An analysis of a recently discovered webshell used to harvest credentials from an unnamed Middle Eastern organization has unearthed a complex malicious infrastructure that appears to be targeting Israeli institutions and may possibly be linked to the Iranian APT group OilRig, according to researchers.
VICE News asked women who work in tech how they’d fix the industry’s gender gap, and they pointed to three main areas for improvement: hiring, education, and retention. We spoke to women at various stages of their careers to find out which of these areas needs the biggest push.
DevOps is the most important innovation to the IT sector since the invention of the personal computer. Nearly everyone I have talked to in my travels, these past few years, says they are building their own DevOps shop.
Telefónica, working with Palo Alto Networks, has launched a software service that provides a cloud-based security layer over customers’ Internet access.
The Spain-based service provider natively embedded the new service, Clean Pipes 2.0, into its platforms. It is available now to Telefónica Business Solutions’ multinational customers.
John Davis has seen cyberthreats from both the public and private sector. Currently serving as the Vice President and Federal Chief Security Officer at cybersecurity firm Palo Alto Networks, Davis is responsible for expanding cybersecurity initiatives and improving policy for organizations and governments around the world.
Each day, businesses are connecting thousands of devices to the internet. From conference room smart TVs to thermostats, most of these devices were purpose-built to perform a single function without security in mind. While this influx of technology is instrumental to the evolution of our digital age, it also presents a new layer of risk to organizations. With Gartner projecting the number of connected devices to reach 20 billion by 2020, even a small percentage of infected devices could present a major security threat to broader systems and networks.
Researchers at Unit 42, the Palo Alto Networks team, have found a vulnerability in all versions of the Android operating system prior to the recent release, version 8.0 Oreo - that is, virtually all Android smartphones sold in Brazil. Through it, criminals can offer applications that create fake screens on smartphones. These screens overlap the true screen and thus conceal malicious action.
Security company Palo Alto Networks issued an alert on Thursday that company experts have found a vulnerability in Android that allows applications to create fake screens that overlap the original screen to deceive the owner of the phone. The attack circumvents two protections existing in Android to prevent this type of fraud.
The vast majority of Android devices are at risk of a 'Toast' overlay attack that builds on Cloak and Dagger exploits. The bug could lead to remote control of the device unless Google's latest security patch is applied.
Mobile security experts from Palo Alto Networks have detailed a new attack on Android devices that uses "Toast" notifications to help malware in obtaining admin rights or access to Android's Accessibility service — often used to take over users’ smartphones.
A social engineering scam orchestrated by the ElTest hacking group just had its final payload switched from ransomware to a remote access trojan, indicating a possible change in motive, researchers at Palo Alto Networks have reported.
Industry discussions about the Internet of Things (IoT) usually quote big numbers -- e.g., 30 billion connected devices by 2022 and a global IoT market valued at $14.4 trillion. For service providers, there is an urgent need to scale up, meet those new network requirements, and capture their share of the IoT market opportunity.
Rinki Sethi, senior director of security operations and strategy for Palo Alto Networks, spends a lot of time thinking about how to attract a more diverse workforce in the cybersecurity field, where only 11% of workers are women.
A good CISO always looks for ways to increase the skills of staff – in fact, it’s a necessity given the constantly changing threat landscape. One way to flex the muscles of the threat hunting team might be to take a look at a blog this week from Jeff White of Palo Alto Networks’ Unit 42 threat intelligence team, who writes about how he investigated another in a long series of PowerShell attacks.
Hackers with believed ties to the North Korean government have taken to targeting defense contractors working with the United States government, according to security researchers.
Network and enterprise security company Palo Alto Networks released new research Monday that suggested Lazarus Group, a collective of hackers who are often linked to North Korea, are behind a number of cyber attacks aimed at defense industry companies.
According to a blog post by Palo Alto Networks' Unit 42 division, this newly discovered campaign uses the same infrastructure, tools, tactics, and files that were employed in the 2014 Sony Pictures hack, as well as a recent campaign, detailed in April, that targeted Korean-speaking individuals.
NHS trusts, water and energy companies, the highways agency and other organisations that provide essential infrastructure services could face fines of millions of pounds if they fail to protect themselves from cyberattacks.
The rising number of cyberattacks and the increasing level of sophistication of these events are creating pressures on companies to make sure their IT teams are communicating threats to their C-suites and boards in a way that they can understand. We asked three experts–Rick Howard of security firm Palo Alto Networks Inc.; Suzie Smibert, chief information security officer for Finning International Inc., a distributor of Caterpillar products; and Ed Stroz, co-founder of security company StrozFriedberg–to talk about how to bridge this communications gap.
According to a Monday blog post from Palo Alto Networks' Unit 42 threat research team, Tick's Daserf malware (aka Muirim, Nioupalewas) has been observed sharing infrastructure with the backdoors Invader and Minzen, the trojans Gh0st RAT and 9002 RAT, and the downloader HomamDownloader.
The uninitiated might be forgiven for thinking that Palo Alto Networks is, well, a networking company, but its 40,000 customers know better. Palo Alto Networks is all about security and, along with McAfee, Fortinet, Symantec, Cisco, and Check Point, it is a founding member of the Cyber Threat Alliance (CTA), a new consortium that shares threat information among its members and will produce playbooks (the first one is due this fall) that describe malware campaigns in detail to help its members more quickly address them.
By selling Thin Mints and Tagalongs in kindergarten, Elizabeth Lewelling earned Girl Scout badges for customer service and managing money. The 12-year-old from Palmdale is one of 1.8 million Girl Scouts nationwide who will have the opportunity starting in 2018 to adorn their vests, tunics and sashes with merit badges for information security.
Rick Howard lines up a Security Slap Shot on improving security by going after attacker playbooks. High-performance teams rely on defined processes. Sometimes these are called playbooks. Turns out disciplined attackers use playbooks, too.
Cyber Vets Virginia, an governor's initiative launched last year designed to match military veterans with the state's vacant cybersecurity jobs, is beginning to produce graduates, a manager of the program told StateScoop.