In October 2016, as a botnet strung together by the Mirai malware launched the biggest distributed denial-of-service attack in history, I was, appropriately enough, giving a talk on the Internet of Things (IoT) security and privacy at the Grace Hopper Conference. As I learned of the attack, and as questions came in from the audience about the malware, I knew that the topic of my session could not have been more timely. In this instance, and in countless others, IoT security is a core issue. Security professionals need to be concerned about insecure devices.
For many organizations, the public cloud has become the sole route to market for new product introductions. This cloud infrastructure is owned and managed by a third party, freeing up the organization from the maintenance and cost that comes with a private cloud setup. With that, speed and scale are the main reasons why developers are moving to the public cloud, and now is the best time for security teams to tighten their partnerships with product development and IT teams.
Traps has also been better integrated with the Palo Alto Networks Application Framework, something that is likely to please channel partners. So will the increased channel enablement around this Traps release.
In today's podcast, we hear that AMD continues its investigation of the backdoors and other vulnerabilities CTS Labs publicly disclosed. That disclosure remains controversial. BlackTDS offers malware distribution as-a-service on the black market.
I know a lot of persuasive folks in the cybersecurity community who can easily conjure up a dozen different cyberattack scenarios detailed enough to scare the socks off any board member. Many of us have been hearing about these hypothetical disasters for a decade or longer.
International Women's Day is a great time to bring up the fact that the young members of the Girl Scouts of the USA will soon be able to do their part to help buttress the number of women in cybersecurity by working toward earning badges in that exact skill.
Researchers have discovered a new malware that steals cryptocurrency and other electronic funds by surreptitiously modifying wallet or payment information whenever victims copy it to their devices' clipboards.
A newly discovered piece of malware is capable of stealing a variety of crypto-coins from its victims by replacing legitimate wallet addresses with that of the attacker.
Dubbed ComboJack, the malware performs its nefarious activity by monitoring the user clipboard and replacing targeted addresses there. This is the same technique that was recently observed being used by the Evrial Trojan and the CryptoShuffler malware, but the new threat targets multiple virtual currencies.
If you think being a Girl Scout is all camping, crafting, and cooking, think again.
For the first time, millions of Girl Scouts nationwide are taking on hacking and cybercrime as they work towards earning newly introduced cybersecurity badges.
Security researchers have discovered a new malware strain that is capable of detecting when users copy a cryptocurrency address to the Windows clipboard. The malware works by replacing this address with one owned by its author.
Rick Howard talks about using tools to reduce the manual response aspect of reacting to a cybersecurity event. He details his definition of terms like extensibility and flexibility when it comes to managing federal resources. During the interview, he talks about concepts like the cyber kill chain, doxing, and threat intelligence sharing.
When attackers gain a foothold in the network, they use their privileges to explore their surroundings, expand their realm of control and achieve their ultimate objective: stealing, modifying or destroying sensitive data. Blending in with legitimate users, they can infiltrate organizations and dwell inside networks for months or even years without being detected.
Palo Alto Networks released a cloud-based behavioral analytics application as part of its security platform. The new application, named Magnifier, analyzes data sent from next-generation firewalls to Palo Alto Networks Logging Service and uses this data to profile the behavior of users and devices. Magnifier is expected to be generally available in February.
Malware is increasingly developing an appetite for cryptocurrency mining. One newly discovered strain has tried to infect millions of Windows machines, all in an effort to siphon their computing power and possibly sell it for mining purposes.
Malware that secretly mines Monero is becoming a real problem in the real world, with the number of different incidents growing with each week. For example, only this past week, three new attacks came to light.
A newly discovered malicious URL redirection campaign that infects users with the XMRig Monero cryptocurrency miner has already victimized users between 15 and 30 million times, researchers have reported.