capture-the-flag collaboration.
Displaying 1 to 30 of 1422