Security sources have found that the European aerospace giant Airbus has been hit by a series of cyberattacks by hackers who targeted the company's suppliers in search of technical secrets, with suspicions the attack is linked to China. Two security sources involved in the investigation claim there have been four major attacks on Airbus within the last 12 months.

Organizations worldwide are grappling with the effects of cybersecurity breaches and its impact on business to enhance enterprise security. Hackers are willing to do what it takes to eavesdrop on vulnerable IT environments to steal intellectual property or sensitive information. They have the skills to infiltrate and break barriers in a highly connected and digitized business environment.

Ransomware is a type of malicious software, or malware, designed to deny access to a computer system or data until ransom is paid. Ransomware spreads through phishing emails, malvertising, visiting infected websites or by exploiting vulnerabilities. Ransomware attacks cause downtime, data leaks, intellectual property theft and data breaches. Ransom payment amounts range from a few hundred to hundreds of thousands of dollars. Payable in cryptocurrencies like Bitcoin.

An information security policy (ISP) is a set of rules, policies and procedures designed to ensure all users and networks within an organization meet minimum IT security and data protection security requirements. ISPs should address all data, programs, systems, facilities, infrastructure, users, third-parties and fourth-parties of an organization.

An estimated 16,000 websites are believed to be running a vulnerable and no-longer-maintained WordPress plugin that can be exploited to display pop-up ads and redirect visitors to webpages containing porn, scams, and–worst of all–malware designed to infect users’ computers. Researchers at WordFence went public about how hackers are exploiting a zero-day vulnerability in a third-party WordPress plugin called Rich Reviews to inject malvertising code into vulnerable WordPress sites.

Like storytelling, data visualization can be used to provide a narrative about your organization’s cybersecurity posture. Cybersecurity is never a single thing; it is an amalgamation of an often growing list of issues that never seem to end. So in order to make some sense of what it means for the health of your organization, I am combining several metrics to define a singular one—cybersecurity posture—in a visual manner.

As of today, no laws or regulations, even the latest version of PCI-DSS, HIPAA, and HITECH, do not make network segmentation or micro-segmentation compulsory to comply with the rule. By making network segmentation discretionary -- even when transmitting, processing, or storing regulated data, the number of breaches will continue to rise as companies err on the side of doing less with more.

Just a few years ago, most IT environments were made up of deployed servers on which personnel installed applications, oftentimes as many as that one system could handle. They then remained and ran that way for years. In the meantime, the IT team maintained the system and updated the applications as needed. Sometimes there were test versions of those systems, but this wasn’t often. Even then, the OS often didn’t match the production version of the same system.

SIEM deployment process can be rather involved and overwhelming since SIEM can offer a wide array of solutions for different needs of your organization. In this blog post, we discussed the deployment process of SIEM and added a brief checklist. SIEM tools have been one of the most topical tools in the industry for a while now. They offer a wide range of solutions to organizations from various backgrounds and sectors.