Threat Roundup for February 26 to March 5

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between February 26 and March 5. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how our...

2d

Cisco Secure Email: A Proven and Consistent Leader

As email borne threats continue to increase in volume and complexity, keeping email safe continues to be a top priority for security professionals. These varied and persistent threats include Business Email Compromise (BEC), ransomware, domain compromise, malware, phishing, spam and account takeovers. The damage they cause affects an organization’s...

2d

Lifting Each Other Up: A Celebration of Women in Cybersecurity and Their Advocates – Part 1

Every year on March 8th, the world celebrates International Women’s Day. It’s an opportunity to honor the political, social, economic and cultural achievements of women everywhere in every walk of life. That includes in the field of cybersecurity. Women have already made considerable progress in that regard. According to the 2019 (ISC)2 Cybersecurity...

3d

Canadian Bacon – Zero to Hero when it comes to Zero-Trust

Zero trust means a lot of different things to a lot of different people, but I think we all can agree that the zero trust is NOT a single product or platform but a collection of capabilities. The premise of zero trust and its framework can provide a more consistent security approach that reduces risk and increases security posture and overall effectiveness....

5d

Third-Party Software Security Scanning

This blog is co-authored by Nur Hayat and is part two of a four-part series about DevSecOps. Earlier in this series we covered how Continuous Security Buddy (CSB) for continuous integration/continuous delivery (CI/CD) — CSB for CI/CD — provides an automation framework for holistic, continuous security based on DevSecOps principles. In this blog, let’s...

6d

Threat Roundup for February 19 to February 26

Today, Talos is publishing a glimpse into the most prevalent threats we’ve observed between February 19 and February 26. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, this post will summarize the threats we’ve observed by highlighting key behavioral characteristics, indicators of compromise, and discussing how...

2w

Detecting and Responding to SolarWinds Infrastructure Attack with Cisco Secure Analytics

On December 8, FireEye reported that it had been compromised in a sophisticated supply chain attack: more specifically through the SolarWinds Orion IT monitoring and management software. The attackers leveraged business software updates in order to distribute a malware named SUNBURST, and then used this foothold in the organization to contact their...

2w

Balancing Safety and Security During a Year of Remote Working

I have not been inside an office building for 12 months. A sentence I did not imagine writing anytime soon. Last February, everything changed. And when we pause to reflect, we have to consider that, of the many dramatic impacts to our lives, to society, and the world, in the realm of the professional, one of the most impactful changes has been the fact...

2w

How Does Triton Attack Triconex Industrial Safety Systems?

Triton, also known as TRISIS or Hatman, is a piece of malware specially crafted to attack industrial safety systems. In particular, Triton exploits vulnerabilities on the Triconex safety instrumented system from Schneider. Despite this system being deployed at more than 15,000 sites across the world, the malware allegedly only targeted one critical...

2w

Simplified Security for a Successful Digital Transformation

Leveraging end-to-end threat protection to prepare for what’s now and what’s next   It’s no secret that the world has changed significantly in the past year, probably forever. Even before 2020, companies were under immense pressure to go digital to keep up with increasing demands for ubiquitous connectivity. Recent events have further accelerated...

2w