Wonder Information


Security Modernization for the Cloud

This is the first in a blog series that will focus on all phases of security delivery: design, dev/build, test, deploy, operate and learn.  Many organizations are facing new cybersecurity concerns as they look to accelerate their digital transformations for themselves and their customers. At the same time, information technology […]


Web Application Security – A Complete Guide

OCD or just very fond of structure, I must confess that I like pretty much everything around me to be in (a specific) order. Due to this habit, I got used to working mostly with web applications, since I don’t like to have many windows opened on my taskbar and […]


Endpoint Security Using AI & MITRE For Your Remote Workforce

As employees increasingly work remotely, it is more important than ever to maintain visibility and threat detection in a remote working world. We have seen a significant increase in state-sponsored attacks and malicious phishing campaigns, and this trend is expected to continue. This period of remote work is a good […]


Platform Security: Intel Pushes to Reduce Supply Chain Attacks

SPONSORED CONTENT: Attacks on supply chains involve lots of players and companies, not to mention an exponential amount of data for the stealing, notes Intel’s Tom Garrison. Notoriously difficult to detect and mitigate, Garrison discusses new approaches to securing an individual company’s computing platforms, including Compute Lifecycle Assurance. Filmed for […]


IEEE Standards Association Marking World Standards Day With a Video Contest

Image: iStockphoto THE INSTITUTE Every year on 14 October the IEEE Standards Association (IEEE SA) joins the international community in celebrating the importance of standards development and honoring the collaboration of individuals and organizations across the globe that drive technological innovation. This year’s World Standards Day theme is “Raising the […]


Why Satellite Communication Eavesdropping Will Remain A Problem

Oxford PhD candidate James Pavur shows that SATCOM security has still made no progress since previous Black Hat disclosures, and discusses the physical and economic limitations that slow make it unlikely to improve anytime soon. Filmed for the Dark Reading News Desk at Black Hat Virtual. Watch the entire program […]


Retooling the SOC for a Post-COVID World

Residual work-from-home policies will require changes to security policies, procedures, and technologies. Things have changed a lot since the start of 2020. Our workforces have shifted to a largely off-site model, as have schools, entertainment, and pretty much all other activities that can be maintained without face-to-face interaction. Those organizations […]


Kein Unternehmen kommt ohne IoT-Sicherheit aus

Potential in lernenden Systemen Kein Unternehmen kommt ohne IoT-Sicherheit aus Das Internet der Dinge setzt sich in großem Stil durch, weil die potenziellen Vorteile immens sind. Ob es sich um Gebäude- und Straßenlichtsensoren, Überwachungskameras, IP-Telefone, Point-of-Sale-Systeme, Konferenzraumtechnik und vieles mehr handelt. (Bild: ©chesky/Fotolia.com) Das IoT ist im Netzwerk und im […]


Schwachstellen priorisieren und beheben

Vulnerability Mitigation App Schwachstellen priorisieren und beheben Mit der Vulnerability Mitigation App (VMA) stellt Tufin eine Applikation zur Verfügung, die es Unternehmen ermöglicht, Bedrohungen zu priorisieren und auf diese Weise eine effektive Fehlerbehebung und automatisierte Risikominderung zu gewährleisten. (Bild: Tufin Technologies) Im Zentrum steht dabei die Integration mit führenden Schwachstellenmanagement-Lösungen […]


Google Investing In ADT for Smart Home Security; Nest Device Monitoring

by Joe Panettieri • Aug 3, 2020 Google and ADT are partnering to develop smart home security technology and services, the search giant and Top 200 MSSP say. The Google-ADT smart home security relationship includes these components: Google ($GOOG) plans to invest $450 million in ADT stock, and will acquire […]


Build a Roadmap for Cyber Resilience

The current information security landscape is rapidly evolving. According to the latest research from IBM Security and the Ponemon Institute’s 2020 Cyber Resilient Organization Report, 67% of organizations reported that the volume of attacks had significantly increased over the past 12 months. It’s not just the amount of attacks that […]


Dare for More, featuring the ICS kill-chain and a steel mill

When selecting a topic for a blog I generally pick one that entails some controversy. This time I select a topic that is generally accepted and attempt to challenge it to create the controversy. I believe very much that OT security is about learning, and that learning requires to continuously […]


Playing chess on an ICS board

Abstract This week’s blog discusses what a Hazard and Operability study (HAZOP) is and some of the challenges (and benefits) it offers when applying the method for OT cyber security risk. I discuss the different methods available, and introduce the concept of counterfactual hazard identification and risk analysis. I will […]


How privacy can decrease safety

As a software company founder, I spent the majority of 2017 collecting feedback from teens, pediatricians, church leaders, and school administrators of the trends they are seeing in the United States related to sexting and sextortion. Bark Technologies, which monitors over 5M teens text, email, school, and social media accounts, […]


IT und OT: Raus aus den Silos!

Cybersecurity IT und OT: Raus aus den Silos! Mit der vernetzten Produktion wachsen IT und OT zusammen. Die Security-Teams der beiden Bereiche arbeiten jedoch meist noch getrennt voneinander. Das muss sich ändern – ist aber eine Herausforderung. (Bild: ©kupicoo/gettyimage.com) 66 Prozent der Industrieunternehmen haben ihre Produktionsanlagen bereits IP-basiert vernetzt, so […]


SafeBreach Platform

The MITRE ATT&CK heat map in the SafeBreach Platform lets security pros make deep dives into an environment’s strengths and weaknesses (Source: SafeBreach) Vendor: SafeBreach Price: N/A – Based on the size of deployment Contact: www.safebreach.com Quick Read  What it does: SafeBreach Platform automatically executes thousands of breach methods from […]


Forescout and ServiceNow advance tech partnership to protect critical infrastructure

Forescout and ServiceNow have announced they are advancing their partnership for enhanced operational technology (OT) and industrial IoT capabilities, with an aim of helping organisations to protect critical infrastructure from cyber threats. The new technology integration is said to help ensure integrity and stability of critical infrastructure through improving asset […]


Integrated cloud-native security platforms can overcome limitations of traditional security products

To close security gaps caused by rapidly changing digital ecosystems, organizations must adopt an integrated cloud-native security platform that incorporates artificial intelligence, automation, intelligence, threat detection and data analytics capabilities, according to 451 Research. Cloud-native security platforms are essential The report clearly defines how to create a scalable, adaptable, and […]


Datalogic: Sichert Maschinen und FTS ab

Der Sicherheits-Laserscanner Laser Sentinel Enhanced von Datalogic macht sowohl Maschinen als auch Fahrerlose Transportsysteme sicher. Es gibt ihn in verschiedenen Modellen. Read the Full Article here: >Computer-Automation – News


Industrial Blockchain Competitive Ranking

Actionable Benefits Optimize Industrial Blockchain Deployments on Cloud Platforms. Determine which Platform Offering best suits specific industrial needs. Identify which industrial applications can benefit from blockchain deployment. Critical Questions Answered What is the maturity of Industrial blockchain platforms in terms of PoCs and Commercial launches? What are the integration and […]


New MATA Multi-platform malware framework linked to NK Lazarus APT

North Korea-linked Lazarus APT Group has used a new multi-platform malware framework, dubbed MATA, to target entities worldwide The notorious Lazarus Group is using a new multi-platform malware framework, dubbed MATA, in attacks aimed at organizations worldwide, to deploy Kaspersky researchers observed that MATA was used by the threat actors […]


Blackpoint Cyber MDR 4.0: Stopping breaches before they take hold

Blackpoint Cyber announces the launch of its MDR (Managed Detection and Response) 4.0 service, which provides 24/7 security monitoring, live threat detection, active threat hunting, and true response; stopping breaches before they take hold. MDR 4.0 is built around the company’s patented SNAP-Defense platform — the first contextually aware breach […]


Building the Ultimate Home Office (Again)

Presently sponsored by: SecurityFWD. A brand new YouTube show from Varonis. Watch Episode 1: How Far can Wi-Fi Travel? I was searching around for a quote a long the lines of you only being as good as the tools you use and somehow, I ended up down this rabbit hole […]


Rise of the Robots: How You Should Secure RPA

Robotic Process Automation (RPA) is the next big thing in innovation and digital strategy. But what security details are overlooked in the rush to implement bots? (image by phonlamaiphoto via Adobe Stock) The robot takeover we have longed fear is here. Well, not really. But Robotic Process Automation (RPA), business […]


Google announces G Suite integrated workplace, new security features

Google Cloud has announced a new G Suite integrated workspace that combines Gmail, Google Chat and Google Meet.  The major update aims to improve collaboration, navigation, and search by bringing together video, chat, email, files, and tasks, in line with Google’s long-term vision to seamlessly integrate its core workplace products. […]


Gartner Top 8 Supply Chain Technology Trends for 2020

In preparation for the reset in a post-coronavirus-world, supply chain leaders seek to exploit the benefits of digitalization to an even greater degree. They must look to innovative technologies that have the potential to disrupt supply chain operating models and provide a competitive advantage. It is important for supply chain […]


Fabriksoftware agil entwickeln und validieren

MES-Projekte in regulierten Industrien Fabriksoftware agil entwickeln und validieren Branchen wie die Medizintechnik- und Pharmaindustrie müssen bei ihren Softwareprojekten strenge Validierungspflichten einhalten. Für die Projektleiter heißt das, Agilität und Konformität in sensiblem Gleichgewicht zu halten. Das V-Modell illustriert den organisatorischen Weg zur validierten Software. (Bild: Carl Zeiss MES Solutions GmbH) […]


Cybersecurity spending to grow this year but may be hit by budget constraints

Spending on security products and services for 2020 could increase as much as 5.6%, or as little as 2.5%, depending on the economic impact of the coronavirus on IT budgets, says Canalys. Image: metamorworks, Getty Images/iStockphoto Even in the midst of the coronavirus pandemic, organizations need to focus on shoring […]


Companies must reset their business strategy in 3 stages — Gartner

Companies must reset their business strategy due to Covid-19 pandemic in 3 stages — Gartner Gartner says that companies must reset their business strategy due to Covid-19 pandemic in 3 stages; respond, recover and renew Gartner has advised how companies should rest their business strategy due to Covid-19. As the […]


Microsoft 365 gets security, risk management, and compliance updates for remote work

At its Inspire 2020 partners conference this week, Microsoft rolled out new Microsoft 365 security, risk management, and compliance tools for remote work. The company announced its Endpoint Data Loss Prevention solution and Double Key Encryption in public preview. Other security announcements included new features for Insider Risk Management and […]


Industrial Blockchain Competitive Assessment

Actionable Benefits Optimize Industrial Blockchain Deployments on Cloud Platforms. Determine which Platform Offering best suits specific industrial needs. Identify which industrial applications can benefit from blockchain deployment. Critical Questions Answered What is the maturity of Industrial blockchain platforms in terms of PoCs and Commercial launches? What are the integration and […]


Insights From Forrester’s US Retail Recovery Heat Maps (April – July 2020)

Over the last 3 months we have estimated how the retail economies of 30 major US metropolitan areas are recovering from COVID-19. By aggregating eleven metrics (across retail sales, local economic indicators, and virus spread), our model predicts that these metropolitan areas will face differing levels of COVID-19 disruption. For […]


What Are Cloud Security Posture Management Tools?

by KuppingerCole • Jul 21, 2020 Many security product vendors are now offering CSPM (Cloud Security Posture Management) as part of their portfolio — so what is CSPM and why might you need it? In their race towards digital transformation, organizations are using cloud services to accelerate the development of […]


The Emerging Role of SASE and the Cloud

The Emerging Role of SASE and the Cloud July 20, 2020 • Caitlin Mattingly As many organizations accelerate their move to the cloud — thanks in no small part to the global pandemic and the shift to working from home — the adoption of SASE protocols is proving attractive. SASE […]


What is Privileged Access Management (PAM)?

Privileged Access Management ensures business safety through privileged accounts monitoring, preventing external and internal threats that result from the improper use of admin rights. It is based upon the Principle of Least Privilege, where users are given the absolute minimum access necessary to complete their responsibilities. If you are concerned […]


Deutschland gehört zu den verwundbarsten Ländern der Erde

Die Analyse der Internetzugänge und -Dienste in Deutschland deckte im April und Mai 2020 insgesamt 4.611.927 Schwachstellen auf, wovon über 38,5% oder 1.776.608 der entdeckten Schwachstellen in exponierten Diensten als hoch (CVSS 8.5+) einzustufen sind. Damit übertrifft Deutschland alle anderen Länder in der NICER-Erhebung. CVSS bedeutet Common Vulnerability Scoring System, […]


Detecting Operational Technology Threats with Claroty and LogRhythm

Attacks on operational technology (OT) have been rising in the for the last decade.[1] The rise began with the Stuxnet worm that attacked Programmable Logic Controllers (PLCs) in SCADA systems and has increased sharply in the last few years. Much of this increase is largely due to the migration of […]


Continued Rise in Ransomware Attacks Against Healthcare Providers

Continued Rise in Ransomware Attacks Against Healthcare Providers July 16, 2020 • Allan Liska It seems almost trite to write a report about ransomware attacks against healthcare providers. After all, organizations as diverse as INTERPOL, Microsoft, and the Cybersecurity Infrastructure and Security Agency (CISA) have all written about the rise […]


Security for the Modern OT Environment

Operational Technology (OT) – the hardware and software that’s used to monitor, detect and control changes to devices, processors and events of industrial equipment are popular targets for cyber attackers…and for good reason. Unauthorized access to critical Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) systems can […]


The SANS Security Awareness Planning Kit

We know that when it comes to measuring and managing your human risk, it can be confusing where to start. Even if you have a Security Awareness program in place, how do you measure and communicate your program’s impact, benchmark your program against others, and take your program to the […]


How to Assess More Sophisticated IoT Threats

Read Jack Mannino explain how to detect sophisticated Internet of Things cyber threats on Dark Reading : As devices and technologies connecting us to the world evolve, cybercriminals are evolving their methods to attack and compromise critical systems across the Internet of Things (IoT). Building IoT products that can withstand […]


10 Reasons Why The Cloud Is The Future Of Industrial Monitoring

Cloud platforms’ reliability, security, and scale are defining the future of supervisory control and data acquisition (SCADA)-based real-time industrial monitoring. By adopting cloud-based technologies to provide a 360-degree view of remote operations, oil and gas, transportation, and telecommunications enterprises are achieving process efficiency gains, reducing costs, and improving remote site […]


Man who lived luxury lifestyle after hacking LinkedIn and Dropbox is found guilty

A US District court in California has found a Russian hacker guilty of breaking into the networks of LinkedIn, Dropbox, and the now defunct social network Formspring, and selling their user databases on the computer underground. In October 2016, Yevgeniy Nikulin was arrested at a hotel restaurant in central Prague […]