FBI: Pysa Ransomware Attacks Target Schools govinfosecurity.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from govinfosecurity.com Daily Mail and Mail on Sunday newspapers.
GovInfoSecurity
March 31, 2021 Get Permission
As concerns about the number of attacks targeting domain name system protocols continue to grow, the National Security Agency and the Cybersecurity and Infrastructure Security Agency have released new guidance on how to choose and deploy a Protective Domain Name System service to strengthen security.
The domain name system protocol, or DNS, acts as a phone book for the internet, taking the domain names used every day and translating them into a numeric code that helps computers find what the user is seeking. This older protocol is vulnerable to attacks, including DNS hijacking, which involves hackers manipulating records so they can see traffic flowing to a particular website or service (see:
Iran cyberespionage campaign s targets (Source: Trend Micro)
Hackers with suspected ties to Iran are continuing to wage a cyberespionage campaign against government agencies, academia and tourism organizations in the Middle East and nearby, according to a report by Trend Micro.
The spear-phishing campaign, dubbed Earth Vetala, which is designed to steal data, exploits remote admin tools such as ScreenConnect and Remote Utilities that allow system administrators to remotely manage their enterprise systems, Trend Micro says.
“We believe, with moderate confidence, that this newly identified activity is connected to [the threat group] MuddyWater, also known as TEMP.Zagros, Static Kitten and Seedworm,” the researchers note.
Dave Ferguson, Principal Solution Architect, Veracode Traditionally, software development training falls short on security. And as enterprises embrace the “shift left” movement, that gap puts them at risk. Veracode’s Dave Ferguson discusses the gap and how Veracode’s new Security Labs was developed to fill it.
In an interview with ISMG, Ferguson discusses:
Findings from the latest State of Software Security report;
Why developer training falls short on security;
The new Security Labs initiative and how it aims to change the game for developer training.
Ferguson is a principal solution architect at Veracode. He has 15 years of experience in application/software security and 12 years prior to that as an application developer. Before Veracode, he served as principal consultant at FishNet Security (now Optiv), led the global application security program at Sabre Corp. and directed the web application scanning product line at Qualys. Dave is the author of the original OWASP
Business Development Leader, Network Security, Cisco
Abhishek leads the Network Security GTM for EMEAR & APJC region in Global Security Sales organisation, based in Singapore. He is responsible for defining and developing growth strategies for customers & partners, to support positive business outcomes leveraging Cisco Network Security Solutions.
Abhishek has built and led sales and solutions architect teams in growth areas of cybersecurity, managed services and outsourcing and he knows how to help enterprise clients attain their businesses’ goals through transformational solutions and services. He was part of the core team that built arguably industry’s first global SOC for the largest MNC bank in 2007 and shares valuable war stories with the partners.