Stay Ahead With Linux Security Features
threat detection scalability Building a SIEM is easier than scaling one. Most open-source deployments start as a simple "all-in-one" server. It is easy to set up, but that design rarely survives the transition from a lab to a production workload. . A SIEM watching 20 endpoints is not doing the same job as one watching 500. More endpoints mean more logs; more logs require more storage; more storage makes search heavier. Eventually, the very architecture that made your lab easy to deploy becomes the reason your production...
Jun 04, 2026
security advisory apache A newly disclosed attack technique called HTTP/2 Bomb is drawing attention because it targets the software that sits at the front of much of the Linux internet. Apache HTTP Server, NGINX, Envoy, and the ingress layers that many Kubernetes environments depend on can be forced into consuming disproportionate amounts of memory using relatively small amounts of attacker traffic. . For Linux administrators, the concern is not the HTTP/2 protocol itself. It is the possibility that a single...
Jun 04, 2026
security advisory important The compromise of Nx Console shows how much infrastructure now sits behind a single developer account. GitHub repositories, CI/CD pipelines, container build systems, Terraform projects, Kubernetes deployments. None of those systems was the initial target. The workstation was. . Attackers did not need a Linux privilege escalation bug or a remote code execution chain. They needed developers to trust a tool they were already using. For many organizations, that was enough. What Happened? Federal...
Jun 03, 2026
security advisory open-source You remove the malware. You rotate the compromised credentials. You patch the original vulnerability and close the ticket. Two weeks later, the attacker is back. . What happened? You didn't lose the battle at the exploit; you lost it at the cleanup. In many modern Linux intrusions, the malware you found wasn't the main problem—it was the fallback mechanisms left behind. These hooks quietly restore attacker access the moment you look away. If you clean a host but miss these persistence layers,...
Jun 02, 2026
security advisory Red Hat Researchers investigating a campaign now tracked as Miasma found that more than 30 packages in Red Hat's @redhat-cloud-services npm namespace had been altered to deliver credential-stealing malware. . The packages weren't being used to deploy ransomware or sabotage systems. From what has been reported so far, the objective appears to have been much simpler: collect credentials from developer environments and use that access elsewhere. GitHub tokens, cloud credentials, SSH keys, and other...
Jun 02, 2026
Refine features
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security features
We found -1 articles for you...
102
social engineeringdns securitymalware preventionAI-Driven Cybersecurity Upgrades: 3 Strategic Uses
With the increasing pace and complexity of digital attacks, analysts are turning to AI threat detection to stretch IT resources and keep out cyber threats. No matter the size of a company's operations, AI-driven data analytics tools can provide threat intelligence and enable cybersecurity professionals to select appropriate protection measures. . Various industries have been using AI-powered cybersecurity strategies to: Protect employees from social engineering attacks Ensure network safety against DNS threats Prevent malware attacks In this article, we’ll discuss these three use cases to examine the impact of artificial intelligence on cybersecurity. 1. Protection From Social Engineering Attacks Today, social engineering comes in many shapes, and phishing attacks are always a problem. They could start with a weird-looking email that pops up on your company’s account. Maybe it’s a bad actor impersonating a partnered brand in an attempt to swindle information. Attackers could also try to get employees to click on a link to their malicious website. It mimics real login portals for entering sensitive information about clients or the business. The major problem with these types of attacks is that it can be hard to separate what’s genuine from what’s not. That’s where AI threat detection has an advantage: deep learning tools can analyze patterns to determine if an incoming message has hostile intent, and warn users before they click. In this way, AI security tools can shield businesses from phishing, spear phishing, and other social engineering attacks. Google is already using deep learning to protect its Gmail users from phishing attempts in the same manner. The search engine giant uses a combination of deep learning and computer vision to screen billions of image-based emails, like you’d do in a big data analytics project , and then quarantine possible threats. Deep learning is a more comprehensive approach to machine learning, in which an AI“brain” learns to solve problems on its own. Unlike basic machine learning, where algorithms learn only from labeled data, deep learning takes in large quantities of statistics. A deep neural network forms and evolves beyond examples to deal with new threats, unfamiliar to the system. So even if your business faces a new threat that the system hasn’t learned from yet, the algorithm should still be able to offer protection. If you were to receive spam or phishing emails, the DL neural network would block these emails from even getting into your company's networks. The criteria for social engineering blocking may flag down newly created domain messages and suspicious hard-to-read emails, among other metrics that cybersecurity analysts can fine-tune according to their needs. 2. DNS Threat Detection DNS is essentially the Internet’s directory. When we look up some of our favorite websites, we type in phrases or domain names such as espn.com or google.com. A DNS translates these website names into a language that devices can understand and work with, namely IP addresses. In a nutshell, the DNS enables movements between websites. Your company may be vulnerable to a DNS security threat in one of two ways. The first is a Distributed Denial-of-Service attack. During DDoS attacks , your DNS server is overloaded with so much traffic that it cannot attend to legitimate queries from real clients. The second type of DNS threat is an amplification attack. What happens here is that your client is directed to a knock-off version of the business website. Despite typing in the correct address, the compromise in the DNS means your clients land elsewhere and type in sensitive login details into this deceptive website. There are various ways to prevent DDoS attacks before they happen. Businesses can defend against DNS cyberattacks like these by identifying threats with AI-driven network monitoring. AI intrusion detection systems watch all network traffic as it flows in and out ofDNS servers. Then, it can separate legitimate website user requests from malicious requests meant to overwhelm the system. Financial institutions, an industry prone to DNS threats, are putting AI-driven DNS solutions to work with software that entails a database of previous cyber threats, and cross-checks all the DNS traffic against a checklist of what an attack would look like. When this software notices data anomalies that may indicate a DNS maneuver, it alerts human IT staff, who then take corrective action. They could deny the request, or even call up the client in the case of a pending transaction. 3. AI-Driven Malware Identification Relying on traditional antivirus packages means limited protection, because they are programmed to protect companies from known threats. Signature-based antivirus software isn’t much help when businesses are up against new malware signatures they cannot detect. An AI-powered antivirus software, on the other hand, protects your business from both the known and emerging varieties of malware. Adaptive antivirus technology runs on AI/ML frameworks . Instead of relying on a signature list to identify threats, AI-driven antivirus software uses an anomaly detection system. It doesn’t need to sync with known malware signatures because it monitors individual programs to detect suspicious behavior. So if a new type of malware has hijacked one of your workplace programs, like MS Office, the AI-powered antivirus will take note of the app’s unusual behavior. The program will then be singled out for a scan, and the threat is excavated from hiding and eliminated. Add AI Threat Detection to Your Cybersecurity Strategy There are many benefits to be gained from AI defensive measures. AI-powered antivirus software, DNS threat-detecting networks, and AI social engineering protection offer adaptability to new threats and faster detection and response times. Cybercriminals are leveraging new technologies to circumvent traditional digital securitystrategies and forcing Linux security systems to adapt. By incorporating AI threat detection into their networks, businesses can effectively counter emerging cyber threats. . Artificial intelligence is transforming cybersecurity by improving defenses against threats like ransomware and phishing through advanced AI algorithms for quick detection. AI Cybersecurity Solutions, Threat Protection Methods, Machine Learning in Security. Lerma. Andrew Kowal
Apr 25, 2026
•
102
application securitysocial engineeringpatch managementCybersecurity Trends from Black Hat USA 2021 and DEF CON 29 Highlights
Black Hat USA 2021 and DEF CON 29 have come to an end, and this year’s events did not disappoint, generating plenty of cybersecurity news, highlighting key industry trends and introducing some exciting new products. LinuxSecurity has been following both conferences, speaking with expert trainers and presenters and keeping our followers up-to-date on Twitter. Here are the highlights, key takeaways and notable trends we identified as Black Hat USA 2021 and DEF CON 29 unfolded that you should be aware of. . What Are Black Hat and DEF CON? Black Hat USA, a renowned event that features briefings and trainings taught by experts from around the globe, providing offensive and defensive hackers of all levels with invaluable opportunities for firsthand technical skill-building, celebrated its 24th anniversary this year. Black Hat USA 2021 was conducted in a unique hybrid format, which began with fourdays of real-time online Virtual Trainings, followed by the two-day main conference (both a Vitual and Live at the Mandalay Bay in Las Vegas. Each year, Black Hat USA is immediately followed by DEF CON, an infamous hacker conference also held in Las Vegas. The event consists of several tracks of speakers with expertise in the realm of computer security and hacking, as well as cybersecurity challenges and competitions (known as hacking “wargames”). Black Hat USA 2021 & DEF CON 29 Highlights, Announcements & Notable Trends As Cloud & Container Adoption Continues to Increase, Security Falls Behind & Ransomware Risk Skyrockets Cloud, Container, Kubernetes and Serverless environments have become the norm in modern infrastructure. Cloud and container adoption is rapidly increasing, as these technologies and frameworks enable organizations to grow and evolve at a very high velocity compared to the traditional workloads. In an recent interview with LinuxSecurity, Cloud Native Security Architect and instructor of the Black Hat USA 2021 course A Practical Approach to Breaking & Pwning Kubernetes ClustersMadhu Akula explained, “The challenges we see mostly arise from misconfiguration issues, which can have a big impact like the compromise of data and infrastructure. The recent Red Hat State of Kubernetes Security Report states that 94% of respondents experienced at least one security incident in their Kubernetes environments in the last 12 months, and concludes that security misconfigurations are to blame for the majority of these issues.” He elaborates, “These past few months have shown that supply chain attacks have serious implications when it comes to the security of modern infrastructure, as everything is codified including policies, infrastructure, applications - even security. With the ever-changing technology landscape, it’s hard for organizations and teams to keep up with securing Cloud and container environments, as doing so requires them to understand the latest technology prior to solving security problems.” In the wake of the Colonial Pipeline ransomware outbreak and other recent supply chain attacks, the US National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have released Kubernetes hardening guidance which includes various tips and best practices for securing Kubernetes. NSA & CISA Kubernetes Hardening Advice Scan containers and pods for vulnerabilities or misconfigurations. Run containers and pods with the least privileges possible. Use network separation to control the amount of damage a compromise can cause. Use firewalls to limit unneeded network connectivity and encryption to protect confidentiality. Use strong authentication and authorization to limit user and administrator access and limit the attack surface. Use log auditing so that administrators can monitor activity and be alerted to potential malicious activity. Periodically review all Kubernetes settings and use vulnerability scans to help ensure risks are appropriately accounted for, and security patches are applied. However, security researcher and DEFCON 29speaker Robert Graham doesn't necessarily think that hardening defenses is the best approach to protecting against ransomware and other persistent cyber threats. Graham explains, “The way you secure a bank is not by locking the front door; the bank has to be open for business and you have to have people come in. It's the same thing with networks.” He also believes that awareness is not enough without a comprehensive understanding of the threats organizations face and the security defenses required to combat them, stating, “So the approach to ransomware is that we're aware, but we're not actually aware of the details.” Guardian Digital , the open source email security company, also recognizes this growing issue, and has created a free toolkit to help businesses understand their email risk profile and how they can bolster their email security strategy to repel ransomware and other dangerous email-borne attacks in less than two minutes. Madhu Akula’s A Practical Approach to Breaking & Pwning Kubernetes Clusters Black Hat USA 2021 course covered multiple real-world security issues by showcasing hands-on labs for participants to teach and assess for security issues, misconfigurations and insecure defaults, going beyond basic attacks to privilege escalation, exploitation, lateral movement, persistence, defense evasion and many other advanced techniques. OSINT Powers Social Engineering Attacks & Security Awareness Training Designed to Combat Them OSINT (Open Source Intelligence) is the foundation on which all engagements are built. Without credible, actionable information, social engineering attacks designed to manipulate psychology can neither be developed nor performed effectively. All forms of social engineering, be it phishing, vishing, or impersonation, begin with information gathering in order to understand the target and tailor attacks that are meaningful and relevant enough to generate engagement. In a recent interview with LinuxSecurity for this article, Social-Engineer, LLC ChiefOperating Officer and instructor of the Black Hat USA 2021 course Practical OSINT for Social EngineersRyan MacDougall explained the importance of social engineering in modern cyberattacks, “Social engineering is the mechanism behind the great success of phishing, BEC, and other email threats. Without purposeful social engineering, attackers are just sending emails to targets that will likely be ignored. Real world attackers do not have to train their targets after an attack, so they can employ malicious and manipulative techniques to induce strong negative emotions in their targets, which leads to compromise.” He elaborates, “From the ethical social engineering standpoint, once you employ scientifically proven techniques to influence a target, that is where you construct the teachable moment to train employees to critically think about a possible attack while in the moment, and still preserve their dignity and integrity. Without the information obtained via OSINT that is required to build a realistic attack, there is no training that can be provided after the engagement.” Qualys Demonstrates CSAM & Zero Touch Patch Management Qualys is demonstrating Cybersecurity Asset Management (CSAM) to help users detect security gaps and respond to risk and Zero Touch Patch Management , which helps organizations to “proactively patch prioritized vulnerabilities with ‘intelligent’ automation – before attacks can exploit them,” the company asserts. At this year’s Black Hat USA event, the leading provider of disruptive cloud-based IT, security and compliance solutions, announced its collaboration with Red Hat to drive greater security for both the container and host operating system for Red Hat OpenShift. Built on the Qualys Cloud Platform, the solution seamlessly integrates with customers’ vulnerability management workflows, reporting and metrics to help reduce risk. Qualys Cloud Agent for Red Hat Enterprise Linux CoreOS on Red Hat OpenShift helps customers: See the Full Inventory –Continuous visibility of installed software, open ports, and Red Hat Security Advisories (RHSA) for all Red Hat Enterprise Linux CoreOS nodes with comprehensive reporting. Manage Host Hygiene – Fully integrated on the Qualys Cloud Platform to automatically detect and manage host status related to patches and compliance adherence for known vulnerabilities. Easily Deploy to the Host - Simplified deployment via the Qualys Cloud Agent to secure the host operating system. This approach eliminates the need to modify the host, open ports, or manage credentials. Get Complete Coverage – Full coverage of Red Hat OpenShift and Qualys Container security delivers comprehensive visibility from the host operating system through to images and containers running on OpenShift. Sparrow Co. Introduces Two New AppSec Solutions Sparrow Co. introduced two new application security solutions at this year’s Black Hat USA conference — Sparrow Cloud and Sparrow SCA. Sparrow Cloud offers application security as a service by “performing static and dynamic analysis anytime and anywhere at minimum cost.” Sparrow SCA is an open-source management solution that “automatically identifies open-source software in use and detects security vulnerabilities in the source code and binary,” the company says. Atakama & Spirion Showcase a Joint Multi-Level File Encryption Solution Atakama and Spirion showcased a joint solution for classifying and protecting sensitive data through multi-factor file-level encryption at Black Hat USA 2021. The passwordless encryption solution is cross-compatible with all major OSes, and eliminates one of the biggest threats facing organizations today - data exfiltration. Atakama explains, “Each encrypted file receives its own unique AES encryption key with 256 bits, which is fragmented into components and distributed across multiple physical devices. The file is available only to authorized users, which they can unlock through a multi-factor approval process. By encryptingevery file with its own unique encryption key, Atakama renders a breach almost completely useless.” Optiv Security Launches a MXDR Service, Exabeam Unveils its XDR Alliance & SecureWorks Showcases its XDR Services Optiv Security launched a technology-independent Managed Extended Detection and Response (MXDR) service which the company states “enables clients to take rapid and decisive action against today’s most critical cyberattacks and strengthen their security posture.” Cloud-native logging and security analytics provider Devo has been a foundational partner in Optiv MXDR. Exabeam also unveiled its XDR Alliance at this year’s Black Hat USA event. The cybersecurity leader states that the alliance seeks to “foster an open approach to XDR (eXtended Detection and Response), which is essential to enable organizations everywhere to protect themselves against the growing number of cyberattacks, breaches, and intrusions.” Secureworks also showcased its innovation and expertise in the realm of cloud-bases XDR products and services at the conference. The MSSP showed how Taegis XDR, Taegis VDR and Threat Intelligence can help organizations reduce the risks and consequences of a breach. The leading cybersecurity provider also discussed a new Taegis XDR Adversary Software Coverage (ASC) tool, which the MSSP says “allows users to interactively explore how Secureworks Taegis XDR maps coverage and countermeasures to the tactics and techniques used by over 500 adversarial software types against the MITRE ATT&CK framework, including ATT&CK v9”. CrowdSec Wins a Black Unicorn Award as One of the Top 10 Cybersecurity Companies of the Year CrowdSec was named a winner for the Top 10 Cybersecurity Startups for 2021 at the Black Unicorn Awards for cybersecurity innovators, which are hosted by Cyber Defense Magazine and take place each year during the Black Hat USA conference. The judging panel announced, “We’re pleased to name CrowdSec as a Winner for the Top 10 Cybersecurity Startups for 2021among a small, elite group of startups in our third annual Black Unicorn awards.” On July 8, 2021, the CrowdSec team released CrowdSec v1.1.x - the latest version of their free and open-source cybersecurity solution designed to protect Linux servers, services, containers, or virtual machines exposed on the Internet with a server-side agent - with new packages and repositories, as well as improvements to to the CrowdSec agent itself. In a recent interview with LinuxSecurity, CrowdSec CEO and co-founder Philippe Humeau explains the company’s mission, “The goal is to leverage the power of the crowd to create a real-time IP reputation database. Ultimately, CrowdSec harnesses the power of the community to create an extremely accurate IP reputation system that benefits all its users. With its collaborative, transparent roots, Open Source has provided and continues to provide our team with the optimal framework to accomplish this mission”. DEF CON 29 Badge Embraces the New Normal DEF CON 29 was an event to remember, with its unique hybrid format due to the pandemic. Following this theme, the DC29 badge doubles as a practical tool for virtual attendees and an electronic puzzle for those who are able to bring a few of them together physically. On its own, the DC29 badge is a four-key RGB mechanical macro pad that connects to your computer over USB-C. Featuring highly configurable software, hot-swappable switches, and customizable keycaps, the DC29 badge is a surprisingly robust and flexible little macro pad. While a DC29 badge is quite useful on its own, it’s also designed to work in conjunction with other badges, as the edge connectors and silkscreen messages hint. Multiple badges can either snap together or be interlinked via USB cables, and they conveniently do not need to be tethered to the computer for power. DEF CON 29 attendees: Have you tried connecting your badge with others? If so, share a picture or a video of what happened when you did with us on Twitter - we’ll share it withour followers and give you a shoutout. Did you attend, showcase a product, or speak at Black Hat USA or DEF CON this year? We want to hear about your experience. Have a trend, highlight, or story from Black Hat USA 2021 or DEF CON 29 that was not covered in this article. Please share it with us on Twitter and we will share it with the community. Vendors and security experts: Don’t miss out on the opportunity to be featured in future LinuxSecurity articles and social media posts! Connect with us on Twitter and share your story. . Discover key trends from Black Hat USA 2021 and DEF CON 29, emphasizing cybersecurity innovations and practices.. black, year’s, events, disappoint. . Brittany Day
Aug 08, 2021
•
102
social engineeringenterprise protectioninterviewIra Winkler: Advanced Persistent Security Insights and Threat Intelligence
Brittany Day recently had a conversation with acclaimed cyber security expert Ira Winkler, author of Advanced Persistent Security: A Cyberwarfare Approach . Mr. Winkler is a security researcher and a former NSA employee who writes about cyber security and enterprise digital threat protection. . In this interview, he discusses his career, his views on computer security and his role in building effective enterprise protection systems. Mr. Winkler is also the President of Secure Mentem . As an author, his writings clearly explain the ongoing threats that businesses face and the approach they should take to effectively combat them. Understanding threat actors’ motives is extremely important in successfully fighting attacks. Winkler’s background in psychology has provided him with a unique and exceptional understanding of this aspect of cyber security threat. Exclusive Interview with Security Expert Ira Winkler Interviewed by Brittany Day Ira Winkler is a renowned security researcher and author with a background in Psychology which has enabled him to better understand threat actors’ strategies and motives. Ira, how did you get involved in security and how did your career as an author begin? My career as an author with an expertise in cybersecurity had a somewhat unusual beginning. As you mentioned, I earned my undergraduate degree in Psychology. At the time, I did not have much of an interest in computers or digital security. However, I wanted a job in the foreign service, but the career counselor also recommended I take the test for NSA. I took a test for the NSA, which showed I had an aptitude for many career fields. I took a job as an intelligence analyst, which I hated. So, I applied for the Computer Intern program, where I was retrained as a computer systems analyst. After a few years, I left the government and went to work for government contractors. They had policies that if you were accepted to a professional conference, they would have to send you, so Isubmitted conference papers and articles about security, which received a great response. I went on to write my first book Corporate Espionage. A year later, my second book Through the Eyes of the Enemy was published. Since then I have written Spies Among Us, Zen and the Art of Information Security, and Advanced Persistent Security. I am currently in the process of writing my sixth book, You Can Stop ‘Stupid’, which will be published in 2020. Ira Winkler uses the term Advanced Persistent Security to describe a proactive approach to enterprise cyber security which includes an effective protection/detection/reaction strategy. Ira, can you sum up what Advanced Persistent Security means to you? The term “Advanced Persistent Security” should be referred to as adaptive persistent security. This concept describes a comprehensive security approach that takes protection, detection and reaction into account. I think it is important to grasp that security fails when a threat actor gets out, not when he or she gets in. The problem is that the criminals go undetected. In many cases, threat actors are not outsiders. Rather, they are employees. This is something that is important to consider when creating a protection/detection/reaction strategy. Another important concept is that there is no such thing as perfect security. Threat actors are always thinking of new ways to carry out attacks, hack into networks and compromise information. They are often highly persistent and refuse to give up until they have succeeded. Thus, businesses should expect this and build failure into their security posture. A successful protection/detection/reaction strategy matches the persistence of attackers’ methods and evolves to take the latest attack variations into account. As I state in Advanced Persistent Security, “Advanced Persistent Security is Defense in Depth that is enhanced with a comprehensive methodology for integrating the appropriate and properly configured detection capability, along with proactively implementingand executing a reaction capability.” In Advanced Persistent Security, you explain the importance of designing and implementing an effective enterprise protection/detection/reaction strategy. In your opinion, what is the biggest misconception that currently exists regarding enterprise protection/detection/reaction strategies? What is a common security mistake you see many businesses making? As is true in many aspects of life, people often fail to consider the basics when thinking about enterprise protection/detection/reaction strategies. It is not uncommon for security experts to focus on addressing highly complex and somewhat obscure attack variations, and to neglect basic cyber hygiene. Basic attacks are still around because they are highly successful. For instance, the latest attacker du jour, APT 10, began their latest attacks with a classic spear phishing email. Threat intelligence is a complex concept that many people do not fully understand. Your book Advanced Persistent Security talks about building a threat intelligence program. Can you tell our readers what that means and how one would get started doing that? Threat intelligence means different things to different people. In my opinion, a true threat intelligence program stands apart from traditional security technologies and products in that it is an ecosystem that can be tuned, programmed and continually analyzed to suit the resources and threats with which they are working against on a daily basis. The first step in building a successful threat intelligence program is proactively determining the types of threats that pose a risk to your business. The more specifics the better: try to identify who would carry out these attacks and the tools and methods they would likely use to do so. This information is important in developing effective countermeasures. In general, businesses need to be better about planning and preparing for attacks, not just reacting to them. The Dark Web is a term that refers to a collection of websites thatexist only on an encrypted network and cannot be accessed using traditional search engines or browsers. Many security researchers and ethical hackers use the Dark Web as a resource for their research or their work. How can a security researcher or ethical hacker benefit from using the Dark Web? Although the Dark Web has a bad reputation, it does have some benefits for security researchers and hackers. Primarily, the Dark Web has great resources for finding and buying attacks of different types. It makes committing computer crimes easy. However, if you monitor it appropriately, you can stay abreast of the latest concerns. While the Dark Web does contain a lot of illegal material, it is interspersed with valuable resources and research material. Botnets have been a major security concern for the past 20 years. What are some current trends you have noticed related to botnets? How do you feel they should be addressed? To be honest, not much has changed regarding botnets since hackers began using them. Approaches that are currently being taken to combat botnets are generally ineffective, because they are reactive instead of proactive. In other words, people try to blacklist botnet nodes after an attack is in progress, but do not try to take down botnets as they are built. Even when you know where they are, it takes a coordination of law enforcement and vendors to take them out. The digital threat landscape is always changing and evolving and attacks are becoming increasingly advanced and dangerous. In what ways do you feel cyber security has changed/evolved over the past five years? What changes do you expect to see in the next five years? In my opinion, the same underlying problem persists: known vulnerabilities are not being patched. Companies and vendors are often careless when it comes to fixing known security bugs that exist in their products, and then it comes as no surprise when these flaws are exploited. This is essentially a cyber hygiene issue. Threat actors are succeeding due to knownweaknesses that should not exist, coupled with ineffective protection/detection/reaction strategies. Email attacks are more sophisticated and targeted than ever before. What do you feel is the single biggest email threat that businesses currently face? This is a difficult question to answer, as the email threat landscape has become very diverse and complex. I will say, however, that malware, ransomware, and phishing have always been and continue to be very successful methods of attack. Even with user education and training, user behavior is unreliable, so it is critical to create a strong environment around the user through the use of technology. Investing in a well-designed email security gateway is the single best way to mitigate email threat risk by preventing the attack from getting to the user. Social engineering plays a critical role in many email attack variations like spear phishing, whaling and BEC. In what ways do you think that social engineering has changed/impacted the email threat landscape over the past five years? This may come as a surprise, but I actually don’t think social engineering has changed much at all in recent years. Social engineering attacks have been centered around lying and manipulating from the start. Attacks vary greatly and the tactics used can be very creative and unique; however, the motives behind these attacks are the same or very similar as they were in the beginning: to deceive users into sharing confidential or personal information that can be used for fraudulent purposes. Guardian Digital is looking forward to following up with Ira in another interview once his next book, You Can Stop ‘Stupid’, is published in 2020. . In this enlightening discussion, Ira Winkler reveals thoughts on sophisticated ongoing security, malicious agents, and additional topics.. Ira Winkler, Cybersecurity Expert, Advanced Persistent Security, Threat Intelligence, Social Engineering. . Brittany Day
Jul 24, 2019
•
102
social engineeringsecurity awarenessbusiness riskGian Spicuzza on Social Engineering and Exploiting Business Risks
We are happy to announce a new addition to the Linux Security Contributing Team: Gian G. Spicuzza. Currently a Graduate Student pursuing a Masters Degree in Computer Security (MSIA), Gian is a certified Linux/Unix administrator, the lead developer for the OSCAR-Backup System (at Sourceforge.com) and has experience in a variety of CSO, Management and consulting positions. His first topic is a quick foray into the world and psychology of Social Engineering: All the security in the world isn't going to stop one of your employees or coworkers from giving up information. Just how easy is it? Craig never worked for Linda's company, nor did he call from IT. Craig was an unethical hacker who just gained unauthorized access to her account. Why? Because a phone call is simple. Read on to see just how easy businesses can be exploited. . Social Engineering is not just a definition! By: Gian G. Spicuzza (
May 31, 2010
•
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
Discover faster search, smarter navigation, and deeper Linux security insights. Read More