News, Insight and Analysis
News
-
How hackers exploited RCE vulnerabilities in Atlassian, Azure
Barracuda researchers examined exploitation activity and attack patterns for two remote code execution vulnerabilities affecting Atlassian's Confluence and Microsoft's Azure. Continue Reading
-
Researchers hack Apple Pay, Visa 'Express Transit' mode
Academic researchers discover an attack technique that enables them to make fraudulent transactions on locked iPhones when Apple Pay and Visa cards are set up for transit mode. Continue Reading
-
Telegram bots allowing hackers to steal OTP codes
A simplified new attack tool based on Telegram scripts is allowing criminals to steal one-time password credentials and take over user accounts and drain bank funds. Continue Reading
-
Spurned researcher posts trio of iOS zero days
An anonymous bug hunter critical of Apple's handling of reports to its bounty program has released details on three zero-day vulnerabilities in its iOS mobile platform. Continue Reading
-
Symantec: Staging activity observed on Exchange servers
Threat actors appear to be targeting Microsoft Exchange servers with pre-ransomware activity, including one attempt to exfiltrate data. Continue Reading
Get Started
-
SSH2 vs. SSH1 and why SSH versions still matter
The Secure Shell protocol, SSH, was redesigned and released as SSH2 in 2006. While SSH1 lingers for legacy uses, find out how the protocols differ and why it's important. Continue Reading
-
How to secure your home Wi-Fi network in 7 steps
When securing your home Wi-Fi, update devices regularly, change passwords consistently, turn off unused services and inspect outdoor network equipment. Continue Reading
-
From EDR to XDR: Inside extended detection and response
As the definition of endpoints evolves, so too must the technology to protect them. Enter extended detection and response, or XDR -- one of cybersecurity's hottest acronyms. Continue Reading
-
Types of MDR security services: MEDR vs. MNDR vs. MXDR
Organizations considering MDR security services should look into more tightly focused options hitting the market to find the best one for their security program's needs. Continue Reading
-
MDR vs. MSSP: Why it's vital to know the difference
When assessing MDR vs. MSSP, the key is understanding why the two aren't interchangeable and how each handles response. Continue Reading
Evaluate
-
Experts debate XDR market maturity and outlook
Is extended detection response still all buzz and no bite? Experts disagree on whether XDR qualifies as a legitimate market yet or still has a ways to go. Continue Reading
-
Mobile device management vs. mobile application management
Mobile device management and mobile application management do different things but also overlap. Knowing their differences is important. Continue Reading
-
Why zero-trust models should replace legacy VPNs
Many organizations use legacy VPNs to secure their networks, especially in the work-from-home era. Expert Pranav Kumar explains why zero-trust models are a safer option. Continue Reading
-
A deep dive into Fortinet's SASE platform
Despite its strong security foundation, Fortinet's SASE platform lacks a cloud-native strategy and requires teams to stitch the architecture together. Continue Reading
-
How to select an MDR service that's right for your company
A well-engineered managed detection and response system can provide a lot of benefits. But, before deploying an MDR service, determine exactly what you expect from a provider. Continue Reading
Manage
-
5 steps to secure the hybrid workforce as offices reopen
Companies must now face the security challenges of overseeing a hybrid workforce as employees return to the office. Continue Reading
-
6 SSH best practices to protect networks from attacks
SSH is essential, but default installations can be costly. Auditing and key management are among critical SSH best practices to employ at any organization. Continue Reading
-
Unify on-premises and cloud access control with SDP
One security framework available to organizations struggling with on-premises and cloud access control issues is a software-defined perimeter. Learn how SDP can help. Continue Reading
-
5 endpoint security best practices to keep company data safe
With an expanding company perimeter, it's time to implement these endpoint security best practices, from asset discovery to device profiling. Continue Reading
-
Why endpoint security is important and how it works
Organizations and IT admins must understand the fundamental approaches that endpoint security platforms take to secure endpoints and defend against common threats. Continue Reading
Problem Solve
-
6 types of insider threats and how to prevent them
From disgruntled employees to compromised users to third-party vendors, here are six types of insider threats and best practices to mitigate the issues. Continue Reading
-
6 persistent enterprise authentication security issues
Some authentication factors are considered more secure than others but still come with potential drawbacks. Learn about the most common enterprise authentication security issues. Continue Reading
-
3 must-ask post-pandemic questions for CISOs
The worldwide health pandemic has created multiple challenges for today's CISOs and their security teams. Ask these three questions to stay safe in a post-pandemic workplace. Continue Reading
-
How security teams can prevent island-hopping cyberattacks
Learn how to prevent island-hopping cyberattacks to keep hackers from gaining the confidence of a phishing victim who could then accidentally commit corporate financial fraud. Continue Reading
-
Top 2 post-COVID-19 CISO priorities changing in 2020
CISO priorities for 2020 were upended when the COVID-19 pandemic hit. Learn two ways forward-thinking CISOs are planning to deal with the new normal. Continue Reading