CISOMAG

Attackers Reinvent Masslogger Trojan to Target Popular BrandsCISOMAGon February 19, 2021 at 4:02 pm CISO MAG | Cyber Security Magazine

News, Threats, compiled HTML file, Cybercriminals, cybersecurity, Google Chrome, malware, Masslogger infection chain, Masslogger Trojan, Microsoft Outlook, trojan, updated Masslogger TrojanCISO MAG | Cyber Security MagazineRead MoreA new version of the Masslogger Trojan has been targeting Windows users in a new phishing campaign. Cybersecurity experts from Cisco Talos stated that they’ve found an improved version of the Masslogger Trojan, designed to pilfer login credentials from popular applications like Microsoft Outlook, Google Chrome, and other messenger accounts. The new Masslogger phishing campaign, which
The post Attackers Reinvent Masslogger Trojan to Target Popular Brands appeared first on CISO MAG | Cyber Security Magazine.

A new version of the Masslogger Trojan has been targeting Windows users in a new phishing campaign. Cybersecurity experts from Cisco Talos stated that they’ve found an improved version of the Masslogger Trojan, designed to pilfer login credentials from popular applications like Microsoft Outlook, Google Chrome, and other messenger accounts. The new Masslogger phishing campaign, which was uncovered in mid-January 2021, targeted users across Italy, Latvia, and Turkey.

What is Masslogger?

Masslogger is a spyware written in .NET to steal user credentials from browsers, popular messaging applications, and email clients.

Improved Masslogger Trojan

First identified in April 2020, the malware authors are selling the updated versions of the Trojan to other malicious actors on underground dark web forums.

Researchers found that Masslogger operators can evade detection by disguising their malicious RAR files as Compiled HTML files. The discovery of the new variant of the Trojan indicates how malware developers are constantly updating their hacking methods.

“Although operations of the Masslogger Trojan have been previously documented, we found the new campaign notable for using the compiled HTML file format to start the infection chain. This file format is typically used for Windows Help files, but it can also contain active script components, in this case JavaScript, which launches the malware’s processes,” researchers said.

How Masslogger Trojan Attacks

The infection starts with an email with a malicious RAR attachment and a legitimate-looking subject line claiming to be from a business. The filename creates files with the RAR extensions named .rar, .r00, and .chm to bypass any programs that would block the email attachment based on its file extension. The payloads are hosted on compromised legitimate hosts with a filename containing one letter and one number concatenated with the filename extension .jpg.

The Masslogger Trojan payload is designed to retrieve and exfiltrate user credentials from a variety of sources. According to Cisco Talos, the new version of Masslogger has the capabilities to target and retrieve credentials from the various other applications like:

  • Pidgin messenger client
  • FileZilla FTP client
  • Discord
  • NordVPN
  • Outlook
  • FoxMail
  • Thunderbird
  • Firefox
  • QQ Browser
  • Chromium-based browsers (Chrome, Chromium, Edge, Opera, Brave)

“While most of the public attention seems to be focused on ransomware attacks, big game hunting, and APTs, it is important to keep in mind that crimeware actors are still active and can inflict significant damage to organizations by stealing users’ credentials. The credentials themselves have value on the dark web and actors sell them for money or use them in other attacks. Based on the IOCs we retrieved, we have moderate confidence that this actor has previously used other payloads such as AgentTesla, Formbook , and AsyncRAT in campaigns starting as early as April 2020,” researchers added.

The post Attackers Reinvent Masslogger Trojan to Target Popular Brands appeared first on CISO MAG | Cyber Security Magazine.

A new version of the Masslogger Trojan has been targeting Windows users in a new phishing campaign. Cybersecurity experts from Cisco Talos stated that they’ve found an improved version of the Masslogger Trojan, designed to pilfer login credentials from popular applications like Microsoft Outlook, Google Chrome, and other messenger accounts. The new Masslogger phishing campaign, which was uncovered in mid-January 2021, targeted users across Italy, Latvia, and Turkey.

What is Masslogger?

Masslogger is a spyware written in .NET to steal user credentials from browsers, popular messaging applications, and email clients.

Improved Masslogger Trojan

First identified in April 2020, the malware authors are selling the updated versions of the Trojan to other malicious actors on underground dark web forums.

Researchers found that Masslogger operators can evade detection by disguising their malicious RAR files as Compiled HTML files. The discovery of the new variant of the Trojan indicates how malware developers are constantly updating their hacking methods.

“Although operations of the Masslogger Trojan have been previously documented, we found the new campaign notable for using the compiled HTML file format to start the infection chain. This file format is typically used for Windows Help files, but it can also contain active script components, in this case JavaScript, which launches the malware’s processes,” researchers said.

How Masslogger Trojan Attacks

The infection starts with an email with a malicious RAR attachment and a legitimate-looking subject line claiming to be from a business. The filename creates files with the RAR extensions named .rar, .r00, and .chm to bypass any programs that would block the email attachment based on its file extension. The payloads are hosted on compromised legitimate hosts with a filename containing one letter and one number concatenated with the filename extension .jpg.

The Masslogger Trojan payload is designed to retrieve and exfiltrate user credentials from a variety of sources. According to Cisco Talos, the new version of Masslogger has the capabilities to target and retrieve credentials from the various other applications like:

  • Pidgin messenger client
  • FileZilla FTP client
  • Discord
  • NordVPN
  • Outlook
  • FoxMail
  • Thunderbird
  • Firefox
  • QQ Browser
  • Chromium-based browsers (Chrome, Chromium, Edge, Opera, Brave)

“While most of the public attention seems to be focused on ransomware attacks, big game hunting, and APTs, it is important to keep in mind that crimeware actors are still active and can inflict significant damage to organizations by stealing users’ credentials. The credentials themselves have value on the dark web and actors sell them for money or use them in other attacks. Based on the IOCs we retrieved, we have moderate confidence that this actor has previously used other payloads such as AgentTesla, Formbook , and AsyncRAT in campaigns starting as early as April 2020,” researchers added.

The post Attackers Reinvent Masslogger Trojan to Target Popular Brands appeared first on CISO MAG | Cyber Security Magazine.

Telephony Denial-of-Service Attacks on Rise, FBI Suggest RecommendationsCISOMAGon February 19, 2021 at 2:02 pm CISO MAG | Cyber Security Magazine

News, Threats, AFTS, Cyberattacks, Cybercriminals, data breach, data leak, FBI, FBI on TDoS attacks, PIN, Private Industry Notification, Ransomware attack, TDoS attacks, Telephony Denial of Service attacks, threat actorsCISO MAG | Cyber Security MagazineRead MoreThe FBI has warned about potential security risks with Telephony Denial-of-Service (TDoS) attacks. In an official Private Industry Notification (PIN), the agency revealed how TDoS attacks affect the availability of emergency service call centers like police, ambulance, or firefighting services. “TDoS attacks pose a genuine threat to public safety, especially if used in conjunction with
The post Telephony Denial-of-Service Attacks on Rise, FBI Suggest Recommendations appeared first on CISO MAG | Cyber Security Magazine.

The FBI has warned about potential security risks with Telephony Denial-of-Service (TDoS) attacks. In an official Private Industry Notification (PIN), the agency revealed how TDoS attacks affect the availability of emergency service call centers like police, ambulance, or firefighting services.

“TDoS attacks pose a genuine threat to public safety, especially if used in conjunction with a physical attack, by preventing callers from being able to request service. The public can protect themselves if 911 is unavailable by identifying in advance non-emergency phone numbers and alternate ways to request emergency services in their area,” the FBI said.

What is TDoS Attack

In TDoS attacks, attackers make an emergency telephone system unavailable to the users by blocking incoming and outgoing calls. The primary motive of bad actors in these attacks is to delay or block users’ calls to Public Safety Answering Points (PSAPs).  PSAPs represent key infrastructure that enables emergency responders to identify and respond to critical events affecting the public.

How Cybercriminals Launch TDoS Attacks

Threat actors are evolved to launch TDoS attacks both manually and automatically. In manual TDoS attacks, attackers use social networks to trick individuals into flooding a particular number with unwanted calls. While an automated TDoS attack leverages software-applications to make hundreds of calls in rapid succession, including Voice over Internet Protocol (VoIP) and Session Initiation Protocol (SIP).

Using Emergency Services in TDoS Attack

The FBI stated that malicious actors launch TDoS attacks in hacktivism, to harass call centers and distract operators, exploit computer networks for political and financial gains. The agency recommended certain steps to overcome an emergency in the event of a TDoS attack. These include:

  • Before there is an emergency, contact your local emergency services authorities for information on how to request service in the event of a 911 outage. Find out if text-to-911 is available in your area.
  • Have non-emergency contact numbers for fire, rescue, and law enforcement readily available in the event of a 911 outage.
  • Sign up for automated notifications from your locality if available to be informed of emergencies in your area via text, phone call, or email.
  • Identify websites and follow social media for emergency responders in your area for awareness of emergencies.

The post Telephony Denial-of-Service Attacks on Rise, FBI Suggest Recommendations appeared first on CISO MAG | Cyber Security Magazine.

The FBI has warned about potential security risks with Telephony Denial-of-Service (TDoS) attacks. In an official Private Industry Notification (PIN), the agency revealed how TDoS attacks affect the availability of emergency service call centers like police, ambulance, or firefighting services.

“TDoS attacks pose a genuine threat to public safety, especially if used in conjunction with a physical attack, by preventing callers from being able to request service. The public can protect themselves if 911 is unavailable by identifying in advance non-emergency phone numbers and alternate ways to request emergency services in their area,” the FBI said.

What is TDoS Attack

In TDoS attacks, attackers make an emergency telephone system unavailable to the users by blocking incoming and outgoing calls. The primary motive of bad actors in these attacks is to delay or block users’ calls to Public Safety Answering Points (PSAPs).  PSAPs represent key infrastructure that enables emergency responders to identify and respond to critical events affecting the public.

How Cybercriminals Launch TDoS Attacks

Threat actors are evolved to launch TDoS attacks both manually and automatically. In manual TDoS attacks, attackers use social networks to trick individuals into flooding a particular number with unwanted calls. While an automated TDoS attack leverages software-applications to make hundreds of calls in rapid succession, including Voice over Internet Protocol (VoIP) and Session Initiation Protocol (SIP).

Using Emergency Services in TDoS Attack

The FBI stated that malicious actors launch TDoS attacks in hacktivism, to harass call centers and distract operators, exploit computer networks for political and financial gains. The agency recommended certain steps to overcome an emergency in the event of a TDoS attack. These include:

  • Before there is an emergency, contact your local emergency services authorities for information on how to request service in the event of a 911 outage. Find out if text-to-911 is available in your area.
  • Have non-emergency contact numbers for fire, rescue, and law enforcement readily available in the event of a 911 outage.
  • Sign up for automated notifications from your locality if available to be informed of emergencies in your area via text, phone call, or email.
  • Identify websites and follow social media for emergency responders in your area for awareness of emergencies.

The post Telephony Denial-of-Service Attacks on Rise, FBI Suggest Recommendations appeared first on CISO MAG | Cyber Security Magazine.

Cyber Defense Magazine nominated Cobwebs Technologies for Its 2021 InfoSec Awards for threat intelligence

Feedzy

By Udi Levy, CEO & Co-Founder at Cobwebs Technologies

With a growing number of malicious cyber activities, threat intelligence has become an integral part of many organizations. Most threat intelligence solutions available in the market still rely on analysts or investigators collecting, processing, and analyzing huge amounts of data for actionable insights. Collecting and processing these millions of data points and indicators is just too much for human analysts to effectively identify threats and process them in a timely manner.

Therefore, threat intelligence requires advanced technological solutions, such as an AI-Powered Web Intelligence platform that enables the identification of cyber threats prior to occurring by observing attackers, their plans, and methodologies to generate real-time insights. This allows for the rapid creation of profiles of threat actors, and map their hidden activity networks and behavior patterns across numerous sources.

To put the spotlight on advanced solutions for threat intelligence, Cyber Defense Magazine has nominated some of the world’s best cybersecurity experts in the threat intelligence category. The nominees provide the best technologies available to keep organizations safe. Founded in 2012, Cyber Defense Magazine is the industry’s leading electronic information security magazine giving annual Global InfoSec awards to innovative information security companies for their innovations in the field of information security, including threat intelligence.

Cobwebs was nominated by Cyber Defense Magazine for the threat intelligence capabilities of its AI-powered WEBINT platform. This platform collects, analyzes, and monitors relevant big data from all web layers (surface, deep and dark web) including social networks, message boards, online forums, and more. The advanced threat intelligence software uses smart natural language processing (NLP) and machine learning (ML) algorithms. The solutions provided by Cobwebs are easy to use and highly efficient and are capable of identifying threats in real-time and staying on top of emerging threats to organizations. The seamless integration of new data sources enables the WEBINT platform to also leverage generated threat intelligence to determine what might be the most relevant topics that an organization should keep an eye on to identify future threats by using certain keywords, locations, hashtags, etc.

“We‘re honored to be nominated by Cyber Defense Magazine as an industry innovator in the InfoSec threat intelligence category for 2021,” said Udi Levy, CEO & Co-Founder at Cobwebs Technologies. “Our AI-powered engine is designed to guide organizations in centralizing their threat intelligence from all sources and platforms in one innovative solution. The automated tools provide real-time alerts to create clarity of the threats in the organization’s feed and streamlining operations. Our unique technology gathers and analyzes vast amounts of data to detect cyber threat insights in real-timeThe threat intelligence platform of Cobwebs meets the needs of private and government sectors for a comprehensive threat intelligence solution by:

  • Providing situational awareness;
  • Delivering real-time alerts for follow-up;
  • Detecting the identity and activities of threat actors;
  • Enabling cooperation between team members, departments, and agencies;
  • Processing relevant big data for actionable insights;
  • Defining interest categories such as relevant locations, hashtags, groups, and individuals.
  • Detecting data leaks, reputational issues, or threats against brands, assets, or employees

Cobwebs is the recipient of numerous industry accolades, including Frost $ Sullivan Global AI-powered Web Intelligence Technology Innovation Leadership Award, 2020 ‘ASTORS’ Homeland Security Award, joining the prestigious RegTech100 list that recognizes the tech companies that have transformed compliance, risk management, and cybersecurity, 2019 Global AI-Powered Web Intelligence Technology Innovation Award.

About the Author

Udi Levy AuthorUdi Levy is the CEO and co-founder of Cobwebs Technologies. He brings vast experience in the global technology market with extensive experience and expertise in the Intelligence and Security domains.

Prior to founding Cobwebs, Mr. Levy was responsible for developing Tactical & Cyber Intelligence Solutions in major companies and was involved in developing and deploying various strategic projects at enterprises and government agencies..

Mr. Levy holds a BSc degree in Computers Engineering from the Hebrew University of Jerusalem and an MBA degree.

http://www.cobwebs.com/

Top 100 Cybersecurity Books

Feedzy

The Best Cybersecurity Book of all Time: Analogue Network Security by Winn Schwartau

For many centuries, books have been one of the central forms of entertainment for humankind. Readers around the world invest countless hours escaping into new and unique worlds, losing themselves in the words and pages of books from various genres. While all books affect readers in different ways, history has shown that some books have a way of reaching and impacting large groups of people so that they are forever changed. These books can share knowledge, inspiration, and discoveries in various fields. They teach, influence, and alter the way we think. Sometimes these books are so important and enlightening that they help the world and its people evolve. The following books have done just that. By educating and informing readers in the areas of technology, creating new standards in the cyber world, these are top 100 out there.

  1. Permanent Record by Edward Snowden
  2. Countdown to Zero Day Stuxnet and the Launch of the World’s First Digital Weapon by Kim Zett
  3. Dark Territory The Secret History of Cyber War by Fred Kaplan.
  4. Comptia Security+ Get Certified Get Ahead Sy0-501 Study Guide by Darril Gibson
  5. The Art of Invisibility. The World’s Most Famous Hacker Teaches You How to Be Safe in the Age of Big Brother and Big Data by Kevin Mitnick.
  6. Ghost in the Wires. My Adventures as the World’s Most Wanted Hacker by Kevin Mitnick, Steve Wozniak, William L. Simon.
  7. The Cuckoo’s Egg by Clifford Stoll.
  8. Snow Crash by Neal Stephenson.
  9. Sandworm. A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers by Andy Greenberg
  10. Hacking The Art of Exploitation by Jon Erickson
  11. Kingpin. How One Hacker Took Over the Billion-Dollar Cybercrime Underground by Kevin Poulsen
  12. Future Crimes Everything Is Connected, Everyone Is Vulnerable, and What We Can Do About It by Marc Goodman
  13. The Code Book. The Science of Secrecy from Ancient Egypt to Quantum Cryptography by Simon Singh
  14. Spam Nation. The Inside Story of Organized Cybercrime-From Global Epidemic to Your Front Door by Brian Krebs.
  15. Cyberwar. The Next Threat to National Security & What to Do About It by Richard A. Clarke, Robert Knake.
  16. Practical Malware Analysis. The Hands-On Guide to Dissecting Malicious Software by Michael Sikorski
  17. The Perfect Weapon. War, Sabotage, and Fear in the Cyber Age by David E. Sanger.
  18. Cybersecurity and Cyberwar. What Everyone Needs to Know by P.W. Singer and Allan Friedman.
  19. Data and Goliath. The Hidden Battles to Collect Your Data and Control Your World by Bruce Schneier.
  20. The Art of Deception. Controlling the Human Element of Security by Kevin D. Mitnick.
  21. American Kingpin. The Epic Hunt for the Criminal Mastermind Behind the Silk Road by Nick Bilton.
  22. Cryptonomicon by Neal Stephenson.
  23. Red Team Field Manual (RTFM) by Ben Clark.
  24. The Web Application Hacker’s Handbook Finding and Exploiting Security Flaws by Dafydd Stuttard.
  25. Social Engineering. The Science of Human Hacking by Hadnagy
  26. The Art of Intrusion. The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers by Kevin D. Mitnick, William L. Simon.
  27. Tribe of Hackers. Cybersecurity Advice from the Best Hackers in the World by Marcus J Carey, Jennifer Jin.
  28. 28. The Hacker Playbook 2. Practical Guide To Penetration Testing by Peter Kim.
  29. The Phoenix Project. A Novel About IT, DevOps, and Helping Your Business Win by Gene Kim, Kevin Behr, George Spafford.
  30. No Place to Hide. Edward Snowden, the NSA, and the U.S. Surveillance State by Glenn Greenwald
  31. The Innovators. How a Group of Hackers, Geniuses and Geeks Created the Digital Revolution by Walter Isaacson.
  32. We Are Anonymous. Inside the Hacker World of LulzSec, Anonymous, and the Global Cyber Insurgency by Parmy Olson.
  33. Security Engineering. A Guide to Building Dependable Distributed Systems 2ed by Ross J. Anderson.
  34. The Hacker Playbook 3. Practical Guide to Penetration Testing by Peter Kim.
  35. Secrets and Lies. Digital Security in a Networked World by Bruce Schneier.
  36. 36. Black Hat Python. Python Programming for Hackers and Pentesters by Justin Seitz.
  37. Click Here to Kill Everybody. Security and Survival in a Hyper-connected World by Bruce Schneier.
  38. Applied Cryptography. Protocols, Algorithms, and Source Code in C by Bruce Schneier.
  39. Mindf*ck. Cambridge Analytica and the Plot to Break America by Christopher Wylie.
  40. The Age of Surveillance Capitalism. The Fight for a Human Future at the New Frontier of Power by Shoshana Zuboff
  41. Open Source Intelligence Techniques. Resources for Searching and Analyzing Online Information by Michael Bazzell.
  42. Penetration Testing. A Hands-On Introduction to Hacking by Georgia Weidman.
  43. The First Digital World War by Mark Bowden.
  44. Cracking the Coding Interview. 189 Programming Questions and Solutions by Gayle Laakmann McDowell.
  45. Lights Out: A Cyberattack: A Nation Unprepared. Surviving the Aftermath by Ted Koppel.
  46. Hackers. Heroes of the Computer Revolution by Steven Levy.
  47. Blue Team Field Manual (BTFM) by Alan J White
  48. Nmap Network Scanning. The Official Nmap Project Guide to Network Discovery and Security Scanning by Gordon Fyodor Lyon.
  49. The Hacker Playbook. Practical Guide To Penetration Testing by Peter Ki.
  50. @War. The Rise of the Military-Internet Complex by Shane Harris.
  51. Malware Analyst’s Cookbook and DVD. Tools and Techniques for Fighting Malicious Code by Michael Ligh, Steven Adair, Blake Hartstein, and Matthew Richard
  52. Metasploit. The Penetration Tester’s Guide by David Kennedy, Jim O’Gorman, Devon Kearns, Mati Aharoni
  53. Threat Modeling Designing for Security by Adam Shostac
  54. Crypto. How the Code Rebels Beat the Government-Saving Privacy in the Digital Age by Steven Levy.
  55. Automate the Boring Stuff with Python. Practical Programming for Total Beginners by Al Sweigart.
  56. Gray Hat Hacking. The Ethical Hacker’s Handbook by Allen Harper, Daniel Regalado, et al.
  57. Python Crash Course, 2nd Edition. A Hands-On, Project-Based Introduction to Programming by Eric Matthes.
  58. Hacker, Hoaxer, Whistleblower, Spy. The Many Faces of Anonymous by Gabriella Coleman.
  59. The Ultimate Unofficial Encyclopedia for Minecrafters. An A – Z Book of Tips and Tricks the Official Guides Don’t Teach You by Megan Miller.
  60. The Industries of the Future by Alec Ross.
  61. The Basics of Hacking and Penetration Testing. Ethical Hacking and Penetration Testing Made Easy by Patrick Engebretson.
  62. Cybersecurity: The Beginner’s Guide. A comprehensive guide to getting started in cybersecurity by Dr. Erdal Ozkaya.
  63. Cryptography Engineering. Design Principles and Practical Applications by Niels Ferguson, Bruce Schneier, et al.
  64. Windows Internals, Part 1 User Mode by Pavel Yosifovich, Mark E. Russinovich, et al.
  65. Comptia Network+ Certification All-In-One Exam Guide, Seventh Edition (Exam N10-007) by Mike Meyers.
  66. The Practice of Network Security Monitoring. Understanding Incident Detection and Response by Richard Bejtlich.
  67. Wtf Is My Password. Password Book, Password Log Book and Internet Password Organizer, Alphabetical Password Book, Logbook to Protect Usernames and Passwords, Password Notebook, Password Book Small 6 X 9 by Booki Nova.
  68. Minecraft. Guide to Creation by Mojang Ab.
  69. The Hacked World Order. How Nations Fight, Trade, Maneuver, and Manipulate in the Digital Age by Adam Segal.
  70. This Machine Kills Secrets. How WikiLeakers, Cypherpunks, and Hacktivists Aim to Free the World’s Information by Andy Greenberg.
  71. The Art of Memory Forensics. Detecting Malware and Threats in Windows, Linux, and Mac Memory by Michael Hale Ligh, Andrew Case, Jamie Levy, AAron Walters.
  72. The IDA Pro Book. The Unofficial Guide to the World’s Most Popular Disassembler by Chris Eagle 74.
  73. The Fifth Domain. Defending Our Country, Our Companies, and Ourselves in the Age of Cyber Threats by Richard A. Clarke, Robert K. Knake.
  74. Blue Team Handbook: Incident Response Edition. A condensed field guide for the Cyber Security Incident Responder. By Don Murdoch GSE.
  75. The Cybersecurity Dilemma. Network Intrusions, Trust, and Fear in the International System by Ben Buchanan.
  76. The Hardware Hacker. Adventures in Making and Breaking Hardware by Andrew Bunnie Huang.
  77. The Dark Net. Inside the Digital Underworld by Jamie Bartlett.
  78. Violent Python. A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers by TJ O’Connor.
  79. Cybersecurity Essentials by Charles J. Brooks, Christopher Grow, et al.
  80. Dark Mirror. Edward Snowden and the American Surveillance State by Barton Gellman
  81. CISSP All-in-One Exam Guide by Shon Harris
  82. Minecraft: Guide Collection. Exploration; Creative; Redstone; The Nether & the End by Mojang Ab
  83. How to Measure Anything in Cybersecurity Risk by Douglas W. Hubbard, Richard Seiersen, Daniel E. Geer Jr., Stuart McClure.
  84. Password book: A Premium Journal and Logbook to Protect Usernames and Passwords Modern Password Keeper, Vault, Notebook and Online Organizer with … Calligraphy and Hand Lettering Design) by Lettering Design Co.
  85. Hacked Again by Scott N. Schober
  86. The Shellcoder’s Handbook. Discovering and Exploiting Security Holes by Chris Anley, John Heasman, Felix Lindner, Gerardo Richarte
  87. Cybersecurity for Beginners by Raef Meeuwisse
  88. Cryptography Apocalypse. Preparing for the Day When Quantum Computing Breaks Today’s Crypto by Roger A. Grimes
  89. Extreme Privacy. What It Takes to Disappear in America by Michael Bazzell
  90. Gray Day. My Undercover Mission to Expose America’s First Cyber Spy by Eric O’Neill
  91. Minecraft. Guide to the Nether & the End by Mojang Ab
  92. Minecraft. Guide to Redstone by Mojang Ab
  93. McMafia. A Journey Through the Global Criminal Underworld by Misha Glenny
  94. CCNA 200-301 Official Cert Guide, Volume 1 by Wendell Odom
  95. (isc)2 Cissp Certified Information Systems Security Professional Official Study Guide, 8e & Cissp Official (Isc)2 Practice Tests, 2e by Mike Chapple
  96. Secrets of Reverse Engineering by Eldad Eilam
  97. Linux Basics for Hackers. Getting Started with Networking, Scripting, and Security in Kali by OccupyTheWeb
  98. Confront and Conceal. Obama’s Secret Wars and Surprising Use of American Power by David E. Sange
  99. (isc)2 Cissp Certified Information Systems Security Professional Official Study Guide by Mike Chapple.
  100. Cryptoconomy by Gary Miliefsky.

Vulnerability Patching: Why Does It Fall Short So Often?

Feedzy

Weak threat insight, SecOps competing priorities, and fear of making things worse are key reasons

By Chris Goettl, Director of Security Product Management, Ivanti

It isn’t glamorous. It won’t guarantee a company staff promotion or kudos, but patching is a critical risk prevention function in any environment. Unfortunately, it’s task organizations tend to push aside – until they’re hit with a multi-million-dollar breakdown. Ponemon recently found that 60% of security breach victims say they became breached due to an unpatched known vulnerability. So why, with so much risk in the balance, do many systems remain unpatched? Like many underperforming environments, the answer has many facets: practical, emotional, and operational:

Practical: In the remote working, a threat-rich world that security and operations teams work in, patching often takes a back seat to other threat deterrence tasks like adding in new security access protocols or recovering offboarded assets. Operations also have many competing priorities, not the least of which is strategically mapping out new policies and procedures to better manage an expanded remote workforce and working with the C-suite on desired business outcomes going forward.

Emotional: The inherent fear is that patching updates might cause workflow disruption at a time when organizations are already dealing with the wholesale transition to a more remote/hybrid work environment. Security or operations personnel do not want to be the cause of a miscue – thus, in some instances fear paralysis takes over.

Operational: Knowing which vulnerabilities pose the most threat so patching can be correctly prioritized is a major factor in patching being successful. Many organizations struggle to manage the variety of applications in their environments, the inconsistent frequency of release from most vendors, and the sheer volume of change that can cause operational impacts to users.

Patch Smarter and Faster

Remote working has exacerbated concerns about patching as security and operations teams are facing the fact that remote desktops can be rife with vulnerabilities and reside outside secure network perimeters. SecOps visibility into remote workers’ devices previously was not as much a priority. The new world environment of more devices being used remotely, devices that may not meet on-prem security standards, has opened the door to an increased attack surface, one with considerable gaps in effective patching.

How do organizations move past these barriers to make patching a smoothly running part of SecOps and not another sticky subject during team meetings? Patching technologies have existed for years, yet companies still struggle with vulnerability remediation. It is not so much a technology challenge that companies face, but a challenge of process, politics, and operational impact. There are practices and systems that can be put into place to minimize SecOps concerns about workflow impact and most importantly, fine tune patching to target high-risk threats. Patching processes can also be improved so patching is no longer a time-consuming operational headache. Achieving this will go a long way to breaking down barriers. Strategy improvements include:

Patch Reliability. No administrator responsible for patching can ever completely test the effect of updates on their environment. Typically, teams try to validate impact through test systems and user pilot groups – delaying updates to the point of escalating a threat. Advancements in patch performance intelligence can cut through these delays and accelerate patching based on crowdsourced telemetry of patch performance along with social sentiment gathered from popular social media outlets. This richer repository of data enables SecOps to make quicker decisions on where to focus testing efforts to maximize efficiency and avoid operational impacts.

Risk-Based Prioritization. Many organizations prioritize remediation efforts based on vendor severity. This approach leaves many open to high-risk vulnerabilities that are actively being exploited – vulnerabilities the vendor may have only flagged as important. Expanding the knowledge base here is critical. Obtaining additional metrics of ‘known exploited’ vulnerabilities will give SecOps more data with which to prioritize patching based on real world risks to the organization.

Automated Vulnerability Remediation. Transferring greater knowledge and prioritization into action – and mindful of SecOps time management – means employing a higher degree of automation. The only way to effectively patch and secure remote devices working in the cloud with any degree of efficiency is to bring more automation into the process. Automation can take metrics gained through machine learning and proactively detect, diagnose, and auto-remediate configuration drift, performance, and security vulnerabilities before they reach the threat stage.

Patch Compliance. Service level agreements (SLAs) are important from an operational perspective, but in the world of vulnerability remediation they are absolutely critical. Organizations struggle to stay ahead of threat actors and need to track exposure of vulnerabilities more accurately to ensure they are reducing their window of risk. Getting a more accurate patch-level perspective which maps to the CVEs (common vulnerabilities and exposures) on how long the organization has been exposed, and what assets are outside of SLAs, is critical to reduce overall risk.

Cross-Functional Conversations. SecOps is a useful phrase but in reality, the teams do start with different mindsets when addressing data and risk issues. The common ground from which they can work together to minimize threats is better, objective information on risk of vulnerabilities. That is why machine learning collection of threat patterns – data that can be shared – is an important part of improved patching. Better data will lead to more informed decisions on patch prioritization, giving both teams more confidence that the highest-risk threats are being acted upon first.

Erasing the Barriers

Getting rid of the practical, emotional, and operational barriers to improved patching can be done. Employing automated vulnerability remediation eliminates the constant struggle of teams’ competing time and priorities. Through machine learning intelligence gathering of known exploits and crowdsourced telemetry, SecOps will no longer fear the results of patching. They are proceeding with greater reliability due to more extensive knowledge. This improved patch reliability data delivers actionable intelligence automatically, so teams can act on threats faster and reduce time to patch, lowering operational impact.

About the Author

Chris Goettl AuthorChris Goettl is the Director of Product Management for security products at Ivanti. Chris has over 15 years of experience working in IT, where he supports and implements security solutions for Ivanti customers and guides the security strategy and vision for Ivanti.

Top 100 Cybersecurity Movies

Feedzy

  1. The Computer Wore Tennis Shoes (1969)

In The Computer Wore Tennis Shoes, Kurt Russell stars as an underachieving college student whose intellectual capabilities skyrocket after an electrical accident with a computer when its “brain” fuses with his own. (Note: you’re going to notice this type of theme with multiple movies on this list — someone gets zapped during a storm or electrical overload and, bam, something major happens as a result… yada, yada, yada.)

  1. The Italian Job (1969)

The Italian Job stars Michael Caine as a recently released convicted criminal who recruits infamous computer hackers in the U.K. to steal a shipment of gold in Turin, Italy — all while avoiding the police and Italian mobsters. They do this by hacking the city’s traffic light system to cause a massive city-wide gridlock. This is one of the classic hacker movies that should definitely be included on any list of cyber films.

  1. Colossus: The Forbin Project (1970)

In Colossus, the United States has developed a massive supercomputer (Colossus) to protect the nation from nuclear attacks. However, Russia has created a similar supercomputer, called Guardian, and the two machines begin a dialog. The communication between the two artificial intelligences (AIs) leaves its creator, Charles Forbin, worried about what could result, and so he severs the connection. This leads to Colossus threatening global destruction unless the link is restored. Considering the heightened political tensions going on around this time in our history, it’s understandable why this cyber movie highlighted issues of concern surrounding artificial intelligence (AI).

  1. The Conversation (1974)

The Conversation, which was nominated for three Oscars, stars Gene Hackman as a highly regarded surveillance expert whose work leads to the death of a woman and child and, he fears, will lead to the deaths of a couple if he doesn’t intervene. (Note: Hackman gets to reprise his role as a high-tech wizard again a few decades later in another movie that you’ll see further down the list.)

  1. Three Days of the Condor (1975)

In Three Days of the Condor, Robert Redford stars as a CIA codebreaker who discovers all of his coworkers were murdered. Soon, he realizes that individuals higher up in within the agency are responsible. He then goes into hiding to avoid being killed by a hired hitman while trying to figure out why his own employers want him dead. If you haven’t seen this movie, it’s definitely one to add to your list.

  1. Prime Risk (1985)

In Prime Risk, a female engineer and her friend (played by Julie Collins and Michael Fox) figure out a way to scam ATM machines. In the process, however, they realize they’ve stumbled upon a way to destroy the U.S. Federal Reserve as a whole.

  1. Tron (1982)

Tron stars Jeff Bridges, who plays a hacker/arcade owner whose physical body is transformed into a digital form by a software pirate called Master Control. There, he’s forced to participate in gladiatorial-style games. To outmaneuver his enemy and attempt to escape, Bridge’s character has to team up with a computer program character.

  1. WarGames (1983)

This hacker movie focuses on Matthew Broderick’s teenage genius character as he hacks his way into secret U.S. military program and interacts with its artificial intelligence (AI) system. He thinks he’s playing a video game with the system, not initially realizing that the actions he set into motion, if left unaltered, would lead to a global meltdown as the result of a nuclear war between the U.S. and Soviet Union.

  1. 23 (1998)

23 is a movie that’s based on the story of real-life hackers from Hannover, Germany, in the 1980s. In this film, an orphan uses some of his inheritance to purchase a computer. At first, he just discussed conspiracy theories online but soon dives deeper. Along with a friend, he starts infiltrating military computers.

  1. Disclosure (1994)

This is definitely not one of the hacker movies to watch with your kiddos. In Disclosure, a computer expert goes on the offensive when he finds himself the sexual harassment target of ex-lover-turned-boss who sets out to destroy his career, reputation, and personal life. This star-studded cast includes Michael Douglas, Demi Moore, and Donald Southerland. While the focus of the movie is more on sexual harassment in the workplace, cyber security and technology still play a critical role in Douglas’s character’s efforts to discredit his attacker.

  1. Enemy of the State (1998)

As someone who is a huge fan of Will Smith (and others in this star-studded cast), there’s no way that Enemy of the State wouldn’t make my list. Smith plays a lawyer who is (unknowingly) in possession of video surveillance evidence of a politically motivated crime. He finds himself the target of corrupt politicians who do everything in their power to destroy his reputation, life, and eventually frame him for murder.

  1. Entrapment (1999)

The sexy action-thriller Entrapment, starring Sean Connery and Catherine Zeta-Jones, is about a renowned thief and an undercover art investigator who team up to steal priceless works. The movie is one elaborate caper after another and involves them eventually hacking into a server room or vault to reroute traffic for a high-level stock exchange. Although the technical processes in the movie aren’t necessarily accurate — which I won’t get into without giving away spoilers — it still doesn’t take away from the appeal of the film. Therefore, it stays firmly planted on my list of favorite hacker movies.

  1. Ghost in the Machine (1993)

Ghost in the Machine is about a serial killer whose consciousness transfers to an MRI machine due to a freak accident during an electric storm. In his new form, continues his killing spree using computers, kitchen appliances, and other technologies that are attached to networks and power grids. The title of the movie refers to a phrase from British philosopher Gilbert Ryle in reference to Rene Descartes’ concept of mind-body dualism to describe how a person’s consciousness is its own entity that’s exists independent of the physical brain.

  1. Hackers (1995)

In Hackers, a child hacker-turned-18-year-old meets up with a group of teenage hackers who, together, uncover evidence of a massive embezzling scheme. Unfortunately for them, their cyber intrusion is discovered, and they are blamed for creating a virus that will capsize an oil fleet. They must work together to gather proof of their innocence and to save themselves. Although the “high-tech” data center servers hilariously look like just some colored glass pillars, this movie still claims a place in our hearts.

  1. Johnny Mnemonic (1995)

In Johnny Mnemonic, Keanu Reeves plays a data trafficker who uses his brain as a mule for a computer chip transport sensitive data. Until he gets a delivery that’s too big for the chip! Now he must dodge assassins and complete the delivery in just 24 hours.

  1. Jurassic Park (1993)

While this classic dino movie may not be a hacking movie or cyber security movie in the traditional sense, Jurassic Park definitely involves hacking in a roundabout way. The actions of a hacker-turned-criminal (think insider threat) cause the park’s defense systems to malfunction, allowing the dinosaurs to escape and terrorize the park’s visitors. But it’s also the actions of another young hacker that ultimately reboots the park’s security systems and saves remaining survivors.

  1. Masterminds (1997)

As a movie aimed at teenagers, Masterminds follows a cat-and-mouse battle of wits started when villainous security expert (played by Patrick Stewart) takes an exclusive school full of high schoolers hostage for ransom. His biggest challenge? A rebellious teenage hacker who snuck into the school’s basement just before everything went down. He finds himself in the position of using his wits and prank skills to outwit this criminal mastermind.

  1. Sneakers (1992)

In Sneakers, Robert Redford plays the head of a group of computer and espionage experts — think penetration testing experts to the extreme — who are hired to steal a computer program that’s designed to serve as a universal code breaker. However, things go awry when the device’s creator gets murdered — they become suspects and must do everything within their power to clear their names.

  1. Terminator 2 (1991)

No list of tech, cyber security, or hacker movies would be complete without at least mentioning The Terminator franchise and Skynet, the advanced artificial intelligence that everyone uses as an analogy today for concerns about AI threats. In Terminator 2: Judgment Day, a cyborg identical to the one from the first movie, is sent to protect Sarah Connor’s son, John Connor from an even more advanced model. In this movie, John demonstrates advanced technical skills by bypassing the security systems at Cyberdyne and hacking an ATM machine.

  1. The Matrix (1999)

This science fiction movie blew minds and made millions question reality. The Matrix, which stars Keanu Reeves, is about a hacker who learns that he — and the rest of mankind — is living in a simulated reality constructed by super intelligent and evolved computers that intend to keep humanity its prisoners of war to use their bodies as a source of organic fuel. Reeves’ character, known as Neo, teams up with a small group of mysterious rebels to continue their war against the controlling forces.

  1. The Net (1995)

This hacker movie is a personal favorite from my childhood, although its theme of identity theft is all too real for many nowadays. In The Net, Sandra Bullock plays a reclusive computer programmer who is just looking to enjoy a little time off when she finds herself tangled up in the conspiracy of a group of cybercriminals. Some of her colleagues mysteriously die, her identity is erased, and her life — and the lives of those around her — hangs in the balance.

  1. Gamer (2009)

Personally, I wasn’t a big fan of this movie (despite it starring Gerard Butler and Michael C. Hall, aka Dexter Morgan from the TV show Dexter). However, I’ve seen it included on multiple sites’ lists of the best hacker-related movies, so I figured I’d put aside my own feelings and (begrudgingly) include it as well. In Gamer, a teenager controls a death-row inmate with a remote gaming device. The inmate is forced to fight other prisoners every week in a violent showdown. He seeks to find a way to end the game and defeat the inventor, to win his and his wife’s freedom.

  1. Live Free or Die Hard (2007)

This fourth installment of the popular Bruce Willis movie franchise involves a disgraced Department of Defense employee-turned-cyber terrorist (played by Justin Long) launching a large-scale cyber attack to disable the U.S.’s vulnerable computer infrastructure and crash the economy. The main character, John McClane — the NY detective who is “always in the wrong place at the wrong time” (played by Willis) — once again finds himself in the unenviable position of having to save the day. Only this time, he does it with the assistance of a young hacker (played by Timothy Olyphant).

  1. Minority Report (2002)

Minority Report, which takes place about 25 years from now, follows a specialized police division known as Pre-Crime that is authorized to arrest people who before they commit future crimes. The unit’s chief, played by Tom Cruise, himself is accused of being responsible for a future murder and winds up going on the lam to escape capture and arrest by his own team.

  1. Swordfish (2001)

In Swordfish, an elite hacker (played by Hugh Jackman) who was imprisoned for infecting an FBI program was recently released from prison. A woman and her criminal employer (played by Halle Berry and John Travolta) recruit him for the purpose of getting him to write a worm to steal $9.5 billion from a government slush fund. But not everything is as it seems.

  1. The Bourne Ultimatum (2007)

The Bourne Ultimatum, the third movie in the Bourne series, involves operative Jason Bourne (played by Matt Damon) teaming up with an investigative reporter to track down those who betrayed him. In the meantime, a CIA official is trying to assassinate Bourne before his memory returns.

  1. The Girl with the Dragon Tattoo (2009 and 2011)

There are actually two versions of the same film that came out just two years apart. Because they’re so close together, I’m just lumping them into one callout. The first version of the film stars a Swedish cast, and the second version was released two years later and stars Daniel Craig and Rooney Mara. The premise of the films follows a journalist who enlists the help of a young hacker in his quest to track down a woman who has been missing for several decades. The movies are based on one of the books in the bestselling novel series “The Millennium Trilogy.”

  1. The Italian Job (2003)

This version of The Italian Job, which is a different take on the plot of the original 1969 film, stars Mark Wahlberg, Ed Norton, and Donald Sutherland. Rather than being a comic caper movie about the planning of a heist in Turin, this involves the main character being betrayed and left for dead in Italy, and then planning a heist against a former ally. Although it borrows from much of the original screenplay, it does take creative license and takes the story in a different direction. For me, though, it’s an interesting film on its own merit but I still prefer the original.

  1. V for Vendetta (2005)

Funnily enough, V for Vendetta, which is based on a 1980s graphic novel by Alan Moore, is set to take place in 2020. In it, the population of the U.S. is nearly wiped out by a virus, and Britain is a police state that’s ruled by a dictator “who promises security but not freedom.” Natalie Portman’s character, Evey, is saved from being raped by plainclothes police by an unknown actor known only as V (played by Hugo Weaving), and she ends up joining him in his mission of overthrowing the government in power. Although the movie doesn’t technically involve a hacker, per se (he hacks into the fate computer in the graphic novel series but not in the movie adaptation), it’s what inspired the use of the Guy Fawkes masks that are used to represent members of the real-world international hacker group Anonymous.

  1. Untraceable (2008)

The horrifying thriller Untraceable stars Diane Lane as an agent in the FBI’s Cyber Crimes Division who is trying to track down a hacker who is brutally killing people while the world watches via live streaming. And to make matters worse, the more people who view his site, the faster his victims die.

  1. Blackhat (2015)

In Blackhat, when a nuclear power plant in Hong Kong and the Mercantile Trade Exchange in Chicago are hacked, the FBI and Chinese government team up to track down the cybercriminals responsible for the cyber attacks. They bring in a convicted hacker (played by Chris Hemsworth) to help with the investigation. This hacker movie was lauded much acclaim within the cyber security and hacker communities because of its accuracy in some aspects of the film — for example, (SPOILER ALERT) the way that a bank network hack occurs from a compromised USB drive. It’s a must-see and guaranteed title for this list of hacker movies.

  1. Inception (2010)

This mind-bender of a movie follows a professional thief, played by Leonardo DiCaprio, who uses a form of information-extracting technology to steal corporate secrets from the subconsciousness of victims. However, he’s also a fugitive father who misses his kids. So, when he’s offered a chance to make his criminal history go away in exchange for “hacking” a CEO by implanting a false idea in their head, he initially agrees but soon realizes that things are not what they seem and gets second thoughts.

  1. I.T. (2016)

In I.T., a corporate executive and millionaire, played by Pierce Brosnan, finds his life turned upside-down when he works with an I.T. consultant and finds him getting too close to him and his family. When he fires him, things go wrong very quickly.

  1. Mission Impossible: Ghost Protocol (2011)

This is definitely one of my favorite hacker movies. Ghost Protocol, the fourth movie in the popular Mission Impossible series, involves a decent enough helping of hacking, password cracking, cryptography, and network hijacking action for any thriller and tech fan. His government disavows when Ethan Hunt (a role reprised by Tom Cruise) is blamed for a terrorist attack on the Kremlin, both he and his employer agency IMF. He’s forced to go off the grid and teams up with other fugitive IMF operatives to prove their innocence.

  1. Skyfall (2012)

Skyfall, the 23rd movie in the James Bond movie franchise, brings Bond (played by Daniel Craig) back to memories of his own childhood and tests his loyalty to M (played by Judy Dench) when her own past comes back to haunt her. When MI6 becomes compromised, Bond is the only ally M can trust to face down a mysterious hacker genius. This movie includes some big hacking scenes, although I’ll leave evaluating the accuracy of the actual hacking to the experts.

  1. Snowden (2016)

Snowden is a biopic of the real-life former National Security Agency (NSA) contractor Edward Snowden (played by Joseph Gordon-Levitt) who became one of the world’s most famous whistleblowers. He uncovered and shared with the world about the virtual mountain of data that was being collected on ally foreign governments and American citizens alike. It’s a must-have for any list of must-see hacker movies.

  1. The Imitation Game (2014)

The Imitation Game is about a time during World War II when British intelligence agency MI6 hired Alan Turing (played by Benedict Cumberbatch) to crack Germany’s top-secret Enigma code.

  1. The Social Network (2010)

While Facebook now always seems to be making headlines for one reason or another — often not positive ones — there was once a time when no one had heard of it. Largely, because it didn’t yet exist. This movie The Social Network is based on the story of Mark Zuckerberg (played by Jesse Eisenberg), the Harvard computer genius-turned-creator of the social networking site that was once known as “The Facebook.” Whether you love or hate Facebook, regardless, you can’t deny the popularity of the platform which is used by 2.4 billion users as of Q3 2019. So, on the list of hacker movies it goes!

  1. Who Am I (2014)

Who Am I is a German techno-thriller hacker movie about a subversive hacker group in Berlin that’s intent on gaining global fame.

  1. Ghost in the Shell (2017)

Ghost in the Shell is a popular science fiction manga created by Masamune Shirow that has been adapted for television, video games and cinema but always in animation format. On March 31, the adaptation of Ghost in the shell with flesh and blood actors and actresses arrives in Spanish cinemas. Scarlett Johansson has been in charge of bringing to life the futuristic cyborg secret police (cybernetic organism), Major Motoko Kusanagi, which fights against technological crimes.

  1. Sneakers (1992)

One of the best hacking movies for cybersecurity on our list is Sneakers released in 1992. Robert Redford stars in Sneakers as a computer genius Martin Bishop. Martin leads a group of I.T. experts who are in charge of the security systems of large companies. All of them are involved in a situation that forces them to work for a secret agency for which they will have to steal a black box capable of deciphering codes.

  1. Pirates of Silicon Valley (1999)

The origin of Microsoft and Apple is the central plot of Pirates of Silicon Valley. Based on the book by Paul Freiberger and Michael Swaine, Fire in the Valley: The Making of the Personal Computer. It explains the rivalry that existed between Steve Jobs and Bill Gates in the development of the personal computer. Several Steve Jobs films have been directed, such as Jobs (2013) with Ashton Kutcher and Steve Jobs (2015) with Michael Fassbender, directed by Danny Boyle.

  1. Takedown (2000)

Also known as Hackers 2 and Track Down in the U.S. This take-down best hacking movie is a film based on real events. The story is based on the book of the same name (Takedown) written by journalist John Markoff and by Tsutomu Shimomura, a computer security expert who tells in the book his personal experiences. Takedown deals with how Tsutomu Shimomura helped the FBI capture Kevin Mitnick, a famous hacker who, even while on probation, tried to hack Shimomura’s computer security system. In short, an epic pursuit in cyberspace.

  1. Hackers 3

Also known as Hackers 3, Antitrust criticizes monopolistic practices in the 1990s. Milo Hoffman (Ryan Phillippe), a computer genius, is invited to work for one of the world’s largest technology companies. After the death of his best friend, Milo begins to suspect if his new job had anything to do with it. The fictitious company Milo starts working for was linked to Microsoft and its fictitious owner Gary Winston to Bill Gates.

  1. The Hacker Wars (2014)

Though crime may seem disingenuous due to it being behind screens, there is a lot at stake regarding our right to privacy, politics, and even more–this film takes a closer look at what exactly hackers are fighting for and why.

  1. The Imitation Game (2014)

An early example of a notorious hacker, Alan Turing must crack the code of the German Enigma to help bring an end to the atrocities of World War II.

  1. Algorithm (2014)

After a freelance computer hacker stumbles upon a hidden government computer program, he must come to terms with a revolution that is bursting at the seams with innovation and danger.

  1. DSKNECTD (2013)

Smartphones and social media have undoubtedly connected humans in many ways previously unknown while seemingly disconnecting us in others–this film looks at how society has changed following these technological revolutions, looking at both the pros and cons of constant connection to the Internet.

  1. DEFCON: The Documentary (2013)

This movie is an extensive look into the world’s largest hacking conference with a one-time allowance for a film crew to bypass the notorious “no cameras” rule to document the event, the people attending, and what it means to take part in the hacking community worldwide.

  1. Hacking Democracy (2006)

American activists search for the root of a potential miscount in the 2004 presidential election, revealing flaws about the current system of voting digitally.

  1. Firewall (2006)

A man mostly familiar with security must save his family by dismantling and robbing the bank he works at to have the money to pay their ransom.

  1. Reboot (2012)

When a hacker awakens from a deep sleep after a traumatic event, she discovers an iPhone glued to her hand and a mysterious timer that is ticking away.

  1. We Steal Secrets: The Story of WikiLeaks (2013)

This documentary investigates the origins of WikiLeaks, the website created by Julian Assange that presented stolen information from the US government to bring justice to corruption. The film explains how this ended up being a big part of the most significant security violation in US history and examines the effects it had on democracy and cybersecurity.

  1. Takedown (2000)

Hacker Kevin Mitnick rose to prominence with his controversial arrest in 1995–this movie is a re-telling of the events leading up to this arrest, going deep into his hacking origins and interest in social programming.

  1. Antitrust (2001)

After landing his dream programming job at a Portland-based company, one man is shocked to discover the dark side of the process, being forced to confront unethical and ruthless tactics used by his boss.

  1. Revolution OS (2001)

Though Microsoft ruled the computer market of the early 2000s, this film goes into the fanbase of users who were disillusioned by the company and preferred more open-source methods, leading to the development and cultivation of Linux and other OS methods.

  1. Hackers Are People Too (2008)

This humanizing look at hackers dismantles common tropes and stereotypes about hackers, creating a portrait of a community that was constructed by the community it speaks about.

  1. Colossus: The Forbin Project (1970)

After the U.S. government sets up a computer system to handle its nuclear missile defenses, it develops a mind of its own.

  1. The Net (1995)

After stumbling upon a conspiracy, a programmer’s life is changed immediately as she is given a new identity as a result of her exposure to the classified information. As she figures out what is going on, the society begins to be anguished by peril.

  1. We Are Legion: The Story of the Hacktivists (2012)

This documentary describes the creation and sustainability of the self-described “hacktivist” group Anonymous, what they stand for, and how they run their organization on the internet.

  1. The Fifth Estate (2013)

Based on a real story, an internet start-up filled with controversy is dissected by those within it to understand how it functions and if it can continue efficiently and ethically.

  1. Eagle Eye (2008)

Two strangers are unified by a phone call that subsequently threatens not only their lives but also their families. Through the use of technology, they are tracked and coerced into dangerous situations against their own will, leaving them to find a way out.

  1. The KGB, the Computer and Me (1990)

A thrilling but true story, after finding a discrepancy while working at the Lawrence Berkeley Laboratory in 1986, Clifford Stoll must figure out precisely what is going on as he races to find out who is hacking the system. This search takes him all the way to Hannover, Germany and reveals the perpetrator to be Markus Hess, disclosing ties to the KGB in the midst of a curious operation.

  1. Virtuosity (1995)

An ex-cop is tasked with stopping a computer simulation created from the personality profiles of serial killers after it creates a human body and begins replicating infamous murders in real life, seeking to improve on the originals

  1. Foolproof (2003)

Leading a group that focuses on pulling off heists, Kevin, Sam, and Rob find themselves forced to pull off the most extensive heist yet after being blackmailed by a gangster. They soon realize this is a dangerous mission, opening up a struggle to complete the task and stay alive in the process.

  1. Real Genius (1985)

While these teenage geniuses are developing a laser for a university project, they begin sabotaging the project after discovering that their professor intends to use the weapon for military-grade action.

  1. The Triumph of the Nerds: The Rise of Accidental Empires (1996)

Beginning in the 1970s, this movie looks at the modest beginnings of the computer industry up until the Dot-com boom of the 1990s, focusing on its creators and how they were able to change the world from their parents’ garages.

  1. War for the Web (2015)

This documentary sheds light on how the Internet works, unmasking its physical infrastructure and raising questions about ownership and precautions against monopolies in the modern marketplace.

  1. GoldenEye (1995)

James Bond must save the world from a nuclear disaster by someone whom he thought was dead, teaming up with a survivor from a Russian research center to solve the mystery.

  1. Hackers: Wizards of the Electronic Age (1984)

Providing an old look at hacking, this documentary from the 1980s consists of interviews taken from a 1984 hacker conference in California, shedding light on the hacker community of the time.

  1. One Point O (2004)

A young computer-programmer can’t figure out how to complete a code he is working on and doesn’t know why. When unknown packages show up at his door one day, he must figure out their origins through a daring investigation.

  1. In the Realm of the Hackers (2003)

Having just completed one of the most comprehensive hacks of its time (the 1980s), mysterious hackers Electron and Phoenix had nearly gotten away with stealing a security list to break into one of the world’s most classified systems before one of them outed themselves to the New York Times. This documentary focuses on their arrests ten years after it happened, using that as a gateway to discuss the ethics and risk of underground hacking.

  1. Cyberbully (2015)

A teenager is blackmailed through the internet by a criminal as a result of her cyberbullying others and is forced to follow the hacker’s commands to avoid having lewd photos of her posted online.

  1. Code 2600 (2011)

Our society has already changed incredible amounts in the past 20 years, the era that is commonly referred to as the Info-Tech Age. This film explores the pros and cons of how our improved connectivity has affected our lives.

  1. The Matrix Revolutions (2003)

Neo must continue to understand his place within a limbo world as an isolated number of humans begin to understand their position trapped in a virtual reality dream against their will.

  1. The Accountant (2016)

An accountant begins working for a new client and quickly realizes it is a more dangerous job than he expected, bringing in technological advancements and threats.

  1. Silicon Cowboys (2016)

The developers of the Compaq portable computer faced a difficult fight against IBM in the 1980s as the personal computer became accepted in the mainstream–this documentary highlights their hardships and tribulations.

  1. Hacker (2016)

The young, Ukrainian hacker Alex Danyliuk turns to a life of criminal hacking after his mother loses her job, targeting banks along the way.

  1. Risk (2016)

Focusing on the life of Julian Assange, this documentary details his philosophy and upbringing, including the controversies he endured as the founder of WikiLeaks.

  1. Hackers Wanted (2009)

An exploration of the ethics behind hacking, Hackers Wanted uses the work of Adrian Lamo to speak about the reasons why people begin hacking and the included repercussions.

  1. Julian Assange: A Modern Day Hero? Inside the World of WikiLeaks (2011)

This documentary focuses on the impact and history of WikiLeaks, taking an unbiased approach to describe its infamous founder, Julian Assange.

  1. Secret History of Hacking (2001)

This documentary provides an extensive look at hacking, looking at the phone phreak phenomenon of the late 20th century and hackers such as John Draper (Captain Crunch), Steve Wozniak, and Kevin Mitnick.

  1. Disconnect (2012)

The digital age can connect us, sure, but it can also be very isolating–this film explores what it means to feel lonely in a world where everybody is connected.

  1. We Live in Public (2009)

The life of Josh Harris is a complicated one. This documentary investigates that life, following the entrepreneur’s career as the founder of JupiterResearch and Pseudo.com, the Dot-com bubble, an art project he did to project Orwellian ideas, and discussing what it means to broadcast our lives in the 21st century.

  1. Indie Game: The Movie (2012)

Indie developers don’t have it easy–this movie explores what precisely this means, focusing on the personal, financial, and creative endeavors that must be troubleshooted to create a successful indie game.

  1. Algorithm (2014)

After a freelance computer hacker stumbles upon a hidden government computer program, he must come to terms with a revolution that is bursting at the seams with innovation and danger.

  1. Startup.com (2001)

Any company beginning their journey as a startup on the internet is sure to face many complications along the way–this film explores the tribulations thrust upon the website govWorks.com, documenting its rise and eventual fall.

  1. The Imitation Game (2014)

An early example of a notorious hacker, Alan Turing must crack the code of the German Enigma to help bring an end to the atrocities of World War II.

  1. Talhotblond: (2009)

Exploring the nuances of online dating and how “everybody lies online”, this movie looks into the murder of 22-year-old Brian Barrett, who was the subject of a psychological game played by a middle-aged woman.

  1. Alphaville (1965)

After a U.S. agent is sent to the futuristic city of Alphaville to solve a mystery, he must take on the burden of the town and begin navigating the technological dystopia to find a missing person and eventually stop the ruling dictator.

  1. Smart House (1999)

When a genius teenager and his family win a computer house that has a mind of its own, they begin to become afraid once it starts resembling a controlling mother and making their lives more difficult than they had expected.

  1. NetForce (1999)

Internet becomes the world’s central nervous system. Netforce, FBI, is created as an elite force fighting crime on internet. The owner of the all dominating software company is suspected of trying to gain total access and control.

  1. “Blackhat” (2015)

Nicholas Hathaway (Chris Hemsworth) consults with FBI Special Agent Carol Barrett (Viola Davis) in Legendary’s “Blackhat,” from director/producer Michael Mann. (Legendary Pictures)

  1. The Circle

In recent years, there’s been lots of hype around Big Brother, microchip implantation, and mass surveillance. And this is the movie that shows you how transparency and privacy can be taken to a new level. Released in 2017, the main cast of “The Circle” includes Emma Watson (“Harry Potter”), Tom Hanks (“Sully”), and John Boyega (“Star Wars: The Force Awakens”). Mae, played by Watson, gets a job in IT at the world’s largest and most powerful tech and social media company. Convinced by the company’s founder, she agrees to participate in an experiment that pushes the boundaries of privacy, ethics, and ultimately her personal freedom.

  1. Disconnect

We can all relate to how the internet has an ever-increasing impact on people’s lives. Released in 2013, “Disconnect” brings the audience three different, and yet somehow overlapping, storylines: a victim who suffers from cyberbullying, a lawyer who communicates constantly through his cell phone but can’t find time to connect with his family, and a couple whose secrets are exposed online. An interesting aspect of the movie is that all the conflicts and relationships stem from laptops, iPads, and cell phones. Watch “Disconnect” to discover the gulf between online and real-world interactions.

  1. The Fifth Estate

The Fifth Estate is a 2013 biographical thriller film directed by Bill Condon about the news-leaking website WikiLeaks. The film stars Benedict Cumberbatch as its editor-in-chief and founder Julian Assange and Daniel Bruhl as its former spokesperson Daniel Domscheit-Berg. Anthony Mackie, David Thewlis, Alicia Vikander, Stanley Tucci, and Laura Linney are featured in supporting roles.

  1. The Great Hack

The movie lays out the nuts and bolts about the Facebook data breach scandal with Cambridge Analytica. Thought-provoking, powerful, and even scary, the documentary will shock you into facing the reality of our online lives and make you think twice before revealing any personal data.

  1. Take down

Takedown is based on the true story of infamous hacker Kevin David Mitnick and his nemesis Tsutomu Shimomura. This hacker movie paints the picture that Mitnick was the blackhat while Shimomura was the whitehat. Mitnick did eventually go to prison, but the real story is probably more nuanced than just black and white. The movie offers a fairly accurate background of the world of hacking and why it’s so alluring for certain impulsive and savant type personalities.

  1. Pi (1998)

After programming his computer to make stock predictions, having it print out one reading, then watching it crash, Max Cohen quickly finds himself with an accurate reading as he realizes that his computer was right. This epiphany sends the number theorist on a chase to find out much more than he bargained for, causing intense distress along the way.

  1. Ghost in a shell

Seems like 1995 was a great year for hacking movies. This beautiful animated Japanese sci-fi movie is based on a cyborg policewoman Major and her partner hunting a cybercriminal called the Puppet Master, who hacks into the brains of cyborgs to get information and use it to commit crimes. Definitely, one to watch for its deep gripping mood and quite a philosophical approach to evolving cyber advancements.

  1. The code

This documentary cybercrime movie will engage you in the history of Linux. You’ll learn more about ideologies that underpin GNU and Open Source. The picture explains why Linux became so popular with users and dwells upon the giFT peer to peer network. Though created for a Finnish audience, the movie has its fans worldwide.

  1. Citizenfour, 2014

A documentary film about Edward Snowden. The original one. Created by Laura Poitras this film includes actual interviews of Snowden in Hong Kong in 2013 and features work by journalist Glenn Greenwald.

  1. Zero Days, 2016

This documentary brings into focus the computer worm named Stuxnet, or “Operation Olympic Games”, that was developed by the US and Israel to damage Iran’s nuclear program. Director Alex Gibney handles the storyline so powerfully that it makes viewers question – is it reality or fiction?

  1. Mr. Robot

Inspired, apparently, by American journalist Barrett Brown — who doesn’t know how to hack and is not in the least technically minded by his own public admission — Mr. Robot made quite a splash in the information security community because the show’s technical advisors went to great pains to get the technical details right.

  1. In Ascolto

Another European favorite, this time in Italian. We struggled to find a trailer for In Ascolto in English, so we’ll have to rely on the IMDB plot summary: “Estranged by the degree of corporate influence within the largest U.S. listening station in the world, an aging NSA officer defects and mounts a clandestine counter-listening station high in the Italian alps.”

Data Risk, Intelligence and Insider Threats

Feedzy

When it comes to securing networks in today’s business environment, the single biggest challenge firms must contend with is that of the insider threat.

While the term is typically associated with corporate espionage or perhaps disgruntled workers, this threat is mostly not caused by malicious actors.

The insider threat simply refers to the damage caused by individuals who are granted legitimate access to an organization’s digital infrastructure. Most commonly, the threat of insiders takes the form of unintentional data leaks by employees. Emails containing sensitive files, data transfers to the wrong department, the granting of access to unauthorized parties. All of these and many other slips can result in serious cases of data loss and exposure.

Indeed, it has long been recognized that the majority of data loss results from the actions of insiders. Notable cases of data exfiltration, often involving extremely sensitive information, has been attributed to negligent or inadvertent users.

These facts have serious implications for enterprise information security. The millions in assets and man-hours devoted to protecting the network from the outside could probably be put to better use improving employee interaction with their own data.

GTB’s Data Security That Workstm solutions takes a head-on approach to solving this most basic of data security challenges.

Better Awareness Equals Safer Data

With the belief that education is the most important aspect of security, the GTB platform is designed to build user awareness regarding the data they regularly interact with. The GTB Inspector is built to stop embarrassing or costly mistakes users make on a daily basis. With the GTB Inspector, an organization has the ability to notify/educate employees of a potential security breach or policy infraction with providing the ability to remediate. Powered by artificially intelligent algorithms, GTB technology uses a wide variety of methods to promote secure behavior and interaction with the network and company data. Business insight, contextual indicators, and behavioral analysis form the foundations of the protective protocols.

How it Works

When GTB’s platform identifies potentially compromising activity, it can take several automatic measures to prevent any data loss from taking place. Depending on the incident, IT can be immediately notified or the action being taken or transfer being attempted can be blocked.

GTB’s state-of-the-art technology takes on data security violations at their most common root. By raising awareness and educating the end user about cybersecurity and corporate policies, GTB solves the data loss challenge both affordably, and with the highest accuracy in the market today.

For more information about securing your sensitive data including from Remote users, go to www.gttb.com

Top 100 Cybersecurity News Sites

Feedzy

With millions of websites and downloadable files available on the internet, potential risks of security breach are high, especially with the fast development in technology. In this article, we will list top 100 cybersecurity news sites so you can stay updated and on the lookout.

1. Infosecurity-magazine

Website: https://www.infosecurity-magazine.com/

InfoSecurity Magazine tackles all that relates to big data, encryption, cybercrime and so much more. They also hold weekly podcasts in which they several other topics.

2. Cyber Defense Magazine

Website: https://www.cyberdefensemagazine.com/

The website is home to the most prominent writers in the field of Cybersecurity and IT. Their aim is to share knowledge with the world and keep people safe from malwares, data breaches and so much more.

3. Security Week

Website: https://www.securityweek.com/

First on our top 100 cybersecurity news sites is SecurityWeek.com. It is a website moderated by a team of IT security experts. They constantly provide their readers with the latest news about Cybersecurity.

4. The Hacker News

Website: https://thehackernews.com/

The hacker new is one of the post popular and most trusted cybersecurity news website on the internet. It has received national recognition and several awards.

5. Cyber Security Magazine

Website: https://www.cybersecuritymagazine.com

The website focuses on news regarding cybersecurity news for consumers with a series of informative articles.

6. E-Hacking News.

Website: https://www.ehackingnews.com/

E-Hacking news’ top topics are Malware, Mobile Security and Data Breach. If you want to keep yourself safe, we highly recommend that you pay the website a visit whenever you can.

7. We Live Security

Website: https://www.welivesecurity.com/

If you are looking for the latest news about privacy, cybersecurity and keep yourself away from scams, WeLiveSecurity will keep you safe and updated.

8. Comodo News.

Website: https://blog.comodo.com/

If you are just beginning to enter the wide field of security, Comodo News simplifies matters as much as possible for its readers and at the same time provide all the information you will need.

9. Help Net Security

Website: https://www.helpnetsecurity.com/

This website is focused on cybersecurity business news and the security of your enterprise.

10. CSO

Website: https://www.csoonline.com/news/

Available in 5 regions including USA, UK and India, CSO offers its readers news about data protection and the continuity of business. The articles posted here contain enough tips to keep your information safe.

11. Dark Reading.

Website: https://www.darkreading.com/

There is no doubt that the Dark Reading is one of the most popular cyber security websites. A trusted source with thousands of readers every day led by security specialists, researchers and chief information security officers.

12. The Security Ledger

Website: https://securityledger.com/

Although they post less frequently, The security ledger is amongst the top 100 cybersecurity news websites that is worth visiting.

13. SCmagazine

Website: https://www.scmagazine.com/

With 30 years of experience, SC Magazine share everything related to cybersecurity industry through a team of experts and specialists.

14. Information Security Buzz

Website: https://informationsecuritybuzz.com/

ISBuzz News’ team will offer you guidance and opinions about everything related to cyber security alongside with the latest news

15. GBHackers On Security

Website: https://gbhackers.com/

Everyday there is a news story on GBHackers that covers cybersecurity in all its aspects.

in all its aspects.

16. Techworm

Website: https://www.techworm.net/

Your privacy is their goal. Techworm specialists are obsessed with cybersecurity. They will bring you news from all over the world to reach on your comfortable couch.

17. Bank Info Security

Website: https://www.bankinfosecurity.com/news

If you are on the hunt for cybersecurity Business news websites, you will not find better than BIS. They specialize in covering risk management and information security.

18. HackRead

Website: https://www.hackread.com/

For cybersecurity consumer news websites, you will find that Hack Read answers all your questions through a wide array of informative articles.

19. The CyberWire

Website: https://thecyberwire.com/

Cyber Wire is an independent website that managed to become one of the top cybersecurity news providers on the internet. They deliver information in the simplest way possible for you to fully understand.

20. Cybers Guards

Website: https://cybersguards.com/

If you are interested in Cybersecurity, chances are you have already heard of Cyber Guard. If not, then there is no better time to read more about cyber attacks and how to keep your data safe.

21. IT Security Guru

Website: https://www.itsecurityguru.org/

This website will keep you posted regarding the latest cybersecurity and IT news.

22. Infosecurity

Website: https://www.infosecurity-magazine.com/

With ten years of experience, this website have award winning cybersecurity and IT specialists who write articles of the latest news in their field of work.

23. CyberNoticeBoard

Website: https://www.cybernoticeboard.com/

Through reading the news on Cyber Notice Board, you will be able to keep your cyberspace secure from any malicious attacks and stay updated on what is new.

24. Internet Storm Center

Website: https://isc.sans.edu/

ISC started fighting cyber-attacks since 2001 with the help of international forces of the same interest. They post new articles as well as podcasts on daily basis.

25. Virtualattacks

Website: https://virtualattacks.com/

Get yourself acquainted with future cybersecurity trend before they even occur. Virtual Attacks give in-depth cybersecurity news and what should be done to prevent such attacks.

26. K12

Website: https://k12cybersecure.com/

The K-12 Cybersecurity Resource Center if focused on cybersecurity research as well as daily news. It is the most information packed website on our top 100 cybersecurity news websites

27. Binary Blogger

Website: https://binaryblogger.com/

This website offers news in the form of articles, podcasts and through social media. Cybersecurity is their strongest field and through using their materials, you will keep your data safe.

28. Binary Defense

Website: https://www.binarydefense.com/

The news section of Binary Defense is packed with useful information to keep yourself safe from Cyber-attacks.

29. Gov Info Security

Website: https://www.govinfosecurity.com/

GIS is amongst the best cybersecurity Government news and one that is worth checking on daily basis. Cybercrime amongst others, is a strong subject in which they specialize.

30. Hacker News Bulletin

Website: http://www.hackersnewsbulletin.com/

The specialists in this website will give you all the news and tip you need to keep yourself updated and secure from malicious cyber-attacks.

31. Cyber Safe

Website: https://www.cybersafe.news/

Cyber Safe is amongst the most well informed website in cybersecurity news. They bring hot topics to the table before they are posted anywhere else.

32. Search Security.

Website: https://searchsecurity.techtarget.com/

Search Security is an award winning website that covers everything related to cyber security and safety. They post more than 3 times a day and provide tips on how to keep your data secure.

33. Naked Security

Website: https://nakedsecurity.sophos.com/

If it is advice, opinion or tips regarding cyber security, Naked Security will provide you with that and much more.

34. Security Gladiators

Website: https://securitygladiators.com/internet-security-news/

With internet security as their field of expertise, Security Gladiators is leading provider of cybersecurity consumer news about technology, streaming and gaming.

35. Daniel Miessler

Website: https://danielmiessler.com/

It may sound too much for a one man, but Daniel Miessler is a professional and can be considered a force when it comes to Cybersecurity. He writes news and guide that you will find very useful.

36. Adam Shostack & Friends

Website: https://adam.shostack.org/

At first glance, it may not look like a perfectly designed website, but it contains huge loads of information and news about cybersecurity.

37. Tripwire’s State of Security.

Website: https://www.tripwire.com/state-of-security/

The website welcomes posts and news from the most prominent professionals in cybersecurity field. It won several awards for the work they provide.

38. The Last Watchdog

Website: https://www.lastwatchdog.com/

The website is founded by the Pulitzer winning writer Byron V. Acohido. An expert in cyber security and privacy.

39. Threat Post

Website: https://threatpost.com/

The website dives deeper into every aspect of cybersecurity and thus providing the readers with both articles and podcasts.

40. Tao Security.

Website: https://taosecurity.blogspot.com/

Although it is a simple blog, Richard Bejtlich makes sure to keep his reader updated regarding the latest cybersecurity news.

41. The Akamai Blog

Website: https://blogs.akamai.com/

You can consider Akamai as an open forum to discuss cybersecurity news and at the same time a website from which you will be able to get the most recent news.

42. Bleeping Computer

Website: https://www.bleepingcomputer.com/news/security/

The news section of bleeping computer has all that you need to keep yourself educated about cybersecurity.

43. Schneier

Website: https://www.schneier.com/

This is one of the most celebrated cybersecurity managed by the world-renowned cybersecurity technologist Bruce Schneier.

44. Graham Culely.

Website: https://grahamcluley.com/about-this-site/

Since 2009, Graham has been an avid cybersecurity professional and have now put all his experience in his blog in which he shares news and tips constantly

45. Krebs On Security

Website: https://krebsonsecurity.com/

Kerbs a cybersecurity writer and reported, he brings to light news and information about the industry.

46. Cyware

Website: https://cyware.com/cyber-security-news-articles

The security section of Cyware is constantly updated with the latest news on cybersecurity.

47. Dan Kaminsky

Website: https://dankaminsky.com/

Dan’s blog covers everything related to security. He is a leading expert in cybersecurity who shares his experience on the web.

48. Hacking Articles

Website: https://www.hackingarticles.in/

Hacking articles contain all information you need about cybersecurity. Each day, more content is added.

49. Security Bloggers Network

Website: https://www.infosecinstitute.com/

This is a collection of more than 250 websites and blog about cybersecurity.

50. Liquid Matrix.

Website: https://www.liquidmatrix.org/blog/

A blog full of long articles about cybersecurity with in-depth details.

51. Troy Hunt.

Website: https://www.troyhunt.com/

You have probably heard of the name, but if have not; Troy is security expert who dedicated his time to share his experience with readers.

52. Marco Ramilli

Website: https://marcoramilli.com/

Marco Ramilli’s Blog is an outstanding source of information and news about cybersecurity in all aspects.

53. Zero Day.

Website: https://www.zdnet.com/blog/security/

Zero Day is known for being fast with delivering the most recent cybersecurity news to the readers.

54. Notice Bored

Website: https://blog.noticebored.com/

Gary Hinson posts the most recent news and topics about cybersecurity every day

55. SecurityTrails

Website: https://securitytrails.com/

ST provide weekly posts and news, you can consider it as a summary of what happens every week in cybersecurity.

56. PerezBox

Website: https://perezbox.com/

With more than 16 years of experience, Tony know the industry very well and helps his readers stay updated through sharing articles and blogs.

57. Cytelligence

Website: https://cytelligence.com/

Daniel Tobok have managed to help several companies secure their data and information and now he is sharing his experience with readers and bringing them news.

58. Talos

Website: https://blog.talosintelligence.com/

The team at Talos care most about making people’s data safe from malicious attacks, they share cybersecurity news as well as podcasts.

59. Security Affairs

Website: https://securityaffairs.co/

Considered as Europe’s best personal security blog, news and information related to cybersecurity is shared daily.

60. FSecure.

Website: https://blog.f-secure.com/

This blog contain a huge amount of information and news about cybersecurity and mobile security in particular.

61. Hacker Combat.

Website: https://hackercombat.com/

Hacker Combat has one of the most educated community about cybersecurity; they share news and information around the clock.

62. FireEye

Website: https://www.fireeye.com/

On this blog, you will find both cybersecurity business news and consumer news as well as tips to keep your data safe.

63. Andrew Hay

Website: https://www.andrewhay.ca/

Having worked at OpenDNS, DataGravity, and CloudPassage, Andrew is quite the expert in cybersecurity and he shares news about the industry.

64. Flying Penguin

Website: https://www.flyingpenguin.com/

A team of the most remarkable cybersecurity experts post news on the website every day.

65. Security Weekly.

Website: https://securityweekly.com/

On Security Weekly, you can read news articles, listen to radio and watch podcasts related to cybersecurity.

66. Arstechnica

Website: https://arstechnica.com/

The security section of Arstechnica reports the most recent news related to cybersecurity in all its aspects.

67. Veracode

Website: https://www.veracode.com/blog

Focused on mobile security and hacking, the experts at Veracode know exactly what to report to their readers.

68. CIO Security.

Website: https://www.cio.com/

The security section on CIO security posts the most recent news and research in the cybersecurity industry.

69. SANS.

Website: https://www.sans.org/security-awareness-training

If you are looking for more than cybersecurity news, SANS will also provide you with training. Their news are reliable and trusted.

70. The Guardian ISH

Website: https://www.theguardian.com/media-network/information-security

The information section hub of the guardian is packed with news and content is added everyday.

71. Ycombinator

Website: https://news.ycombinator.com/

It may not be a flashy website, but ycombinator’s news section perfectly reports fresh cybersecurity news.

72. Homeland Security News Wire

Website: http://www.homelandsecuritynewswire.com/topics/cybersecurity

The cybersecurity section on HSNW is one of the best sources of news related to that particular industry.

73. Inside Cybersecurity

Website: https://insidecybersecurity.com/

This is oriented for business people as it brings them cybersecurity business news and keep the professionals up to date.

74. Secure List

Website: https://securelist.com/

There is no one to provide news than an expert and Secure List is directly funded by Kaspersky Lab, making it one of the most reliable sources of cybersecurity news.

75. BSSI2

Website: https://www.bssi2.com/blog/

The writers at BSSI2 are expert IT professionals who post informative articles and news.

76. Microsoft Malware Protection

Website: https://www.microsoft.com/security/blog/product/windows/

If you would like to receive news and alerts related to cybersecurity, MMP is a very good way to do that.

77. Cyber Ark.

Website: https://www.cyberark.com/blog/

Like many websites in this top 100 cybersecurity news websites, Cyber Ark’s goal is to help you keep your self safe form malicious attacks.

78. Vipre

Website: https://www.vipre.com/blog/

If you are looking forward to be informed about advanced cyber threats, Vipre is the one website you should follow.

79. CNET

Website: https://www.cnet.com/topics/security/

The security section of CNET offers the readers all they need to know about cybersecurity by providing news and articles.

80. CERIAS

Website: https://www.cerias.purdue.edu/site/news

Alongside with cybersecurity news, CERIAS provides its visitors with tools and learning resources to battle against cybersecurity.

81. Electronic Frontier Foundation

Website: https://www.eff.org/deeplinks

EFF is all about cybersecurity consumer news. They specialize in securing civil liberties online. They will keep you updated with the recent developments.

82. Knowb4

Website: https://blog.knowbe4.com/

You will be kept updated about the most recent cybercrime methods and techniques and how to prevent them from happening to you.

83. TechNews.

Website: https://www.technewsworld.com/

From hacking to privacy, you will find news about anything related to cybersecurity.

84. Architect Security.

Website: https://architectsecurity.org/

April C. Wright both publishes news and teaches people to stay safe again cybercrime. She writes about personal privacy, hackers, risk management and more.

85. AFCEA

Website: https://www.afcea.org/

AFCEA provide its visitors with news in the global security and intelligence sectors.

86. PCmag.

Website: https://me.pcmag.com/en/

PC mag’s security section provides the most valuable information and the most recent news to its readers.

87. Computer World

Website: https://www.computerworld.com

It is one of the leading websites in the IT and Computer business, they do not however, neglect cybersecurity news.

88. The Register.

Website: https://www.theregister.com/

If you are a professional, this is your go to website for cybersecurity and IT news.

89. Digital Guardian

Website: https://digitalguardian.com/blog

There are many articles on cybersecurity available on the website already, and each day, they add more news for their readers.

90. Peerlyst.

Website: https://www.peerlyst.com/

Peerlyst is trusted by professionals, businesspersons and individuals who have interest in cybersecurity.

91. Global Sign

Website: https://www.globalsign.com/en/blog

The blog section in on Global Sign is home to several articles about cybersecurity. News are added on daily basis.

92. Security Boulevard

Website: https://securityboulevard.com/

With over 320 member blogs, security boulevard has become home to cybersecurity experts and people interested in the subject.

93. IT Pro Portal

Website: https://www.itproportal.com/

This website has more to offer than news of cybersecurity. It also provides the readers with reviews and several features about the subject.

94. Stay Safe Online.

Website: https://staysafeonline.org/

Stay Safe Online is directly powered by the NCSA and is therefore known for providing the most accurate and fresh news about everything related to cybersecurity.

95. Mashable Cybersecurity.

Website: https://me.mashable.com/cybersecurity

You have probably heard of Mashable, but id you know they have a cybersecurity section? Now you do, and in it, you will find the most recent news.

96. Hot For Security.

Website: https://hotforsecurity.bitdefender.com/

Powered by Bitdefener, Hot for security is quickly claiming its spot in the top cybersecurity news websites.

97. TechCrunch Security.

Website: https://techcrunch.com/tag/security/

Tech Crunch needs no introduction. Although they do not post frequently, their security section is one of the most reliable on this list

98. Malware Bytes

Website: https://blog.malwarebytes.com/

Being the leader is safety and cybersecurity, Malware Bytes Lab provides its readers with unlimited amount of information and news.

99. Symantec Blog

Website: https://symantec-enterprise-blogs.security.com/blogs/

Symantec Company is specialized in providing assisting cybersecurity services for individuals, companies and even governments. Their blog s news-packed.

100. McAfee Security

Website: https://www.mcafee.com/blogs/

There is no doubt you have heard of the name, but have you checked the blog? You will find the latest news and a variety of informative articles.