Blog

Ransomware Attacks Disrupting United States Pipeline Operations The United States Cybersecurity and Infrastructure Security Agency (CISA) recently released a bulletin describing a ransomware attack on a US natural gas pipeline operator; highlighting how even well-regulated and normally well-secured industries can fall victim to cyber attack if security controls are not regularly tested and refined both individually and while working in tandem.  While a ransomware attack of this nature isn’t.

Not All Security Automation is Born Equal With the growth in complexity of business environments and the dynamic nature of the threat landscape security teams are turning to automated security testing in order for their testing to be more frequent, thorough and simpler to perform. But automation is not a synonym for simplicity. When the autopilot was introduced in modern airplanes pilots weren’t exempt from getting trained on the functions the autopilot controlled. The same for pen testing..

If anything is certain in cybersecurity, it's the fact that email is still the #1 advanced threat vector and more than 90% of targeted attacks start with email[1]. Someone, somewhere in your organization is going to click on something malicious. Here's how to prevent that kind of event from leading to a full-blown breach. Reduce the Email Attack Surface Configuring email gateways and other email protection solutions correctly is the first step toward reducing the email attack surface. Settings.

One common misconception I hear from IT security teams is that simulating a specific threat, say the Dridex Trojan, is more ‘real’ than simulating a proprietary (dubbed “Dummy”) version of the Trojan that mimics the underlying attack method that is so critical to that very Trojan’s success. Simulating Cyber Attacks Case in point, one strain of the Dridex Trojan was found to hide its code in a Microsoft spreadsheet. To protect against that specific strain of Dridex, simulating the attack’s.

Notoriously difficult to detect, fileless malware uses system tools and in-memory execution techniques to do its damage. With fileless malware, adversaries don't have to create or install special tools to bypass defenses, conduct reconnaissance, deliver payloads, or execute malicious activity. Overall, fileless malware attacks increased 265% in 2019[1]. Fileless attacks have traditionally abused Windows OS tools or processes, but in December 2019, a filelesswas detected. They contain malicious.

Cymulate wishes you a cybersafe holiday season! The holiday season is a time of joy and celebration, and as we all know, lots of shopping. With Black Friday, Cyber Monday, and Christmas shopping, the amount of shopping drastically increases, specifically online shopping. In a report released by Deloitte, analysts predict that in 2019, 60% of consumers will make their purchases online and over half of holiday spending is anticipated to take place online. It’s a great season for online retailers,.

If we summed up the 2019 threat landscape in one word, it would be "more." Targeting was more specific. More people are crossing over to the dark side. There were new tricks—and more ransomware than you can shake a stick at. Without further ado, here are the top six trends that we noted in 2019. More Specific Targeting Attackers became pickier about their targets. Some targeted specific systems, like AnteFrigus ransomware, which targeted specific users' USB drives to encrypt. Some had distinct.

The no. 1 barrier to better security testing A recent poll by the SANS Institute found that the top barrier cited by security practitioners to improving their security testing is a “Lack of a systematic approach to defining testing (e.g. lack of testing plan).” In fact, this echoes questions we get from security professionals we meet at conferences, as well as organizations getting started with their own automated security testing. Building a security risk assessment plan So, how do you.

‘Tis the season for budget planning. With 2019 coming to a close, you may be scrambling to put together a coherent proposal for 2020. And if you’re lucky, you may have some leftover budget that you need to spend wisely.   Focal Points for 2020 Budgets Analyst firm IDC forecasts a 10% increase in spending around security analytics and SIEM solutions, as well as more than a 10% increase in cyber threat intelligence. Automated continuous security testing, performed using breach and attack.

Continuous security testing is the practice of challenging, measuring and optimizing the effectiveness of security controls on an ongoing basis, using automated testing tools, in order to continually identify new security gaps as they emerge, so they can quickly be fixed. Also called “security effectiveness testing,” the objective of continuous security testing is to find out how effective an organization’s current security controls are, uncover new security gaps as soon as they arise, and.