Security systems are blind to memory-based threats

By |2019-02-22T04:50:04+00:00February 22nd, 2019|Security News, Uncategorized|

The failure of traditional security systems to see memory-based threats pose data theft risks You can’t protect what you can’t see. Process memory is still goes unseen by most security tools, making memory the perfect target for attackers. Recent memory attacks include GreyEnergy, BlackEnergy, WannaCry, NotPetya, Industroyer, Triton, Spectre and Meltdown. All of these attacks [...]

Blog Series: Cybersecurity threats we expect to see in 2019

By |2019-02-22T04:42:34+00:00February 20th, 2019|Security News, Uncategorized|

Death, taxes….and cyber threats In 1789, Benjamin Franklin wrote in a letter that “Our new Constitution is now established, and has an appearance that promises permanency; but in this world nothing can be said to be certain, except death and taxes.” Ben Franklin couldn’t conceive of computing and the Internet, but in our current era [...]

20 Spectre and Meltdown Attacks Demonstrated So Far and Rising: This Class of Threat Continues in 2019

By |2019-02-15T19:20:13+00:00February 15th, 2019|Security News, Uncategorized|

Authors: Shauntinez Jakab, Michelle Netten What you should know about Spectre Attacks Branch misprediction is the basis for the attack Attackers leverage the mis-training mechanism Process memory address space is affected Only works with data the application can access architecturally Four methods can be applied to mis-train branch prediction What you should know about Meltdown [...]

The Year-Over-Year Trend of Significant Cyber Attacks Is Increasing Dramatically

By |2019-02-08T20:45:39+00:00February 8th, 2019|Security News, Uncategorized|

With comparison infographic of cyber attacks 2017 & 2018 Significant data breach events have reached the unwelcome distinction of becoming a near daily occurrence. In 2005, the number of significant breaches was under 200. In 2017, that number was 1,300. The actual number of cyber hacks in 2018 over 2017 went down, but measuring “significance” [...]

Even Over, Shutdowns Still Affect Contractor Staff Recruiting & Boost Hacker Activity

By |2019-02-01T16:40:13+00:00January 31st, 2019|Security News, Uncategorized|

With comments and summary from Ray Demeo Key Takeaways for Executives* • The government shutdown made it harder for contractors to attract and retain top talent. • The tight labor market worsens this effect, as employees have more options for jumping ship than they had during previous shutdowns. • Larger firms were able to switch [...]

Congressional investigation into Equifax breach finds multiple security failures

By |2019-01-06T18:59:27+00:00December 28th, 2018|Security News, Uncategorized|

After a 14-month government investigation into the Equifax breach Congress report concludes the breach was preventable. In December, the US House Committee on Oversight and Government Reform completed its 14-month investigation into the Equifax breach. In their final report released earlier this month, they held Equifax accountable for the massive breach that impacted close to [...]

For one company hit big by NotPetya, their insurance company is refusing to pay out on their policy’s cyber attack coverage

By |2018-12-21T16:58:33+00:00December 21st, 2018|Security News, Uncategorized|

NotPetya is the globe’s worst cyber attack so far To date, first place for the most destructive cyber attack the world has ever seen goes to NotPetya. It struck in the summer of 2017, perhaps most memorably impacting Maersk, the Danish shipping company. For them, their network was so corrupted, their IT staff was rendered [...]

GreyEnergy Spy APT Mounts Sophisticated Effort Against Critical Infrastructure

By |2018-10-24T01:31:05+00:00October 24th, 2018|Uncategorized, Virsec in the News|

Threat Post & Journal of CyberPolicy, October 19, 2018, with comments by Ray DeMeo; Most people in the cybersecurity space remember BlackEnergy, the advanced persistent threat (APT) responsible for attacking and shutting down electrical grids in Ukraine in December three years ago. Now BlackEnergy has an architecturally similar and more modern successor, GreyEnergy, that’s emerged [...]

China inserted surveillance microchip in servers used by Amazon and Apple, report says; Apple and Amazon strongly refute claims

By |2018-10-11T02:53:51+00:00October 10th, 2018|Security News, Uncategorized|

Last week, the Washington Post published an article about a Bloomberg Businessweek report claiming China has inserted spying chips into US motherboards. Nearly every day since, the story has updated with more information and the players strongly speaking out against the claims. The heart of the story is Bloomberg’s claim that while computer hardware was [...]