The madness known as the RSA Security Conference took place last week in San Francisco. The event featured somewhere in the neighborhood of 1,000 vendors and over 40,000 users, making it by far the largest security conference.
Palo Alto's Unit 42 researchers identified a new botnet malware family described as “Swiss Army Knife Malware” that was designed by a veteran threat actor and is capable of taking screenshots and draining cryptocurrency wallets.
In October 2016, as a botnet strung together by the Mirai malware launched the biggest distributed denial-of-service attack in history, I was, appropriately enough, giving a talk on the Internet of Things (IoT) security and privacy at the Grace Hopper Conference. As I learned of the attack, and as questions came in from the audience about the malware, I knew that the topic of my session could not have been more timely. In this instance, and in countless others, IoT security is a core issue. Security professionals need to be concerned about insecure devices.
For many organizations, the public cloud has become the sole route to market for new product introductions. This cloud infrastructure is owned and managed by a third party, freeing up the organization from the maintenance and cost that comes with a private cloud setup. With that, speed and scale are the main reasons why developers are moving to the public cloud, and now is the best time for security teams to tighten their partnerships with product development and IT teams.
Traps has also been better integrated with the Palo Alto Networks Application Framework, something that is likely to please channel partners. So will the increased channel enablement around this Traps release.
In today's podcast, we hear that AMD continues its investigation of the backdoors and other vulnerabilities CTS Labs publicly disclosed. That disclosure remains controversial. BlackTDS offers malware distribution as-a-service on the black market.
I know a lot of persuasive folks in the cybersecurity community who can easily conjure up a dozen different cyberattack scenarios detailed enough to scare the socks off any board member. Many of us have been hearing about these hypothetical disasters for a decade or longer.
International Women's Day is a great time to bring up the fact that the young members of the Girl Scouts of the USA will soon be able to do their part to help buttress the number of women in cybersecurity by working toward earning badges in that exact skill.
Researchers have discovered a new malware that steals cryptocurrency and other electronic funds by surreptitiously modifying wallet or payment information whenever victims copy it to their devices' clipboards.
A newly discovered piece of malware is capable of stealing a variety of crypto-coins from its victims by replacing legitimate wallet addresses with that of the attacker.
Dubbed ComboJack, the malware performs its nefarious activity by monitoring the user clipboard and replacing targeted addresses there. This is the same technique that was recently observed being used by the Evrial Trojan and the CryptoShuffler malware, but the new threat targets multiple virtual currencies.
Security researchers have discovered a new malware strain that is capable of detecting when users copy a cryptocurrency address to the Windows clipboard. The malware works by replacing this address with one owned by its author.
If you think being a Girl Scout is all camping, crafting, and cooking, think again.
For the first time, millions of Girl Scouts nationwide are taking on hacking and cybercrime as they work towards earning newly introduced cybersecurity badges.
Rick Howard talks about using tools to reduce the manual response aspect of reacting to a cybersecurity event. He details his definition of terms like extensibility and flexibility when it comes to managing federal resources. During the interview, he talks about concepts like the cyber kill chain, doxing, and threat intelligence sharing.
When attackers gain a foothold in the network, they use their privileges to explore their surroundings, expand their realm of control and achieve their ultimate objective: stealing, modifying or destroying sensitive data. Blending in with legitimate users, they can infiltrate organizations and dwell inside networks for months or even years without being detected.