We built our 2020 Threat Insights Report on this foundation, to help guide you in protecting against what’s to come. Because moving forward, the right combination of protections is not a difference between one cybersecurity solution or another; it’s the difference between being protected against tomorrow’s threats or becoming their prey.

This is the 7th annual edition of the Microsoft Vulnerabilities Report, and includes a five-year trend comparison, giving you a better understanding of how vulnerabilities are growing and in which specific products.

The problem that occurs when applications deserialize data from untrusted sources is one of the most widespread security vulnerabilities to occur over the last couple years. This article will provide background on the deserialization vulnerability, describe the limitations of the existing mitigation techniques and explain why Waratek’s Compiler Based solution is ideal in solving this problem.

This document recommends best practices for endpoint security in industrial applications under the broader scope of industrial internet security.

From the report, “An OS-Centric Positive Security isn’t a silver bullet, but it can be a tremendously valuable and complementary defense mechanism—your second or last line of defense. The majority of endpoint security solutions deployed today are based on the Negative Security model; so, it’s time to add a Positive Security solution to strengthen your endpoint protection.” Read on to find out more.

Insider threats, such as those associated with the Marriott breach, are considered one of the top concerns in IT security due to the devastating impact on business, reputation, loss of sensitive data, and significant fines. Security solutions that rely on allow lists / block lists and signature files fall far short in their attempt to mitigate this threat. Machine learning and behavioral analysis are uniquely suited to immediately identifying anomalies that indicate an insider threat before any data is lost.

This Morphisec Labs Threat Report is based on anonymized threat data collected from approximately 2,000,000 installed Morphisec endpoint agents as well as in-depth investigations conducted by Morphisec researchers. It includes observations about trends in the wider security landscape together with analyses of the tactics and techniques used by malicious actors.

FireEye recently observed a sophisticated campaign targeting individuals within the Mongolian government. Targeted individuals that enabled macros in a malicious Microsoft Word document may have been infected with Poison Ivy, a popular remote access tool (RAT) that has been used for nearly a decade for key logging, screen and video capture, file transfers, password theft, system administration, traffic relaying, and more.

In May and June 2017, FireEye observed a phishing campaign targeting at least seven global law and investment firms. We have associated this campaign with APT19, a group that we assess is composed of freelancers, with some degree of sponsorship by the Chinese government. APT19 used three different techniques to attempt to compromise targets. In early May, the phishing lures leveraged RTF attachments that exploited the Microsoft Windows vulnerability described in CVE 2017-0199. Toward the end of May, APT19 switched to using macro-enabled Microsoft Excel (XLSM) documents. In the most recent versions, APT19 added an application whitelisting bypass to the XLSM documents. At least one observed phishing lure delivered a Cobalt Strike payload. As of the writing of this blog post, FireEye had not observed post-exploitation activity by the threat actors, so we cannot assess the goal of the campaign. We have previously observed APT19 steal data from law and investment firms for competitive economic purposes. This purpose of this blog post is to inform law firms and investment firms of this phishing campaign and provide technical indicators that their IT personnel can use for proactive hunting and detection.

In this whitepaper you will learn what endpoint privilege management is and how an effective approach significantly enhances an organization’s security against rising cyber crime. They cover the origins of the least privilege concept, the benefits of application control, the current cyber threat landscape and how endpoint privilege management works to combat this with minimal disruption to user productivity.

In 2017, the Australian Signals Directorate (ASD) updated its list of mitigation strategies designed to help organisations reduce the risk of unauthorised access and minimise the exposure of sensitive information in case of a breach. In this new version, the directorate extended its core policies known as the Top 4 to encompass eight essential mitigation strategies. This paper seeks to provide assistance with privileged access security under these new guidelines.

This paper answers questions about what the deserialization vulnerability is, and what the challenges are to solving it.

As businesses continue to adopt both infrastructure-as-a-service (iaaS) and platform -as-a-service (PaaS) cloud platforms, S&r pros struggle to protect their organization’s valuable data while minimizing the threat surface of cloud and hybrid cloud workloads. Cloud workload security (CWS) solutions provide automated and layered controls to secure configurations, network, applications, and storage of hybrid cloud hypervisors and workloads. this report provides S&r pros with an overview of the CWS vendor landscape, critical selection criteria, and key vendor differentiation.

This paper discusses the specific issue of malware that attacks Point-Of-Sale systems.

This report takes a look at the reality that even though we spend lots of money to protect people from targeted attacks, they still continue to happen. Why are we missing the mark, and what can we change?

This short article discusses why a marriage between WAF and DDoS is a good idea.

A report that was created by the 2015 Australian Cyber Security Centre (ACSC) Cyber Security Survey of major Australian businesses was conducted to obtain a better picture of Australian organisations’ understanding of cyber threats and how they are positioned to secure their networks.

This paper presents a unique perspective on Geolocation. It talks about what it is, the problems with it, and how you can use it to provide better protection against malware and hackers.

This whitepaper seeks to provide clarity over what “managed security service provider” status means, and whether customers are even concerned about it.

This paper seeks to help organizations understand the future of Software Asset Management.

This takes a look at how not all cloud security options are created equal.