Blog

Using NLP-based Machine Learning to Automate Compliance and Risk Governance

May 10, 2019 | Mina Hao

The Governance, Risk & Compliance track of the RSA Conference 2019 focuses on quantification of cybersecurity risks and related cases. For example, Superforecasting II: Risk Assessment Prognostication in the 21st Century by Rich Howard from Palo Alto Networks dwells upon how to evolve semi-quantitative risk assessment into more accurate quantitative risk assessment; Math is Hard: […]

IP Reputation Report-05032019

May 8, 2019 | Mina Hao

Top 10 countries in attack counts:

2018 DDoS Attack Landscape-5

May 8, 2019 | Mina Hao

3.3 DDoS Attack Duration 3.3.1 Attack Duration Distribution In 2018, the average duration of a DDoS attack was 42 minutes, down 17% from 2017. This indicates that DDoS attacks were upgraded in industrialization, weaponization, and efficiency and DDoS-as-aService gained momentum for fast growth. We noticed that the longest DDoS attack in 2018 lasted around 12 […]

A Look into RSA 2019-Automation of Threat Discovery and Response

May 7, 2019 | Mina Hao

The RSA Conference 2019, which is dedicated to addressing worldwide information security issues, was held in March 4–8. This year’s RSA Conference took “Better” as its theme, aimed at exploring new cybersecurity development realms in a digital epoch and finding better security vendors, products, services, and solutions. In the past few years, with the rapid […]

Oracle WebLogic Server Deserialization Remote Code Execution Vulnerability Threat Alert

May 3, 2019 | Mina Hao

1 Vulnerability Overview On April 17, China National Vulnerability Database (CNVD) published details of a remote code execution vulnerability in Oracle WebLogic Server. Specifically, this vulnerability exists in the wls9_async_response.war component that comes with Oracle WebLogic Server as this component fails to properly deserialize the input information. An unauthorized attacker could exploit this vulnerability to […]

Cisco IOS XR 64-Bit Critical Vulnerability (CVE-2019-1710) Threat Alert

May 2, 2019 | Mina Hao

Overview Cisco has released a security advisory to announce the fix of a vulnerability (CVE-2019-1710) in Cisco IOS XR 64-bit Software running on Cisco ASR 9000 Series Aggregation Services Routers. This vulnerability is the result of incorrect isolation of the secondary management interface from internal sysadmin applications. An unauthenticated attacker could exploit this vulnerability to […]

A Look into RSA 2019: Finding a New Balance Between Efficiency and Security in Incident Response

May 1, 2019 | Mina Hao

Incident Response Is Changing The enterprise security market has seen fast incorporation of more and more cloud, Internet of Things (IoT), and mobile devices into enterprise security environments, which traditionally abound with servers, workstations, and networking and security devices. In this context, enterprises are faced with decentralized services and products from a variety of service […]

Daily Communication – Password Grading

April 30, 2019 | Devika Jain

   

Daily Communication – Entry of Outsiders

April 30, 2019 | Devika Jain