The Bromium Labs team was able to get their hands on some live malware exploiting the Microsoft office vulnerability. First and foremost, on an unpatched workstation Bromium did its job by hardware isolating the Microsoft Word document into a protected virtual machine so that the host workstation was never infected. Secondly, it shows the amazing analytics

Late last week a new Microsoft Office vulnerability was discovered by McAfee; they discovered attacks exploiting this vulnerability back to late January 2017. This should raise substantial concern for anyone responsible for cyber security at their company or federal agency. Since January, every Windows-based MS Office machine was exposed to the worst type o

A supposed “white hat” hacker gained access to the network of the Dallas Office of Emergency Management and managed to set off 156 sirens used to alert of an emergency Alarms blared for 90 minutes before the city was able to manually shut down the entire system. How does this continue to happen? Because the current method of stopping malware just isn’t work

Detection-based techniques will always be one step behind the attacker. Extend NGAV using next gen virtualization with application isolation and control. Applications with the sensitive data are completely hardware-isolated from the host. In 2016, organizations spent over $80 billion on cybersecurity, while cybercriminals made $3 trillion in profit. Cybers

On March 4th 2016 an endpoint at a U.S. Federal Agency encountered the Angler EK TeslaCrypt while browsing a web site (hxxp://pssor.com/pssor-home) with Internet Explorer. At the time the malware was executed on the endpoint (March 4th 2016), this was not known by any anti-virus vendor. In fact, the earliest this was discovered was March 7th 2016. Due to Br

The New York State Department of Financial Services has proposed a cyber security regulation that is unique in its breadth. The original proposed regulation underwent a 45-day review period, after which it was changed. It is currently under another 45-day review period pending further changes and should be published in the next few weeks.The regulation affec

As more government agencies get involved with creating cybersecurity regulations, security professionals will need to monitor new laws and understand which apply to their industry and whether some overlap or conflict. Increased enforcement from different agencies can mean significant consequences even if breaches are avoided. As the new administration adjust

The revised – and still draft – version of the Trump Administration’s first Executive Order (EO) on cybersecurity shows both continuity and positive change over the Obama Administration’s policy pronouncements, addressing federal agency network protection, critical infrastructure cybersecurity, and national cyber defense priorities.Federal Networ

Cyber war is a term the U.S. government is intimately familiar with, but woefully unprepared for when it comes to mobile. Government employee mobile devices are a relatively new attack surface, and a particularly valuable one for espionage missions and other criminal intent. Mobile devices access confidential, classified, and other protected data classes. A

Continuous monitoring, situational awareness, common operational picture, single pane of glass — these are just a few of the terms with which I’ve become well-acquainted throughout my career. Each one attempts to depict how security operation centers (SOCs) can reach the holy grail of data aggregation. To prevent, respond to or remediate a security inc

Several high-profile attack campaigns targeting Middle Eastern companies have recently come to the attention of the security community. One of the first operations we heard about occurred on November 17, 2016, when Shamoon resurfaced and leveraged Disstrack malware to wipe the computers at an energy organization based in Saudi Arabia. Apparently, “Sham

Chief information security officers (CISOs) love to laugh at ridiculous compliance regulations. In the financial industry, for example, some organizations are forced to comply with Regulations Systems Compliance and Integrity (RegSCI), Commodity Futures Trading Commission (CFTC) rule 39.18, the Committee on Payments and Market Infrastructures (CPMI), the Int

As President Donald Trump arrives at the White House to start his term, he faces a very different collection of technology than when former President Barack Obama entered eight years ago. Back then, government PCs sported floppy drives and no president ever personally used Twitter or other form of social media. Indeed, social media access was initially block

Have you ever wondered what a national security letter (NSL) received by Google looks like? Well, wonder no more, as the Internet giant has published eight of them.Along with the letters, Google has made public the FBI notices that allow their publication.What gan be gleaned from these documents?The notices contain instructions of what can be revea

In September 2016, the White House announced the appointment of retired Brig. Gen. Gregory J. Touhill as the first federal chief information security officer (CISO). Touhill’s job is to drive cybersecurity, planning and implementation across the government. This announcement is presented as the culmination of several actions undertaken by the executive