Cloud-based dev teams: shift security left to avoid being the next SolarWinds
“The entire way we perform security in a development environment needs to be rethought.”
About SC Media
Most recent articles by Bradley Barth
New data could help CISOs quantify the value of a strong security culture
Companies with a good security culture are 52x less likely to practice risky credential sharing than orgs with a poor security culture.
Old foe or new enemy? Here’s how researchers handle APT attribution
Malwarebytes’ exposé of LazyScripter revealed that the group has operated since at least 2018, targeting International Air Transport Association (IATA) members, airlines and immigrants seeking employment in Canada. How significant are such findings? SC media spoke to researchers, who said Identifying a new actor is the first step in creating a defense.
Reality or just entertaining TV? Cyber experts dig into The Good Doctor’s ransomware episode
Here’s what the television show got right, and what it got wrong, from the role of cyber insurance, to response and recovery timelines.
Ransomware attack or not, Kia’s resilience is under the microscope
A days-long outage affecting mobile and web-based service calls into question Kia’s contingency planning for cybersecurity incidents, even as the company remains defiant about claims that a ransomware attack is to blame.
‘Think about problems in a different way’: Inside the Bank of America CISO’s neurodiversity push
Professionals with autism, ADHD and other conditions can bring a different way of thinking to infosec roles, “able to connect dots that we may not be able to connect,” said Bank of America’s Craig Froelich in an indepth interview.
Phishing campaign alters prefix in hyperlinks to bypass email defenses
Better integration between email and web security systems could serve as a defense.
The Egregor takedown: New tactics to battle ransomware groups show promise
Ransomware ringleaders and their customers have been put on notice: they may not be as untouchable as they thought.
NIST hints at upgrades to its system for scoring a phish’s deceptiveness
Future plans for the methodology include the incorporation of operational data gathered from multiple organizations.
SIEM rules ignore bulk of MITRE ATT&CK framework, placing risk burden on users
Much of the responsibility of making sure that SIEMs reap maximum benefits from the ATT&CK framework falls on users’ ability to understand their own environments. But that’s not easy.
Next post in Network Security
