X-Industry

Defending against real-world threats is not just part of the job at Sentinel Labs; it is the reality of operating as a cybersecurity company in today’s landscape.  Real-world attacks against our environment serve as constant pressure tests, reinforcing what works, revealing what does not, and driving continuous improvement across our products and operations.  When you’re a high-value target like Sentinel, for some of the most capable and persistent adversaries out there, nothing less will do.

Di

The latest Thetius report, commissioned by CyberOwl and HFW, gathers insights, assesses current and future cybersecurity challenges, evaluates the industry’s response to evolving regulations and technological advancements, and highlights the importance of integrated cybersecurity practices throughout the vessel lifecycle, from design to maintenance.

Key findings of the report include:

• 7% of stakeholders paid a ransom within the last 12 months. In 2023, nearly 14% admitted to paying a ransom.
• Th

In today’s interconnected world, safeguarding critical infrastructure from cyber threats is more important than ever.  The continuous evolution of technology and the adoption of the Connected Worker have created unprecedented opportunities for growth and innovation.  However, they have also created a vast and complex digital landscape where vulnerabilities can be easily exploited.  The cybersecurity challenges facing critical infrastructure are not hypothetical; they are stark realities that can

The recent U.S. Supreme Court decision in Loper Bright Enterprises v. Raimondo questions the topic of cybersecurity regulation. The Court's decision effectively overturned the Chevron Doctrine, a longstanding principle that gave deference to federal agencies' interpretations of ambiguous laws. Cybersecurity leaders are now scrambling to understand the implications for regulating the threat landscape already a moving target.  Business leaders have questioned the validity of unelected bureaucrats

Cyber security is undergoing a massive transformation, with Artificial intelligence (AI) at the forefront of this change, posing both a threat and an opportunity.  AI can potentially empower organizations to defeat cyberattacks at machine speed and drive innovation and efficiency in threat detection, hunting, and incident response.  Adversaries can use AI as part of their exploits.  It is never been more critical for us to design, deploy, and use AI securely.

See:  https://redskyalliance.org/xin

For over a decade, the Security and Exchange Commission (SEC) has been working with corporations and their many stakeholders to seek ways to appropriately influence corporate governance around cybersecurity. On 26 July 2023, the SEC voted to implement new rules for all publicly traded corporations.[1] [2]  

In 2011, the SEC issued guidance to help companies understand they should take responsibility for reducing cyber risk.  This was guidance vice formal regulation, but it helped raise awareness

In the face of unrelenting pressure from significant cyber incidents and regulatory action to mitigate them, enterprises are assessing whether they are doing enough to deal with cybersecurity.  Public companies are evaluating responses to new SEC rules calling for disclosures regarding cybersecurity strategy, risk management, and governance practices.  The SEC’s action against Solar Winds is setting off alarm bells throughout the cybersecurity community, causing CISOs to worry about personal lia

Last year, Forbes wrote a scary article about facts and patterns that applied to Halloween and Cybersecurity Awareness Month of October.[1]  After another year, the online environment and digital dangers are still unsettling, if not scarier.  So, exploring some of the stats and trends is time again.

“In 2023, the World Economic Forum, for the first time, ranked cybercrime and cybersecurity as one of the top ten global risks over a 2-year and 10-year period.  Legislation in the US and Europe is m

A US government shutdown affects about 800,000 federal employees out of 1.8 million full-time civil servants.  About 380,000 are furloughed, meaning they cannot work or get paid.  The rest are working without pay.  A government shutdown can cause financial hardship for many federal employees, who may have to use their savings to survive while furloughed.

Nearly 85% of US cybersecurity agency CISA staff may be sent home at the end of the week as a government shutdown looms.  The US government wil

Context helps complete the picture and results in actionable intelligence that security teams can use to make informed decisions quickly.  Today’s modern network demands solutions that go beyond simple one-size-fits-all approaches.  Traditional protection methods have proven inadequate against evolving threats, and modern cybersecurity solutions often integrate multiple security tools and technologies.[1]

These considerations, combined with the increasing volume of data generated from various so

Maintaining today’s digital acceleration takes time, effort, and scrutiny.  Adding new tools and investments increases the complexity and vulnerability of enterprise security environments, exposing gaps in communication and collaboration, creating siloed systems, and slowing response times.  Securing the enterprise against today’s increasingly sophisticated threat landscape calls for a cybersecurity platform architecture automated for operational efficiency, a security architecture broad enough

The Internet continues to expand and connect more devices every minute.  The number of connected devices is now over 10 billion, so the need for effective cyber threat intelligence sharing has never been greater.  Cyber-attacks have increased in frequency and sophistication, presenting significant challenges for organizations that must defend their data and systems from capable threat actors.   Cyber threat information is any information that can help an organization identify, assess, monitor, a

Poor results reflect that (87%) of US defense contractors are failing to meet basic cybersecurity regulation requirements, according to research commissioned by CyberSheath. The survey of 300 US-based Department of Defense (DoD) contractors found that just 13% of respondents have a Supplier Risk Performance System (SPRS) score of 70 or above. Under the Defense Federal Acquisition Regulation Supplement (DFARS), a score of 110 is required for full compliance.  So, a school grade of “C”, a score of

As a young intelligence officer, if you had told me an adversary could act anonymously and alone, easily acquire the most advanced weaponry, disrupt or take down almost any “connected” target globally, and our ability to prevent these attacks was systemically flawed – I would have been astonished.  As always, all adversaries integrate intention, capability, and opportunity.  With cyber warfare, a breadth of adversaries and individuals can bring to bear all three by continuously aiming at the U.S

New guidance from the National Institute of Standards and Technology spells out security measures for "critical software" used by federal agencies and minimum standards for testing its source code.  The best practices could be a model for the private sector as well.  NIST's release of best practices carries out a mandate in President Joe Biden's May executive order on cybersecurity, which, in part, called for agencies to address supply chain threats, such as that posed by the SolarWinds incident

Die Zahl der registrierten Cyberkriminalität steigt im deutschen Cyberspace weiter an, wobei sich Cyberkriminelle zunehmend auf "größere Beute" konzentrieren.  Die Zahl der DDoS-Attacken nimmt weiter zu, ebenso deren Intensität.  Die Täter sind global vernetzt und agieren mit zunehmender Geschicklichkeit und Professionalität.  Die Dark-Web-Underground-Economy wächst und stellt eine kriminelle, globale Parallelökonomie dar, die primär auf finanziellen Profit aus ist.  Haupttreiber des Profits ist

They say, “Common Sense is Instinct; Enough of it - Genius.”  Let us prove a path toward cyber brilliance.  Cybersecurity hygiene has never been as important as it is today.  At home workers are now doing business remotely, putting in more hours and dealing with new situations they have never experienced.  For many, this change is both stressful and distracting.  These changes have upended the traditional workday and, in many cases, our concentration, which introduces risk.  Even the most securi

No, I am not making this up.  This really happened and it started with a phishing attack.  Those you who have read my past articles will see a theme, “Always verify any requests in person to change bank accounts or make any payment that is not authorized and verified by voice through a company office.  Never rely on an email alone.” 

Cyber criminals posed as the wife of Crown Bank CEO Jacinto Rodriques by utilizing a spoofed email address that really looked legitimate.  Crown Bank is a community