The market for you and your device’s location is enormous and growing. That data is collected by your network provider, by apps on your smart devices, and by the websites with which you engage. It is the holy grail of marketing, and infosec’s nightmare. 

Companies that produce location-tracking algorithms and technological magic are riding the hyper-personalized marketing rocket, which continues to expand at breathtaking speed. In the fall of 2021, Grandview Research estimated the U.S. market alone to be approximately $14 billion USD and expected it to expand at a compound annual growth rate (CAGR) of 15.6% from 2022 to 2030.

To read this article in full, please click here

Read More

There’s this belief among a lot of security professionals that we are special, in that we are the defenders of our companies.  We like to think we hold ourselves to a higher standard of care than our coworkers.  If not for us, the thinking goes, our companies would crash and burn in horrible ways.  Breaches would run rampant.  Data would be stolen left and right. Cloud environments would be filled with adversaries.  Enterprise systems would be locked up by ransomware.  Without our heroic efforts, those things would be happening all the time!  We are the defenders!

Except we aren’t the defenders.   We might be defenders, but we aren’t the only ones.  Our DevOps teams defend reliability all the time.  Our lawyers protect us from liability.  Our product managers and sales teams protect our paychecks (maybe they’re the real heroes).  In setting ourselves apart in our own minds, we set ourselves apart in practice.  While we like the heroic feeling it gives us to be the defenders, it has a lot of downsides.

To read this article in full, please click here

Read More

A typical corporate network consists of hundreds or thousands of devices generating millions of lines of logs pouring in every minute. What can make it possible, then, for SOC and threat intel analysts to sift through all this flow of information efficiently and separate malicious activity from daily noise in an automated fashion?

This is where Sigma rules come in handy.

What are sigma rules?

Sigma rules are textual signatures written in YAML that make it possible to detect anomalies in your environment by monitoring log events that can be signs of suspicious activity and cyber threats. Developed by threat intel analysts Florian Roth and Thomas Patzke, Sigma is a generic signature format for use in SIEM systems. A prime advantage of using a standardized format like Sigma is that the rules are cross-platform and work across different security information and event management (SIEM) products. As such, defenders can use a “common language” to share detection rules with each other independent of their security arsenal. These Sigma rules can then be converted by SIEM products into their distinct, SIEM-specific language, while retaining the logic conveyed by the Sigma rule.

To read this article in full, please click here

Read More

RDP is the main access vector for brokers

Read More