Manage
Learn to apply best practices and optimize your operations.
Manage
Learn to apply best practices and optimize your operations.
How the STARTTLS Everywhere initiative will affect surveillance
The EFF's STARTTLS Everywhere initiative encrypts email during delivery and aims to prevent mass email surveillance. Expert Michael Cobb explains how STARTTLS works. Continue Reading
How Azure AD uses cloud access control to protect credentials
Features such as Microsoft Azure AD Smart Lockout and Password Protection add security via trusted authentication. Learn more about cloud access control from expert Ed Moyle. Continue Reading
How hard-coded credentials threaten ICS security
Hard-coded credentials open industrial control systems up to unauthorized access by malicious actors and threaten ICS security. Expert Ernie Hayden explains the threat and what enterprises can do about it. Continue Reading
-
Red team assessments and post-assessment posture improvement
Testing an organization's security maturity is crucial for an organization to improve their post-assessment posture. Learn how red teaming can help this situation with Matt Pascucci. Continue Reading
SamSam ransomware: How can enterprises prevent an attack?
SamSam ransomware infected the Colorado DOT after hitting hospitals, city councils and companies. Learn how this version differs from those we've seen in the past. Continue Reading
How does Google's new detection model find bad Android apps?
Malicious apps have been a consistent problem for the Google Play Store, so a new detection model has been released to help clean it up. Learn how this system works with Nick Lewis.Continue Reading
How can a 13-year-old configuration flaw affect SAP systems?
Cybersecurity vendor Onapsis found a 13-year-old flaw that affects nine out of 10 SAP NetWeaver systems. Learn how the flaw affects SAP systems with expert Judith Myerson.Continue Reading
Why container orchestration platforms risk data exposure
Container orchestration platforms expose interfaces and create the risk of data exposure and unauthorized access. Expert Dave Shackleford explains why these risks exist in enterprises.Continue Reading
My Cloud EX2: How can this device expose unauthorized data?
SpiderLabs discovered My Cloud EX2 backup devices exposing unauthorized HTTP requests. Join Judith Myerson as she explains how this happens, as well as the impact on DLNA devices.Continue Reading
How new cybersecurity problems emerge from fake news
As fake news continues to emerge, new cybersecurity challenges for IT professionals arise. Learn why we should continue to care about cyber propaganda and what we can do.Continue Reading
-
LG network: How can attackers use preauthenticated commands?
A vulnerability was found in the LG network involving remote preauthenticated commands. Learn how researchers created a malicious password to show how it issue can be abused.Continue Reading
How does an IMSI catcher exploit SS7 vulnerabilities?
A warning was issued by the Department of Homeland Security regarding the exploitation of SS7 vulnerabilities by IMSI catchers. Learn how this puts mobile communication at risk.Continue Reading
How is Oracle Micros POS affected by CVE 2018-2636?
A security researcher found a security flaw dubbed CVE-2018-2636 that enables the installation of malware on Oracle Micros POS systems. Learn more about the vulnerability.Continue Reading
OneLogin security chief delivers new security model
How did cloud identity and access management vendor OneLogin rebuild its security after a breach? We ask OneLogin security chief Justin Calmus.Continue Reading
What is missing from the NIST/DHS botnet security report?
The joint DHS and NIST report on botnet security offers goals and action items to counter distributed cyberthreats. Learn the report recommendations with expert Nick Lewis.Continue Reading
How to mitigate the Efail flaws in OpenPGP and S/MIME
Efail exploits vulnerabilities in the OpenPGP and S/MIME standards to reveal the plaintext in encrypted emails. Learn more about the Efail vulnerabilities from expert Michael Cobb.Continue Reading
Skygofree Trojan: What makes this spyware unique?
Android malware was discovered by Kaspersky Labs and named Skygofree. This Trojan targets smartphones and tablets using spyware and gathers user information and app data.Continue Reading
Ransomware recovery: How can enterprises operate post-attack?
A report detailed how Maersk recovered its infrastructure from a NotPetya ransomware attack along with its chosen recovery option. Expert Nick Lewis explains how it worked.Continue Reading
10 unified access management questions for OneLogin CSO Justin Calmus
Enterprise security veteran Justin Calmus, who describes himself as an avid hacker, joined OneLogin as the CSO earlier this year. After last year's breach, who would want this job?Continue Reading
Okiru malware: How does this Mirai malware variant work?
A Mirai variant has the ability to put billions of devices at risk of becoming part of a botnet. Discover how this works and what devices are at risk with expert Nick Lewis.Continue Reading
How criticality analysis benefits from an entropy engineer
NIST published 'Criticality Analysis Process Model: Prioritizing Systems and Components' to guide organizations when prioritizing systems. Discover the key processes with Judith Myerson.Continue Reading
How online malware collection aids threat intelligence
Threat intelligence can facilitate cloud-based malware collection, which has value for enterprise cybersecurity. Expert Frank Siemons discusses collecting and analyzing malware.Continue Reading
How do SDKs for ad networks cause data leaks?
SDKs made user data susceptible to security vulnerabilities in mobile apps. Expert Michael Cobb explains how this security vulnerability put user data at risk.Continue Reading
What to do when IPv4 and IPv6 policies disagree
Unfortunately for enterprises, IPv4 and IPv6 policies don't always agree. Fernando Gont examines the differences between these two security policies, as well as some filtering rules.Continue Reading
Security data scientists on how to make your data useful
Data science and machine learning can reveal valuable security information that would otherwise remain hidden in large data sets. Security data scientists can be hard to find and may be out of reach for most organizations. Even without these skill ...Continue Reading
Tom Van Vleck on the Multics operating system, security decisions
Time-sharing systems got a lot right from a security standpoint. "We aimed toward a completely lights-out, 'no chance for mistakes' interface," says the security researcher.Continue Reading
Fannie Mae CISO calls for more data on security incidents
Chris Porter's years as a lead analyst and author of Verizon's Data Breach Investigations Report helped prepare him for the chief of security role at the primary housing lender.Continue Reading
Not enough information security analysts, despite higher wages
Survey data on global skills shortages does not show significant changes, even as companies turn to strategies such as security automation to make security teams more efficient.Continue Reading
Overwhelmed by security data? Science to the rescue
Security teams increasingly use large data sets from their networks to find hidden threats. Why companies should embark on their own data science and machine learning initiatives.Continue Reading
Why third-party access to data may come at a price
Google and other platform companies dangled not only APIs but access to user data from unwitting customers to attract third-party developers and other partners.Continue Reading
Citrix's Peter Lefkowitz on impact of GDPR privacy requirements
New consumer privacy laws are changing the global privacy landscape. Citrix's Peter Lefkowitz explains how Citrix is approaching GDPR compliance and privacy issues in general.Continue Reading
Powerhammering: Can a power cable be used in air-gapped attacks?
Air-gapped computers subject to PowerHammer attack: Proof-of-concept attack enables data exfiltration through control of current flow over power cables.Continue Reading
How to identify and protect high-value data in the enterprise
Protecting data in the enterprise is a crucial but challenging task. Expert Charles Kao shares key steps and strategies to consider to identify and protect high-value data.Continue Reading
Cisco's chief privacy officer on the future of data after GDPR
Michelle Dennedy, vice president and chief privacy officer at Cisco, discusses her company's approach to meeting the requirements of the EU's General Data Protection Regulation.Continue Reading
Bouncy Castle keystore: How are files vulnerable to brute force?
BKS files are being exposed to hash collisions, enabling hackers to use brute force attacks against C# and Java applications. Learn how this occurs and possible solutions with Judith Myerson.Continue Reading
How did a Navarino Infinity flaw expose unauthenticated scripts?
Navarino Infinity, a satellite communication system, found and fixed a flaw that exposed an unauthenticated script. Discover what threats this flaw enabled with Judith Myerson.Continue Reading
Trojan.AndroidOS.Loapi: What is this jack-of-all-trades malware?
Kaspersky researchers found a new Android malware that can physically harm phones. Learn how this works and the steps to mitigate the attack with expert Nick Lewis.Continue Reading
Zealot campaign: How is the Apache Struts vulnerability used?
The Zealot campaign discovered by F5 Networks uses the same Apache Struts vulnerability exploited in the Equifax breach. Learn how else it performs cryptomining with Nick Lewis.Continue Reading
Spider ransomware: How do ransomware attacks differ?
Spider ransomware has been found spreading malicious files via a phishing campaign that gives victims a 96-hour deadline. Learn how this attack is similar to past attacks with Nick Lewis.Continue Reading
Drupalgeddon 2.0: Why is this vulnerability highly critical?
A recently discovered Drupal vulnerability in its open source CMS allowed attackers to control websites. Learn how almost one million sites were affected with Michael Cobb.Continue Reading
How to stop malicious browser add-ons from taking root
Researchers at Malwarebytes discovered several new browser extension threats. Discover how to avoid and properly removed malicious add-ons with expert Nick Lewis.Continue Reading
How can cryptojacking attacks in Chrome be stopped?
Google instituted an aggressive ban on all cryptomining extensions for Chrome after cryptojacking attacks started to become more common. Learn how the ban works with Michael Cobb.Continue Reading
What are the implications of DNS over HTTPS for privacy?
With enterprises testing DNS over HTTPS to encrypt domain name traffic, some fear the potential privacy issues. Discover the challenges and benefits of the new protocol.Continue Reading
The threat of shadow admins in the cloud to enterprises
Having shadow admins in the cloud means unauthorized users can access everything a legitimate administrator can. Expert Ed Moyle explains how this works and how to stop it.Continue Reading
What effect does GDPR have on the WHOIS database?
With GDPR in effect, ICANN proposed redacting information from the WHOIS database. Expert Michael Cobb discusses what this could mean for the domain database.Continue Reading
Common security oversights within an AWS environment
There's often an assumption that AWS systems can't be tested, as they're hosted in the cloud; however, this is not the case. Discover common security oversights in AWS environments.Continue Reading
How cyber resiliency is achieved via NIST's 14-step approach
Improving cyber resiliency helps organizations manage risk. Discover the 14 techniques NIST has identified to help achieve cyber resiliency with expert Judith Myerson.Continue Reading
Why a zero-trust network with authentication is essential
Zero-trust networks are often deemed compromised and untrusted, making authentication variables essential to security. Expert Matthew Pascucci explains a zero-trust security model.Continue Reading
How to use Packetbeat to monitor Docker container traffic
Docker containers can help secure cloud applications, but malicious traffic can still move to and from those containers on a network. Dejan Lukan explains how to use Packetbeat to monitor such threats.Continue Reading
Microsoft CredSSP: How was it exploited by CVE-2018-0886?
The CVE-2018-0886 vulnerability found within Microsoft's CredSSP was recently patched. Discover what this vulnerability is and how it affects the CredSSP protocol with Judith Myerson.Continue Reading
How can a text editor plug-in enable privilege escalation?
Developers use text editors to enhance efficiency in the workplace even though they require vulnerable third-party plug-ins. Discover these vulnerabilities with Judith Myerson.Continue Reading
Insider threats: Preventing intellectual property theft
IP theft is often committed by insiders or disgruntled employees who feel entitled to information. Peter Sullivan explains the threat and how to prevent these insider attacks.Continue Reading
How are air-gapped computers put at risk by the Mosquito attack?
Researchers recently discovered Mosquito -- an air-gapped attack that bites computers to put air-gapped networks at risk. Discover the logistics of this technique with Judith Myerson.Continue Reading
Identify gaps in cybersecurity processes to reduce organizational risk
Organizational risk is a given at modern companies. But as threats persist, identifying preventable cybersecurity gaps presents an opportunity to strengthen enterprise defenses.Continue Reading
How did the Panera Bread website expose customers?
Panera Bread website users were put at risk after a security researcher discovered a vulnerability relating to a lack of authentication for their publicly available API endpoint.Continue Reading
How white hat hackers can tell you more than threat intelligence
White hat hackers can play a key role in assessing threats lurking on the dark web. Discover what traditional threat intelligence isn't telling you and how white hats can help.Continue Reading
How does UBoatRAT use Google services and GitHub to spread?
A new remote access Trojan called UBoatRAT was found spreading via Google services and GitHub. Learn how spotting command-and-control systems can protect enterprises with Nick Lewis.Continue Reading
Golden SAML: How can it abuse SAML authentication protocol?
CyberArk researchers created an attack called Golden SAML that uses Mimikatz techniques and applied it to a federated environment. Learn more about the attack with Nick Lewis.Continue Reading
How to use the OODA loop to improve network security
The OODA loop can be used to establish cyber deception against hackers to improve network security. Learn the OODA steps and how they can be applied to security with Kevin Fiscus.Continue Reading
Scarab ransomware: How do botnets alter ransomware threats?
The use of botnets to spread Scarab ransomware intensifies the threat for enterprises. Discover the best way to respond to such a threat and protect data with Nick Lewis.Continue Reading
Fake WhatsApp app: How can counterfeit apps be avoided?
After a fake WhatsApp app was discovered in the Google Play Store, users are questioning what can be done to avoid counterfeit apps. Learn several techniques with Nick Lewis.Continue Reading
AVGater vulnerability: How are antivirus products impacted?
A security researcher recently discovered a new vulnerability -- the AVGater vulnerability -- that puts antivirus products at risk. Discover how this vulnerability works with Nick Lewis.Continue Reading
How can domain generation algorithms be used to bypass ad blockers?
An ad network used domain generation algorithms to bypass ad blockers and launch cryptomining malware. Expert Michael Cobb explains how and the best way to prevent these attacks.Continue Reading
How does a SAML vulnerability affect single sign-on systems?
Researchers at Duo Security discovered a SAML vulnerability that enabled attackers to dupe single sign-on systems. Expert Michael Cobb explains how the exploit works.Continue Reading
How lattice-based cryptography will improve encryption
As the prospect of quantum computing-based attacks grows, the need for stronger encryption increases. Expert Michael Cobb discusses lattice-based cryptography as an option.Continue Reading
What risks do untrusted certificates pose to enterprises?
Researchers found that untrusted certificates are still used on many major websites. Expert Michael Cobb discusses the security risks of sticking with these certificates.Continue Reading
How entropy sources help secure applications with SDLC
Some applications need cryptographic algorithms to test and work properly. Expert Judith Myerson discusses this division in terms of the software development lifecycle.Continue Reading
CISOs face the IoT security risks of stranger things
The internet of things, by its very design, extends enterprise technology infrastructure further and further out, computerizing devices whose functions, if corrupted, could have catastrophic results. The sheer scope of internet-connected devices is ...Continue Reading
Business email compromise moves closer to advanced threats
The sophisticated techniques used in BEC scams differ from other email fraud in the steps taken to construct the criminal campaign. Here's how to stop these APT-style attacks.Continue Reading
Insider threat report tracks annual cost of theft, carelessness
The Ponemon Institute study "2018 Cost of Insider Threats" examines the cost to companies victimized by material insider threat incidents during the past 12 months.Continue Reading
Walmart's Jerry Geisler on the CISO position, retail challenges
A global CISO in charge of one of the world's largest cybersecurity programs got his start on the retail floor. He's arrived just in time for the digital transformation.Continue Reading
Stranger things: IoT security concerns extend CISOs' reach
The internet of things has drastically expanded the scope of what enterprises need to protect, adding challenges big and small to CISOs' responsibilities.Continue Reading
Cybercrime study: Growing economic ecosystem spells trouble
New research shows that cybercriminals are gaining momentum with connected infrastructure and collectively earning billions annually from a cybercrime economy. Now what?Continue Reading
How layered security can help and hinder application security
The growth of technology includes the growth of layered security. Join expert Kevin Beaver as he explains the pros and cons of layered defenses for application security.Continue Reading
How has a Broadcom flaw affected the Lenovo ThinkPad?
A previously disclosed flaw found in Broadcom's Wi-Fi controller chips is now believed to affect the Lenovo ThinkPad. Learn how this vulnerability works with expert Judith Myerson.Continue Reading
How do BGP flaws affect Quagga routing software?
Multiple Border Gateway Protocol vulnerabilities were found impacting security in the Quagga routing software. Expert Judith Myerson explains how these flaws impact systems.Continue Reading
How are Linear eMerge E3 systems vulnerable to attacks?
ICS-CERT issued a warning about a new vulnerability in Nortek Linear eMerge E3 products. Discover what this vulnerability is and how it affects access control for enterprises.Continue Reading
How was a Cisco firewall vulnerability exploited by threat actors?
Threat actors exploited a critical Cisco firewall vulnerability that received a CVSS score of 10. Discover how this flaw works and how it was exploited with Judith Myerson.Continue Reading
How did Strava's Global Heatmap disclose sensitive U.S. info?
Fitness tracking app Strava released its Global Heatmap that unknowingly disclosed routes of U.S. soldiers. Discover how this happened and how geolocation data can be blocked.Continue Reading
How the Meltdown and Spectre vulnerabilities impact security
The Meltdown and Spectre vulnerabilities impact the physical and hardware security of systems, making them extremely difficult to detect. Learn how to prevent these attacks with Nick Lewis.Continue Reading
DeOS attacks: How enterprises can mitigate the threat
An increase in DeOS attacks has been reported just as the 'Cisco 2017 Midyear Cybersecurity Report' predicted. Learn how these attacks target off-site backups with David Geer.Continue Reading
How does the Terror exploit kit spread through malicious ads
Zscaler recently discovered a malvertising campaign that spreads the Terror exploit kit through malicious ads. Discover more about the threat with expert Nick Lewis.Continue Reading
How does a DDE attack exploit Microsoft Word functionality?
The SANS Internet Storm Center discovered a DDE attack spreading Locky ransomware through Microsoft Word. Learn what a DDE attack is and how to mitigate it with expert Nick Lewis.Continue Reading
Three IoT encryption alternatives for enterprises to consider
The use of cryptography alternatives for IoT devices grants users certain benefits and potential security challenges. Learn more about each alternative with expert Judith Myerson.Continue Reading
How security automation and orchestration impacts enterprises
The use of security automation and orchestration systems is on the rise, as they have the ability to provide automatic responses to threats. Learn how this benefits the enterprise.Continue Reading
IoT botnets: How are new Mirai variants impacting systems?
An increase of IoT botnets has been seen since the Mirai malware source code was leaked. Learn how the new variants pose to be a serious threat to IoT devices with Michael Cobb.Continue Reading
How the BloodHound tool can improve Active Directory security
Auditing Active Directory can be made easier with tools like the open source BloodHound tool. Expert Joe Granneman looks at the different functions of the tool and how it can help.Continue Reading
How a Blizzard DNS rebinding flaw put millions of gamers at risk
A Blizzard DNS rebinding flaw could have put users of its online PC games at risk of attack. Expert Michael Cobb explains how a DNS rebinding attack works and what to do about it.Continue Reading
Cloud security threats in 2018: Get ahead of the storm
Consistent security for all data from cloud providers and third-party partners is what many consider the next evolution of cloud. The biggest cloud security threats for most companies, however, result from in-house staff mistakes, lack of patching ...Continue Reading
Marcus Ranum decodes hardware vulnerabilities with Joe Grand
Computer hardware designs with dangerous security flaws? That's no surprise to renowned hardware hacker Grand.Continue Reading
Healthcare CISO: 'Hygiene and patching take you a long way'
Cybersecurity and healthcare can get along, according to CISO Joey Johnson, who leads the security program at Premise Health, but it takes patience and attention to the details.Continue Reading
AWS S3 bucket security falls short at high-profile companies
Everyone is putting their data in the cloud, from IT staff to department heads. With functionality galore, basic security measures too often go unchecked.Continue Reading
CISO survey paints a grim picture: Weak staff, breach fears
Roughly 60% of CISOs expect phishing scams, malware disruptions and cyberattacks that cause 'significant downtime' to affect their company in 2018.Continue Reading
New cloud threats as attackers embrace the power of cloud
Safeguarding your critical data is getting harder as threat actors embrace the advantages -- and missteps -- of cloud. Here's what to watch out for in 2018.Continue Reading
Cost of data privacy breach may not be enough
While the European Union is taking major steps to protect residents' data privacy, little has happened in the United States, even after Equifax and Facebook.Continue Reading
Do CISOs need computer science degrees?
Equifax's CISO came under fire for having a music degree. David Shearer, CEO of (ISC)2, discusses what type of education infosec professionals should have.Continue Reading
How are logic devices like WAGO PFC200 used by hackers?
The Department of Homeland Security warned of a vulnerability affecting WAGO PFC200 logic devices. Discover how this flaw enables threat actors with expert Judith Myerson.Continue Reading
CPE for CISSP: Top 10 ways to master continuing education
Who says you can't have fun while earning CPE credits to maintain your CISSP certification? Check out the top 10 creative ways to meet CISSP continuing education requirements.Continue Reading
Zyklon malware: What Microsoft Office flaws does it exploit?
Zyklon malware targets three previously patched Microsoft Office vulnerabilities. Learn how attackers can access passwords and cryptocurrency wallet data with expert Judith Myerson.Continue Reading
How can a Moxa MXview vulnerability be exploited by hackers?
A vulnerability was found in Moxa MXview -- a software used to visualize network devices and physical connections. Learn how this vulnerability can enable privilege escalation.Continue Reading