November 21, 2022

An Interview with One of the Developers of CSA’s Zero Trust Training

These days, Zero Trust is a term that you can’t seem to get away from – and you shouldn’t want to! Zero Trust is based on the principle that no part of a computing and networking system can be implicitly trusted, including the humans operating it. This concept codifies an evolutionary approach to cybersecurity under …

An Interview with One of the Developers of CSA’s Zero Trust Training Read More »

What is Cyber Grooming?

Too Long; Didn’t ReadCyber grooming implies creating a trusting relationship with a minor in a virtual environment to commit a crime against sexual integrity. Cyber grooming is one of the most dangerous types of cyber crimes since the victims are teenagers. Malefactors can attract teenager attention with the help of “common interests”: talking about music, …

What is Cyber Grooming? Read More »

ReasonLabs joins Anti-Malware Testing Standards Organization to strengthen anti-malware solutions

ReasonLabs has joined the Anti-Malware Testing Standards Organization (AMTSO), an international non-profit association that focuses on addressing the global need for improvement in the objectivity, quality and relevance of anti-malware testing methodologies. AMTSO is a member-driven organization that develops standards and guidelines for anti-malware testing, providing advice and guidance to the expert testers that make …

ReasonLabs joins Anti-Malware Testing Standards Organization to strengthen anti-malware solutions Read More »

Updated Windows Forensic Analysis Poster

I am thrilled to announce the latest release of the SANS DFIR Windows Forensic Analysis poster. This version was a nearly complete re-write of the poster with significant updates made to every section. The “Evidence of…” categories were originally created by SANS Digital Forensics and Incident Response faculty for the SANS FOR500: Windows Forensics course, mapping specific Windows …

Updated Windows Forensic Analysis Poster Read More »

Introduction to ESQL — A new query language for flexible, iterative analytics

The Elastic Platform has long been well-regarded as an analytical system for search use cases and machine-generated data. Analytics are focused on processing data-as-ingested, where significant thought is put into how to optimally structure data as it is indexed in Elasticsearch. Kibana exposes Elasticsearch aggregations and uses them to create interactive dashboards, visualizations, and alerts. …

Introduction to ESQL — A new query language for flexible, iterative analytics Read More »

Wait… Elastic Observability monitors metrics for AWS services in just minutes?

The transition to distributed applications is in full swing, driven mainly by our need to be “always-on” as consumers and fast-paced businesses. That need is driving deployments to have more complex requirements along with the ability to be globally diverse and rapidly innovate. Cloud is becoming the de facto deployment option for today’s applications. Many …

Wait… Elastic Observability monitors metrics for AWS services in just minutes? Read More »

e-Evidence: Open letter calls for privacy safeguards.

e-Evidence negotiations have put fundamental rights on the line in an attempt to make cross-border criminal investigations more efficient. However, the cost for this efficiency would be very high. We call on policymakers to do better. The EU Council must acknowledge the need for stronger protection of Free Speech and privacy rights.Read more

Season of Giving, Season of Taking: Heightened Fraud During Holiday Shopping

Editors Note: The following post is an excerpt of a full report. To read the entire analysis, click here to download the report as a PDF. This report details the risks the holiday season presents for individuals and financial institutions, describes the tools and services that scammers can use during the holidays, and provides tips …

Season of Giving, Season of Taking: Heightened Fraud During Holiday Shopping Read More »

5 Hospital Workers Charged with Selling Patient Information

Healthcare , HIPAA/HITECH , Industry Specific Data of Patients Hurt in Auto Accidents Allegedly Sold to Chiropractors, Attorneys Marianne Kolbasuk McGee (HealthInfoSec) • November 21, 2022     Federal prosecutors have charged five former Methodist Le Bonheur Healthcare workers with HIPAA crimes. (Source: Methodist Le Bonheur Hospital website) Authorities charged six people, including five former …

5 Hospital Workers Charged with Selling Patient Information Read More »

Chinese APT Using Google Drive, Dropbox to Drop Malware

Anti-Phishing, DMARC , Cybercrime , Cyberwarfare / Nation-State Attacks Evolved Mustang Panda Malware Targets Government, Education, Other Sectors Globally Prajeet Nair (@prajeetspeaks) • November 21, 2022     China-based advanced persistent threat actor Mustang Panda has launched a new wave of spear-phishing attacks on global government, educational and scientific sectors. See Also: Live Webinar | …

Chinese APT Using Google Drive, Dropbox to Drop Malware Read More »

RSA CEO Rohit Ghai on Authenticating Users to Mobile Devices

Governance & Risk Management , Remote Workforce , Video How to Defend BYOD Devices Without Installing Software or Creating Friction Michael Novinson (MichaelNovinson) • November 21, 2022     Rohit Ghai, CEO, RSA The long-standing divide between mobile app detection and identity and access management has fueled cyber incidents and breaches as remote work has …

RSA CEO Rohit Ghai on Authenticating Users to Mobile Devices Read More »

Microsoft Defender protects Mac and Linux from malicious websites

Image: freestocks/Unsplash Microsoft’s security tools aren’t just for Microsoft platforms, because attackers don’t just go after Windows. “Over the last few years, we’ve seen the threat landscape evolve where attackers and cyber criminals are targeting all platforms equally,” Tanmay Ganacharya, partner director for security research at Microsoft, told TechRepublic. “We’ve seen a significant rise in …

Microsoft Defender protects Mac and Linux from malicious websites Read More »

Microsoft’s attempts to harden Kerberos authentication broke it on Windows Servers

Microsoft is rolling out fixes for problems with the Kerberos network authentication protocol on Windows Server after it was broken by November Patch Tuesday updates. As we reported last week, updates released November 8 or later that were installed on Windows Server with the Domain Controller duties of managing network and identity security requests disrupted …

Microsoft’s attempts to harden Kerberos authentication broke it on Windows Servers Read More »

Identity Security Needs Humans and AI Working Hand in Hand

From robotic assembly lines to self-driving cars, automated processes powered by artificial intelligence (AI) are reshaping society in significant ways. But AI can’t do everything on its own — in fact, many organizations are beginning to recognize that automation often functions best when it works hand in hand with a human operator. Likewise, humans can …

Identity Security Needs Humans and AI Working Hand in Hand Read More »

FTX’s Former CEO And Celebs Hit With More Investor Claims

By Sarah Jarvis (November 21, 2022, 10:16 PM EST) — The former head of FTX was hit with more proposed class actions Monday, along with the Golden State Warriors basketball team and a host of celebrities and athletes who endorsed the now-bankrupt cryptocurrency exchange, over claims they schemed to deceive investors and offer them unregistered …

FTX’s Former CEO And Celebs Hit With More Investor Claims Read More »

Beyond Trump, Twitter welcomes back purveyors of far-right disinformation

Written by Suzanne Smalley Nov 21, 2022 | CYBERSCOOP Former President Donald Trump may be getting the gang back together — on Twitter.  After Elon Musk reinstated Trump’s account over the weekend following an online poll, Twitter’s new owner has welcomed a slew of extreme conservative figures back onto the social media platform — ranging …

Beyond Trump, Twitter welcomes back purveyors of far-right disinformation Read More »