Tag: trends

Have we been wrong about the Internet of Things all along?

I’m just slogging through all the articles I marked “to read” but never got around to during the relax-o-frenzy that is the holiday season. One of the better ones I’ve found comes from the Web site Techbitzz.com. On December 31, they ran a nice and succinct write up that addresses one of the most confusing nomenclature problems in the technology world today: the differences between “machine-to-machine” (or M2M) technology and the “Internet of Things” (or IoT). As the article notes, the tendency these days is to just conflate “M2M” and “IoT” – as if the latter is just a newer, cooler term for the former. But that’s not the case. In fact: the two terms refer to very different things. According to the article: “M2M can be defined in simple terms as, ‘Machines’ (can be a sensor, meter, valve etc)  using network resources (can comprise of core telecom network, back-end […]

Continue Reading

FBI Looking for Cyber Experts to Keep Pace

As a year of mega-breaches and hacks draws to a close, one thing is clear: demand for experts with knowledge of cyber crime and digital forensics is going nowhere but up. Take, for example, the latest job post from the U.S. Federal Bureau of Investigation, which seeks “experienced and certified cyber experts to consider joining the FBI to apply their well-honed tradecraft as cyber special agents.” “We’re putting a big focus on cyber background now,” said Robert Anderson, Jr. , the executive assistant director for the Bureau’s Criminal, Cyber, Response, and Services Branch at the FBI in a video statement. “What we want are people who are going to come and be part of a team that is working different very complex types of investigations and to utilize their skill sets in that team environment.” According to a statement, the FBI has launched a campaign to bring aboard more technical […]

Continue Reading

Are Data Lakes A Key To Securing IoT Environments? | Tripwire Blog

Mitch Thomas over at the security firm Tripwire has a good post on “architecting the security of things” that’s worth checking out. As an incumbent security vendor, Tripwire faces the same challenges and problems as other vendors who came of age securing traditional endpoints and enterprise IT environments. Among them: adapting to a nearly limitless population of new endpoints – many of them small, resource constrained embedded systems.  As we’ve noted before: many of these systems aren’t capable of the kinds of interrogations (vulnerability- and malware scans just two examples) that many security tools take for granted.

Continue Reading

Cat and Mouse: Web Attacks Increasingly Sidestep WAF Protections

Recently, the Akamai Threat Research Team unveiled a unique distributed brute force attack campaign targeting nearly five hundred WordPress applications. What’s interesting about this campaign? It clearly demonstrates how Web attackers are becoming more sophisticated, attempting to evade security controls – specifically Web Application Firewalls (WAFs) and rate control protections. A Short Primer to Brute-Force Attacks Brute force Web attackers attempt to gain privileged access to a Web application by sending a very large set of login attempts, within a short period of time. Using volumetric single source of attack is easily mitigated by blacklisting. Today’s brute force attacks are typically characterized by volumetric attacks coming from distributed IPs. In this way, if the attacker’s source IP is detected, they can still continue with the attack campaign by switching a source IP. As part of this cat-and-mouse evolution, WAFs are enhanced with several rate control measures that detect and block […]

Continue Reading

With Multi-Vector Attacks, Quality Threat Intelligence Matters

In the last year, the world’s attention has been riveted by a series of high-profile hacks of major corporations in retail, finance and the entertainment industry, among others. Each of these incidents is unique, involving different threat actors and motives. However, each of these attacks is also a sterling example of what we, at Cisco, term “multi-vector attack” that employs a range of technologies, deployed in numerous stages, to penetrate the defenses of the target organization. Here at Cisco, we have studied these attacks in-depth and have identified some commonalities among these multi-vector attack, and useful approaches to combat them. This blog post will discuss some of our findings. About Multi-Vector Attacks Any cyber attack, large or small is born from a weak link in the security chain. These weak links take many forms: poorly configured Web servers, gullible employees or vulnerable-but-common applications like Microsoft Office, Adobe Reader and Java are common examples. Multi-vector  attacks […]

Continue Reading
1 78 79 80 81 82 111