Wonder Information

What is the real cost of ransomware?

Cybereason released research findings from a global ransomware study of nearly 1,300 security professionals that reveals more than half of organizations have been the victim of a ransomware attack, and that 80 percent of businesses that chose to pay a ransom demand suffered a second ransomware attack, often at the […]

Industrie 4.0: Der Spitzendialog

Zur Hannover Messe 2011 wurde das Zukunftsprojekt Industrie 4.0 offiziell ins Leben gerufen. Der Forschungsbeirat der Plattform Industrie 4.0 traf sich nun zu einem Spitzendialog und entwarf ein zwölf Punkte umfassendes Kommuniqué der noch anstehenden Arbeiten. Read the Full Article here: >Computer-Automation – News


Die Welt geht unter. Wieder einmal. Diesmal ist sie am 21. Dezember untergegangen. Eigentlich dürftest Du also diesen Newsletter gar nicht mehr lesen können, weil der Weltuntergang letzten Freitag war. So wie die Dinge allerdings stehen, liest Du diesen Artikel trotzdem. Auch nach der Jahrtausendwende 2000 drehte sich unsere Welt weiter […]

Security by Design and NIST 800-160, Part 3: Technical Processes

Picking up where we left off on the security-by-design thinking offered by NIST 800-160 Volume 1, we move onward in Chapter 3, focusing on the technical management processes. Let’s look at some security design principles at the technical processes level.  Technical Management Processes Chapter 3.3 shows us eight processes. Like […]

Navigating the Travel Industry with Threat Intelligence

Our guest this week is Collin Barry, Director of Cyber Threat Intelligence at Expedia Group. He shares his career path, including globetrotting stops at the CIA and with Booz Allen Hamilton, and what his day-to-day looks like at Expedia Group, leading their threat intelligence efforts, protecting their online travel and […]

Malware Party Tricks and Cybersecurity Trends

This week we welcome back to our program security pioneer Graham Cluley. After starting his career writing the original version of Dr. Solomon’s Antivirus Toolkit for Windows, Graham moved on to senior positions at Sophos and McAfee. In 2011 he was inducted into the Infosecurity Europe Hall of Fame. These […]

Is XDR the Answer? Improving Your Security Program With or Without a SIEM

Speaker: Matt DeMatteo, Technical Evangelist and Gary Deckerd, Product ManagerLive: May 27, 2021 at 11 am EDTDuration: 1 hour What you’ll learn: SOC Challenges Addressed by XDR Core Values Security Programs Should Expect from SIEMs Use Cases Where Taegis™ XDR Can Be a SIEM Alternative or Complementary A recent Forrester […]

OT and IoT Security: Adopt a Post-Breach Mindset Today

It seems like every day we’re reading about cybersecurity breaches and cyberattacks on critical infrastructure around the world. What used to be a once or twice a year occurrence 10 years ago now seems to be the new everyday normal. And, that’s just what we see in terms of what’s […]

Rise of the Chief Intelligence Officer (CINO)

Anomali Sr. Director of Cyber Intelligence Strategy A.J. Nash recently penned a column for United States Cybersecurity Magazine about how changing security challenges call for new skillsets and leadership professionals, who can help to develop ad run new programs that keep pace with modern adversaries. In “Rise of the Chief […]

Darktrace partners with Microsoft to provide autonomous response to cyber-threats

Darktrace announced that it has joined forces with Microsoft. The partnership provides mutual customers with enterprise scale, self-learning AI that detects and autonomously responds to cyber-threats. This collaboration amplifies Darktrace’s self-learning artificial intelligence for cyber security within Microsoft environments, including Microsoft 365 and cloud applications like Azure Sentinel. As organizations […]

CrowdStrike and Google Cloud deliver defense-in-depth security across hybrid cloud environments

CrowdStrike and Google Cloud announced a series of product integrations to deliver joint customers defense-in-depth security, comprehensive visibility and workload protection at scale across hybrid cloud environments. These integrations will enable more seamless sharing of telemetry and data between the two security platforms, helping maintain high levels of security across […]

Getting Started With Cybersecurity Risk Assessment: When It’s Not About Information Technology

In any industry that uses industrial automated control systems (IACS), the potential consequences due to cyberattacks ranges from potential fatalities, catastrophic environmental incidents, equipment damage and significant business interruption. All of these have a higher priority that transcends the traditional information technology (IT) risks such as loss of privacy. When […]

Embracing mainframe pen tests in the new normal

Today’s columnist, Mark Wilson of BMC Mainframe Services, writes about how the pandemic has finally shifted the culture and remote pen tests on mainframes are now acceptable. Agiorgio CreativeCommons CC BY-SA 4.0 Until recently, mainframe penetration testing was performed onsite for no other reason than “it’s a mainframe.” Yet the […]

SMBs increasingly face same cyber threats as large enterprises

For the first time since the Verizon Data Breach Investigations Report began tracking cyberattack techniques, threat patterns affecting small and medium businesses began to closely align with the patterns affecting large firms. (Photo by Scott Olson/Getty Images) For the first time since the Verizon Data Breach Investigations Report began tracking […]

IoT-Toolset als Lösungsansatz für Industrie 4.0

Susietec von Kontron IoT-Toolset als Lösungsansatz für Industrie 4.0 Immer mehr Anlagen sollen Betriebsdaten im IoT zur Bearbeitung bereitstellen. Mit dem Susietec-Portfolio will Kontron insbesondere den Aufbau von IoT-Lösungen für bestehende Anlagen unterstützen. Der Anbieter von IoT- und Embedded-Computing-Technologie rechnet für 2021 mit mehr als 50 Prozent Wachstum in diesem […]

Ferninbetriebnahme durch IIoT

Ferninbetriebnahme durch IIoT Bild: IXON B.V. Was ist Fernbetriebnahme und welche Vorteile birgt sie in sich? Wir erzählen die Geschichte eines Kunden, der mit der IXON Cloud und einer HoloLens seine Maschinen aus der Ferne einsatzbereit gemacht hat und wie er und seine Kunden davon profitieren. Der Beitrag Ferninbetriebnahme durch […]

To Innovate Better, Choose Evidence-Based Innovation

Is getting better at innovating important to you? Most companies know they need to innovate in their products, services, and customer experience (CX) but struggle to do it well. To find out what they’re doing to overcome that challenge, we surveyed organizations about their business priorities — including specifically whether […]

Kubernetes (K8s): From Orchestration War To Platform Showdown To OS Standard?

When the once-hot Mesos open source project had a recent brush with oblivion, veterans of the container orchestration wars may have paused at the news only to marvel that Mesos is still around at all. The triumph of Kubernetes (K8s) as the dominant container orchestration has long seemed inevitable, given […]

Brain Hacks – Sleep to Learn | Accenture

Sleep is learning with your eyes closed. Really it is. This brain hack explains the relationship between sleep and learning and gives science based tips to improve your learning through sleep.  #learningscience #learnbetter #brainhealth Read the Full Article here: >Accenture

The Future Of Apple’s (And Others’) App Store

Epic’s battle with Apple is coming to the courts in Oakland, CA on May 3rd. The history of the battle (a.k.a. “Project Liberty”) is well documented in the news. You may be more familiar with Epic’s popular multi-player game Fortnite than the privately held parent company that today is worth […]

Cybersecurity Webinar: Understanding the 2020 MITRE ATT&CK Results

The release of MITRE Engenuity’s Carbanak+Fin7 ATT&CK evaluations every year is a benchmark for the cybersecurity industry. The organization’s tests measure how well security vendors can detect and respond to threats and offers an independent metric for customers and security leaders to understand how well vendors perform on a variety […]

Why hackers are increasingly targeting video game companies

The targets of the latest attacks are C-suite executives in the video game industry, says BlackCloak. scyther5, Getty Images/iStockphoto Any organization can be vulnerable to cyberattack. But some have proved to be susceptible, especially over the past year as the coronavirus pandemic has wreaked havoc with traditional work environments. A […]

Expect an Increase in Attacks on AI Systems

Companies are quickly adopting machine learning but not focusing on how to verify systems and produce trustworthy results, new report shows. Research into methods of attacking machine-learning and artificial-intelligence systems has surged—with nearly 2,000 papers published on the topic in one repository over the last decade—but organizations have not adopted commensurate […]

CISA, NIST published an advisory on supply chain attacks

CISA and NIST published a report on software supply chain attacks that shed light on the associated risks and provide instructions on how to mitigate them. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) released a joint advisory that provides trends […]

The cyber security mesh: how security paradigms are shifting

The cyber security mesh: how security paradigms are shifting Alex Baxendale, vice-president consulting expert at CGI, discusses the rise of the cyber security mesh, and how the paradigms of cyber security have shifted Organisational security demands have shifted with a move to hybrid working. As the world around us has […]

AI industry alarmingly unprepared for real-world attacks

Adversa has published comprehensive research on the security and trustworthiness of AI systems worldwide during the last decade. The report reveals the most critical real-world security threats facing AI and effective countermeasures to protect these systems. The research considers the impact of ongoing regulations concerning AI security in the EU […]

Privacy and security in the software designing

The importance of carrying out a careful risk and impact assessment in order to safeguard the security of the information and the data privacy. In order to reduce as much as possible the vulnerabilities and programming errors that can affect not only the quality of the product itself but can […]

Gutachten in der IT-Sicherheit und IT-Forensik: Neben Fachkenntnis zählt Kommunikation

Datenpannen oder Cyber-Angriffe führen oft zu Prozessen vor Gericht oder Auseinandersetzungen mit Versicherungen. Dann müssen Gutachter Licht ins Dunkel bringen. Die Dynamik der IT mit immer neuen Feldern wie IoT, OT, Cloud, mobilem Zugriff und Social Media macht es selbst Sachbearbeitern und Prozessbeteiligten mit IT-Grundkenntnissen immer schwerer, Situationen fundiert zu […]

BSI zeigt Maßnahmen für sicheren KI-Einsatz auf

BSI zeigt Maßnahmen für sicheren KI-Einsatz auf Datum 21.04.2021 Die Künstliche Intelligenz (KI) hält zunehmend Einzug in den Alltag. Das betrifft auch potentiell kritische Anwendungsgebiete wie das (teil)autonome Fahren, die Gesichtserkennung oder die Auswertung medizinischer Daten. Den guten Leistungen der KI-Methoden stehen aber auch bislang ungelöste Probleme gegenüber. In einem […]

MITRE Engenuity ATT&CK® Evaluation proves Microsoft Defender for Endpoint stops advanced attacks across platforms

For the third year in a row, Microsoft successfully demonstrated industry-leading defense capabilities in the independent MITRE Engenuity ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) Evaluations. As the attack surface evolves on a near-daily basis, threat actors are creating more advanced techniques targeted across domains such as endpoints, identities, emails, […]

How Do ERP and MES Work Together?

Learn the main differences between enterprise resource planning (ERP) and manufacturing execution systems (MES) and how they are used together in a control system. Read the Full Article here: >Control.com

Product Centricity Is Coming To Your Organization

I talk to many Forrester customers every week who are transforming: digital, agile, DevOps, or some mix of the three. One common theme is an interest in product team organization. This has been a hot topic for some time, and interest still seems to be increasing. To explain what a […]

Streamlining Third-Party Risk Management

Joining us this week is Madiha Fatima, a director and head of third-party risk management at Angelo Gordon.  Our conversation centers on creating and maintaining an effective third-party risk management program. We discuss creating an effective due diligence process, integrating automation and process efficiencies, as well as some of the […]

What to consider when shopping for cyber insurance

Cyber insurance is gaining favor in the business world. An expert offers tips on how to get what’s needed for the best price. Image: iStock/Getty Images Plus In his TechRepublic article IBM finds cyberattacks costing companies nearly $4 million per breach, Jonathan Greig mentioned, “On average, breaches now cost organizations $3.86 […]

11 Useful Security Tips for Securing Your AWS Environment

Want to take advantage of excellent cloud services? Amazon Web Services may be the perfect solution, but don’t forget about AWS security. Whether you want to use AWS for a few things or everything, you need to protect access to it. Then you can make sure your business can run […]

Man arrested after hired a hitman on the dark web

A joint operation of Europol and the Italian Postal and Communication Police resulted in the arrest of an Italian national who hired a hitman on the dark web. Europol and the Italian Postal and Communication Police (Polizia Postale e delle Comunicazioni) arrested an Italian national as part of the “Operation […]

Google’s Project Zero Finds a Nation-State Zero-Day Operation

Google’s Project Zero discovered, and caused to be patched, eleven zero-day exploits against Chrome, Safari, Microsoft Windows, and iOS. This seems to have been exploited by “Western government operatives actively conducting a counterterrorism operation”: The exploits, which went back to early 2020 and used never-before-seen techniques, were “watering hole” attacks […]

Threat matrix for storage services

The move to cloud is happening faster than ever before and organizations are increasing their dependency on cloud storage services. In fact, Microsoft Azure Storage services are one of the most popular services in the cloud. Companies need effective threat protection and mitigation strategies and tools in place as they […]

Secure Your Home Wi-Fi Network

Be aware of all the devices connected to your home network, including baby monitors, gaming consoles, TVs, appliances or even your car. Ensure all those devices are protected by a strong password and/or are running the latest version of their operating system. Read the Full Article here: >SANS Institute Security […]

What do digital drivers want?

Strict emissions standards and the digitization of automobiles are raising major questions among automotive original equipment manufacturers (OEMs). What does this mean for the future of customer preferences? Read the Full Article here: >Accenture

6 tips for receiving and responding to third-party security disclosures

Organizations—especially large companies—often don’t learn about an intrusion or breach of their systems until an external party like a security researcher, law enforcement agency or business partner alerts them to it. The expanding range of attack methods, the growing use of open-source components, and the adoption of cloud services have […]

Anomali Cyber Watch: Android Malware, Government, Middle East and More

The various threat intelligence stories in this iteration of the Anomali Cyber Watch discuss the following topics: APT, Cobalt Group, FIN6, NetWalker, OilRig, Rocke Group, and Vulnerabilities. The IOCs related to these stories are attached to Anomali Cyber Watch and can be used to check your logs for potential malicious […]

The difference between SASE and Zero Trust

Customers often ask me: What is the difference between Zero Trust and SASE?  My answer is almost always the same: Nothing….and, everything.  Both have taken the industry by storm over the last couple of years, and even more so with the security and access demands on the business driven by […]

Delivering an effective cyber security strategy within healthcare

Delivering an effective cyber security strategy within healthcare Kevin Curran, IEEE senior member and professor of cyber security at Ulster University, discusses the delivery of an effective cyber security strategy within healthcare An effective strategy is vital to long-term protection of healthcare data. Just a few months ago, the UK […]