Incident response – WindowsTechs.com

How Attorneys Are Harming Cybersecurity Incident Response

Posted on June 7, 2023 by Bruce Schneier

New paper: “Lessons Lost: Incident Response in the Age of Cyber Insurance and Breach Attorneys“:

Abstract: Incident Response (IR) allows victim firms to detect, contain, and recover from security incidents. It should also help the wider community avoid similar attacks in the future. In pursuit of these goals, technical practitioners are increasingly influenced by stakeholders like cyber insurers and lawyers. This paper explores these impacts via a multi-stage, mixed methods research design that involved 69 expert interviews, data on commercial relationships, and an online validation workshop. The first stage of our study established 11 stylized facts that describe how cyber insurance sends work to a small numbers of IR firms, drives down the fee paid, and appoints lawyers to direct technical investigators. The second stage showed that lawyers when directing incident response often: introduce legalistic contractual and communication steps that slow-down incident response; advise IR practitioners not to write down remediation steps or to produce formal reports; and restrict access to any documents produced…

Continue reading How Attorneys Are Harming Cybersecurity Incident Response→

SOCs Spend 32% of the Day On Incidents That Pose No Threat

Posted on June 6, 2023 by Josh Nadeau

When it comes to the first line of defense for any company, its Security Operations Center (SOC) is an essential component. A SOC is a dedicated team of professionals who monitor networks and systems for potential threats, provide analysis of detected issues and take the necessary actions to remediate any risks they uncover. Unfortunately, SOC […]

The post SOCs Spend 32% of the Day On Incidents That Pose No Threat appeared first on Security Intelligence.

Continue reading SOCs Spend 32% of the Day On Incidents That Pose No Threat→

My Return to Techno Security Conference

Posted on June 2, 2023 by jj

I have a long history with the Techno Security Conference, thanks to my mentor and friend “Uncle” Jack Wiles. At one point, over 10 years ago, I was the conference’s youngest ever keynote speaker. It’s with great honor I return again this year to deliv… Continue reading My Return to Techno Security Conference→

Poor Communication During a Data Breach Can Cost You — Here’s How to Avoid It

Posted on June 2, 2023 by Mitch Mayne

No one needs to tell you that data breaches are costly. That data has been quantified and the numbers are staggering. In fact, the IBM Security Cost of a Data Breach estimates that the average cost of a data breach in 2022 was $4.35 million, with 83% of organizations experiencing one or more security incidents. […]

The post Poor Communication During a Data Breach Can Cost You — Here’s How to Avoid It appeared first on Security Intelligence.

Continue reading Poor Communication During a Data Breach Can Cost You — Here’s How to Avoid It→

Critical Vulnerability in Progress MOVEit Transfer: Technical Analysis and Recommendations

Posted on June 1, 2023 by Nathan Noll

On May 31, 2023, Progress Software released a security bulletin concerning a critical vulnerability within MOVEit Transfer, a widely used secure file transfer system. TrustedSec has performed analysis on the vulnerability and post-exploitation activities. At the time of publication, there is no associated CVE or CVS score. This post will describe the research conducted so…

The post Critical Vulnerability in Progress MOVEit Transfer: Technical Analysis and Recommendations appeared first on TrustedSec.

Continue reading Critical Vulnerability in Progress MOVEit Transfer: Technical Analysis and Recommendations→

Threat actors can exfiltrate data from Google Drive without leaving a trace

Posted on June 1, 2023 by Zeljka Zorz

Google Workspace (formerly G Suite) has a weak spot that can prevent the discovery of data exfiltration from Google Drive by a malicious outsider or insider, Mitiga researchers say. A problem for digital forensic analysts and incident responders &#8220… Continue reading Threat actors can exfiltrate data from Google Drive without leaving a trace→

Ransomware Renaissance 2023: The Definitive Guide to Stay Safer

Posted on June 1, 2023 by Mitch Mayne

Ransomware is experiencing a renaissance in 2023, with some cybersecurity firms reporting over 400 attacks in the month of March alone. And it shouldn’t be a surprise: the 2023 X-Force Threat Intelligence Index found backdoor deployments — malware providing remote access — as the top attacker action in 2022, and aptly predicted 2022’s backdoor failures […]

The post Ransomware Renaissance 2023: The Definitive Guide to Stay Safer appeared first on Security Intelligence.

Continue reading Ransomware Renaissance 2023: The Definitive Guide to Stay Safer→

Security Pros: Before You Do Anything, Understand Your Threat Landscape

Posted on May 25, 2023 by Marc Solomon

Regardless of the use case your security organization is focused on, you’ll likely waste time and resources and make poor decisions if you don’t start with understanding your threat landscape.
The post Security Pros: Before You Do Anything, Understand … Continue reading Security Pros: Before You Do Anything, Understand Your Threat Landscape→

Spearphishing report: 50% of companies were impacted in 2022

Posted on May 24, 2023 by Karl Greenberg

Barracuda Networks found that spearphishing exploits last year worked to great effect and took days to detect.
The post Spearphishing report: 50% of companies were impacted in 2022 appeared first on TechRepublic.
Continue reading Spearphishing report: 50% of companies were impacted in 2022→

Huntress Closes $60M Series C for MDR Expansion

Posted on May 16, 2023 by Ryan Naraine

Huntress closes a $60 million Series C financing round led by Sapphire Ventures. The company has now raised $118 million.
The post Huntress Closes $60M Series C for MDR Expansion appeared first on SecurityWeek.
Continue reading Huntress Closes $60M Series C for MDR Expansion→