Tensions between the U.S. and Iran have soared in the last weeks. Washington and Tehran came close to a direct military conflict last month when the U.S. accused Tehran of orchestrating two attacks on oil tankers in the Persian Gulf region, which Iran denied. Then, after an Iranian missile shot down a U.S. drone, the U.S. ordered reactive airstrikes that were called off at the last minute. Instead, it was widely reported that the U.S. Cyber Command in the Pentagon launched cyber-attacks against the Iranian group that have been planning and orchestrating the tanker attacks in the region.
How do major regulatory frameworks for financial services differ across the world, and how is this changing?
Security testing (including scanning, penetration testing, red teaming, and more), is often seen as a compliance bug bear. However, if your security team wants to provide a level of assurance to the business that if an attack was to take place, you are well placed to both defend and detect it, it is essential that you perform the right kind of testing for your business. In this post, we’ll take a look at the types of testing you should be deploying within your organization by explaining what each type of test does and what it can (and can’t) deliver for you.
By Michael Fratello, Security Consultant at Nettitude
Since the WannaCry ransomware outbreak in May 2017, many people have been wondering what will be next…
The use of a sophisticated exploit that enabled the worm element to propagate was both clever and worrying. But the relatively unsophisticated ransomware attached to it meant that for many people, the impact was containable by simply patching systems.
Companies are dreading the news that they are being held to ransom, especially if it is through a more sophisticated mechanism which may not so easily be stopped or halted, or for those that acknowledge that their protection is not as up to date as it should be.
The WannaCry malware is a good example of how an attacker can take advantage of a vulnerability and a recent exploitation tool that has been made available to the public.
Topics: Research & Innovation