Business Management: Security Support and Executive Communications
-
Feature
02 Jun 2021
What is secure remote access in today's enterprise?
Out with the old, in with the new. The meaning of secure remote access, and how organizations achieve it, is changing. Here's what you need to know. Continue Reading
-
Podcast
01 Jun 2021
Risk & Repeat: Security startups and trends from RSAC 2021
Analyst Carla Roncato of Enterprise Strategy Group weighs in on RSA Conference and the security startups featured during the show's Innovation Sandbox competition. Continue Reading
-
Tip
01 Jun 2021
Who is responsible for secure remote access management?
The pandemic exposed the need for a strong secure remote access strategy. Now, organizations need to figure out which team must make it happen. Continue Reading
-
Feature
28 May 2021
Inept cybersecurity education and training feed into skills gap
Learn why former infosec instructor and author of 'How Cybersecurity Really Works' advocates for changes to security education and training to alleviate the industry skills gap. Continue Reading
-
Feature
28 May 2021
Network reconnaissance techniques for beginners
In this excerpt of 'How Cybersecurity Really Works,' author Sam Grubb breaks down common network reconnaissance techniques used by adversaries to attack wired networks. Continue Reading
-
Feature
28 May 2021
MDM vs. MAM: What are the key differences?
Mobile workers are productive and even essential to business success. But IT has to protect corporate apps and data -- as well as worker privacy -- via MDM, MAM or both. Continue Reading
-
News
27 May 2021
DHS opens valve on new pipeline security requirements
The U.S. government has put forward a trio of new cybersecurity requirements for companies that operate oil and gas pipelines, including incident reporting and risk assessment. Continue Reading
-
Guest Post
27 May 2021
3 steps to zero-day threat protection
Don't let a zero-day threat bring down your networks. Follow these three steps to prepare for the unknown and minimize potential damage. Continue Reading
-
Feature
27 May 2021
Apiiro wins RSA Conference Innovation Sandbox Contest
Apiiro's automated Code Risk Platform analyzes enterprise software for material changes that can lead to security vulnerabilities, data exposures and compliance risks. Continue Reading
-
News
26 May 2021
Rowhammer reach extended for new attack method
Google researchers discovered a bit-flipping hardware trick can now be carried out across extra rows of transistors, circumventing protections against the attack technique. Continue Reading
-
News
26 May 2021
US agencies lack supply chain best practices post-SolarWinds
Vijay D'Souza, the GAO's director of IT and cybersecurity, said during a joint hearing that 'none of the agencies have fully implemented our recommendations.' Continue Reading
-
News
25 May 2021
Operational technology is the new low-hanging fruit for hackers
FireEye researchers say exposed and poorly guarded industrial systems are being increasingly compromised by low-skill hackers using entry-level exploit techniques. Continue Reading
-
News
25 May 2021
Chaos in Maricopa County: The election audit explained
The controversy about an election audit of Maricopa County, Ariz., involves accusations of deleted databases, bamboo fibers and potentially ruined voting machines. Continue Reading
-
Podcast
25 May 2021
Risk & Repeat: Recapping RSA Conference 2021
Election security, nation-state threats and supply chain attacks were major topics at this year's RSA Conference, which was held as a virtual event. Continue Reading
-
Quiz
25 May 2021
Try this cloud identity and access management quiz
Remote work and increased cloud adoption have dramatically changed identity and access management. Take this cloud IAM quiz for infosec pros to see if your knowledge is up to date. Continue Reading
-
Quiz
25 May 2021
Cryptography quiz questions and answers: Test your smarts
Put your encryption knowledge to the test, and perhaps even learn a new word or concept in the process with these cryptography quiz questions. Continue Reading
-
News
24 May 2021
Conti ransomware spree draws FBI attention
Hospitals and emergency service networks in the U.S. are at heightened risk from the new ransomware operation that disrupted Ireland's healthcare system in recent weeks. Continue Reading
-
Guest Post
24 May 2021
Why cloud changes everything around network security
Vishal Jain examines why the data center mindset doesn't work for network security when it comes to using the public cloud and how companies should think instead. Continue Reading
-
Guest Post
24 May 2021
Embrace speed and security for your cloud security strategy
As companies solidify their cloud security strategies, they need to ensure that they're considering where they're at now, governance needed and metrics to follow. Continue Reading
-
News
21 May 2021
Stale sessions, ML poisoning among 2021's top security threats
An all-star security panel at RSA Conference discusses the biggest issues facing companies today and what it thinks will emerge as the top threats in the coming months. Continue Reading
-
Feature
21 May 2021
RSA Conference 2021: 3 hot cybersecurity trends explained
In a lightning round session at RSA Conference, ESG analysts discussed three of the hottest topics in cybersecurity in 2021: zero trust, XDR and SASE. Continue Reading
-
Feature
21 May 2021
How to secure remote access for the hybrid work model
With the post-COVID-19 hybrid work model taking shape, discover the technologies and trends analysts and IT leaders view as the anchors to ensure secure remote access. Continue Reading
-
News
20 May 2021
U.S. officials discuss 2020 election security, misinformation
During an RSA Conference 2021 panel, the CISO for Maricopa County, Ariz., said misinformation posed a bigger challenge for election officials than actual cyberattacks. Continue Reading
-
News
20 May 2021
Infosec experts: Threat landscape is worst in 60 years
Between an increasing sophistication seen in nation-state groups and a rise in ransomware that's affecting everyone, the threat landscape may be reaching a historic peak. Continue Reading
-
News
20 May 2021
CrowdStrike breaks down 'Golden SAML' attack
The nightmare scenario, demonstrated at RSA Conference 2021, was used by threat actors in the SolarWinds breach and gave them control over both cloud and on-premises systems. Continue Reading
-
Tip
20 May 2021
Create a remote access security policy with this template
The expansion of remote work has created complicated security risks. Get help developing and updating a remote access security policy. Download our free template to get started. Continue Reading
-
Feature
20 May 2021
4 ways to handle the cybersecurity skills shortage in 2021
More than half of cybersecurity pros say their organizations could do more to manage negative effects of the skills shortage, such as overwork and burnout. Find out how. Continue Reading
-
News
19 May 2021
SentinelOne: More supply chain attacks are coming
At RSA Conference 2021, SentinelOne threat researcher Marco Figueroa discussed the implications of the SolarWinds attacks, which he called one of the biggest hacks ever. Continue Reading
-
News
19 May 2021
SolarWinds CEO: Supply chain attack began in January 2019
SolarWinds CEO Sudhakar Ramakrishna clarified earlier remarks from the company and said the massive supply chain attack was not the result of an intern's mistake. Continue Reading
-
News
19 May 2021
Cisco shares lessons learned in zero-trust deployment
The networking giant explained at RSA Conference 2021 how it was able to deploy a company-wide zero trust model in less than six months, and what it learned along the way. Continue Reading
-
Tip
19 May 2021
How to build a cloud security observability strategy
Security observability in the cloud involves more than workload monitoring. Read up on the essential observability components and tools needed to reap the security benefits. Continue Reading
-
Feature
19 May 2021
12 essential features of advanced endpoint security tools
In addition to protecting an organization's endpoints from threats, IT administrators can use endpoint security tools to monitor operation functions and DLP strategies. Continue Reading
-
News
18 May 2021
Attorneys share worst practices for data breach response
Angry emails, bad jokes and sloppy reports can all lead to legal headaches following a data breach, according to a panel of experts at RSA Conference 2021. Continue Reading
-
News
18 May 2021
McAfee CTO: Use data to make better cyber-risk decisions
According to McAfee CTO Steve Grobman, the best response to today's cyber-risks includes both human and technology-based solutions, like threat intelligence and good security hygiene. Continue Reading
-
News
18 May 2021
Neuberger calls for shift in software supply chain security
In an RSA Conference keynote, Anne Neuberger, deputy national security advisor for cyber and emerging technology, said security requires a major "mindset shift." Continue Reading
-
News
18 May 2021
5 ways bad incident response plans can help threat actors
Infosec executives from Netskope and Chipotle Mexican Grill hosted an RSA Conference session about their personal experiences and lessons learned while responding to attacks. Continue Reading
-
News
18 May 2021
Sophos: 81% of attacks last year involved ransomware
The majority of incidents Sophos responded to in the last year involved ransomware. The company also found the median dwell time of attackers was 11 days. Continue Reading
-
News
17 May 2021
Hackers turn Comcast voice remotes into eavesdropping tool
Guardicore researchers at RSA Conference 2021 manipulated the Xfinity XR11 voice controller to covertly record household conversations, raising concerns about IoT devices. Continue Reading
-
Feature
17 May 2021
Cyber Defense Matrix makes sense of chaotic security market
The Cyber Defense Matrix aims to help CISOs make strategic, informed security investments that weigh cyber risk mitigation in the context of business constraints and goals. Continue Reading
-
News
14 May 2021
'Scheme flooding' bug threatens to sink user privacy
Researchers have uncovered a blind spot in web security that opens the door for tracking across multiple browsers and thwarts common privacy protections like incognito and VPN. Continue Reading
-
Feature
14 May 2021
Endpoint security strategy: Focus on endpoints, apps or both?
Companies know how to secure traditional endpoints, but what about mobile devices outside the network? They should decide if they want to protect devices, apps or both. Continue Reading
-
Tip
14 May 2021
Enterprises mull 5G vs. Wi-Fi security with private networks
While Wi-Fi security can be implemented just as securely as 5G, mechanisms built into 5G offer some compelling benefits to enterprises considering private 5G networks. Continue Reading
-
News
13 May 2021
Verizon DBIR shows sharp increase in ransomware attacks
According to Verizon's latest Data Breach Investigations Report, 60% of ransomware cases involved either direct installation or installation via desktop sharing software. Continue Reading
-
News
13 May 2021
Biden signs executive order to modernize cyberdefenses
Following several high-profile attacks on the federal government, the new executive order seeks to eliminate outdated security practices and improve supply chain security. Continue Reading
-
News
13 May 2021
'FragAttacks' eavesdropping flaws revealed in all Wi-Fi devices
Security researcher Mathy Vanhoef said every Wi-Fi device is impacted by at least one of the 12 vulnerabilities, and most devices are vulnerable to several of the flaws. Continue Reading
-
Answer
13 May 2021
What's the difference between sandboxes vs. containers?
Understanding the differences between sandboxes vs. containers for security can help companies determine which best suits their particular use cases. Continue Reading
-
Tip
13 May 2021
Container vs. VM security: Which is better?
Security professionals often compare containers vs. VMs when determining whether virtualization or containerization is better for their company's security strategy. Continue Reading
-
News
12 May 2021
Hacker makes short work of Apple AirTag jailbreak
A security researcher discovered a jailbreaking method for Apple's new mobile locating tracking devices, which were introduced just last month. Continue Reading
-
News
12 May 2021
Senate hearing raises questions about SolarWinds backdoors
U.S. Department of Commerce CISO Ryan Higgins said in a Senate committee hearing Tuesday that his department was one of first agencies to detect the systemic compromise. Continue Reading
-
News
12 May 2021
DarkSide: The ransomware gang that took down a pipeline
DarkSide may be best known for the Colonial Pipeline ransomware attack, but the gang has hit dozens of organizations since last summer, presenting itself as a Robin Hood-type group. Continue Reading
-
News
12 May 2021
Cyber insurance firm AXA halts coverage for ransom payments
As ransomware attacks increase across the globe and ransom payment reimbursement becomes a key issue for cyber insurers, AXA may be setting a new trend for private industries. Continue Reading
-
News
12 May 2021
Funding is key to strengthening national cybersecurity
In the wake of the Colonial Pipeline ransomware attack, national cybersecurity experts make the case for additional funding during a Senate hearing. Continue Reading
-
News
10 May 2021
Colonial Pipeline runs dry following ransomware attack
A vital U.S. oil supply was shut down to prevent a ransomware infection from spreading from corporate IT systems to more crucial operational technology systems. Continue Reading
-
Feature
10 May 2021
From EDR to XDR: Inside extended detection and response
As the definition of endpoints evolves, so too must the technology to protect them. Enter extended detection and response, or XDR -- one of cybersecurity's hottest acronyms. Continue Reading
-
News
07 May 2021
'Bulletproof' hosts catch RICO charges for aiding cybercriminals
Four men pleaded guilty to RICO conspiracy charges for operating a bulletproof hosting service that provided infrastructure to cybercriminals' operations. Continue Reading
-
Feature
07 May 2021
Despite confusion, zero-trust journey underway for many
Zero trust is a catchy phrase with seemingly lofty goals. Uncover the reality behind one of infosec's hottest buzzphrases, and learn why it's within reach for many companies today. Continue Reading
-
Tip
07 May 2021
How to successfully automate GRC systems in 7 steps
There is more to automating GRC programs than technology alone. This implementation roadmap helps IT leaders effectively plan, deploy and monitor GRC activities and tools. Continue Reading
-
News
06 May 2021
'BadAlloc' vulnerabilities spell trouble for IoT, OT devices
A week after Microsoft revealed 25 memory allocation vulnerabilities in several IoT and OT products, some devices have been patched, while others have not. Continue Reading
-
News
06 May 2021
Popular mobile apps leaking AWS keys, exposing user data
Security researchers at CloudSek discovered approximately 40 popular mobile apps contained hardcoded API secret keys, putting both user information and corporate data at risk. Continue Reading
-
News
06 May 2021
US defense contractor BlueForce apparently hit by ransomware
The Conti ransomware operators demanded nearly $1 million in bitcoin during ransomware negotiations and threatened to publish the defense contractor's data on its leak site. Continue Reading
-
Tip
06 May 2021
How to use CIS benchmarks to improve public cloud security
Safeguarding public cloud environments is a shared responsibility. Cloud customers should use CIS benchmarks to ensure cloud security at the account level. Continue Reading
-
News
06 May 2021
Dell patches high-severity flaws in firmware update driver
SentinelOne discovered the flaws in Dell's firmware update driver in December. There's no evidence that hackers have exploited the 12-year-old vulnerabilities. Continue Reading
-
Feature
06 May 2021
6 ways to spur cybersecurity board engagement
New research suggests corporate boards are paying closer attention to cybersecurity, but experts say progress is still modest and slow. Continue Reading
-
News
05 May 2021
Twilio discloses breach caused by Codecov supply chain hack
Twilio utilizes Codecov tools including the previously compromised Bash Uploader script. It said that a "small number" of customer emails were potentially exposed. Continue Reading
-
News
05 May 2021
Researchers use PyInstaller to create stealth malware
Academic researchers say the application builder could be used to create undetectable attack bundles that bypass many widely used antimalware programs. Continue Reading
-
Feature
05 May 2021
Buyers must navigate cybersecurity market confusion
Customer confusion in the security market stems from the number of new products designed to deal with a growing number of cyberthreats. Experts look at how to navigate it all. Continue Reading
-
News
04 May 2021
Qualys finds 21 vulnerabilities in Exim mail software
Qualys, which discovered the '21Nails' vulnerabilities, said that it did not see evidence of exploitation, but many vulnerabilities are 17 years old and at risk of being exploited. Continue Reading
-
News
03 May 2021
Apple hurries out fixes for WebKit zero-days
Mac and iOS users are urged to patch their devices immediately for Apple WebKit flaws following reports of active exploits in the wild. Continue Reading
-
Guest Post
03 May 2021
Cybersecurity contingency planning needs a face-lift
Following the unexpected craziness of 2020, companies need to sit down and revamp their cybersecurity contingency plan to ensure their business continuity. Continue Reading
-
Podcast
30 Apr 2021
Risk & Repeat: Will the Ransomware Task Force make an impact?
The Institute for Security and Technology's Ransomware Task Force published several recommendations to better address the growing security threat. Will they work? Continue Reading
-
Tip
30 Apr 2021
Types of MDR security services: MEDR vs. MNDR vs. MXDR
Organizations considering MDR security services should look into more tightly focused options hitting the market to find the best one for their security program's needs. Continue Reading
-
Quiz
30 Apr 2021
Security awareness training quiz: Insider threat prevention
Find out how much you know about preventing user-caused cybersecurity incidents through education in this security awareness training quiz for infosec pros. Continue Reading
-
News
29 Apr 2021
Ransomware Task Force takes aim at cryptocurrencies
The Ransomware Task Force released a new report with recommendations on how to tackle the growing ransomware problem, including regulation of cryptocurrency services. Continue Reading
-
Feature
29 Apr 2021
SolarWinds puts national cybersecurity strategy on display
Biden imposed economic sanctions on Russia for its role in the SolarWinds cyber attack. Experts see the response as just one part of a larger national cybersecurity strategy. Continue Reading
-
Feature
29 Apr 2021
Learn how to mitigate container security issues
The more companies embrace application containerization, the more they need to know about container security issues and attack prevention methods. Continue Reading
-
Feature
29 Apr 2021
Adopting containers and preventing container security risks
When it comes to container security risks, organizations often worry about container escapes, but as expert Liz Rice explains, they should focus on prevention and patching. Continue Reading
-
News
28 Apr 2021
Codecov breach raises concerns about software supply chain
So far, only HashiCorp has disclosed a breach connected to the attack on Codecov, but threat researchers have drawn parallels to the SolarWinds supply chain attacks. Continue Reading
-
Guest Post
28 Apr 2021
Cybersecurity key to protect brands in the digital landscape
The digital transformation disrupted the relationship between brand value and risk. Vishal Salvi explains how the right cybersecurity strategy protects both brands and customers. Continue Reading
-
News
27 Apr 2021
Rise in ransom payments may fuel more dangerous attacks
A new report from Coveware found that ransom payments increased significantly in Q1 this year, as did ransomware actors' use of software vulnerabilities in attacks. Continue Reading
-
Feature
27 Apr 2021
Applying web application reconnaissance to offensive hacking
Learn how to apply web application reconnaissance fundamentals to improve both offensive and defensive hacking skills in an excerpt of 'Web Application Security' by Andrew Hoffman. Continue Reading
-
Feature
27 Apr 2021
Collaboration is key to a secure web application architecture
Author Andrew Hoffman explains the importance of a secure web application architecture and how to achieve it through collaboration between software and security engineers. Continue Reading
-
News
26 Apr 2021
Remaining Emotet infections uninstalled by German police
A German federal police action led to all infections of Emotet malware being uninstalled Sunday, following an international police takeover of Emotet infrastructure in January. Continue Reading
-
News
26 Apr 2021
Hackers targeting VPN vulnerabilities in ongoing attacks
As remote work increased during the pandemic, threat actors increasingly targeted known vulnerabilities. Continue Reading
-
Tip
22 Apr 2021
How cloud monitoring dashboards improve security operations
Cloud monitoring dashboards can help security teams achieve visibility in complex, sprawling environments. Learn about cloud-native, third-party and open source deployment options. Continue Reading
-
News
22 Apr 2021
DOJ creates ransomware task force to combat digital extortion
An internal memo from the DOJ said the task force will 'bring the full authorities and resources of the Department' in order to confront the growing threat of ransomware. Continue Reading
-
News
21 Apr 2021
Zero-day flaw in Pulse Secure VPN exploited in attacks
A remote code execution vulnerability found in Pulse Secure VPN appliances has been exploited in attacks affecting government, defense and financial organizations. Continue Reading
-
News
21 Apr 2021
Hackers exploit 3 SonicWall zero-day vulnerabilities
SonicWall patched the zero-day vulnerabilities earlier this month, but the security vendor didn't disclose they were being exploited until Tuesday. Continue Reading
-
News
20 Apr 2021
The wide web of nation-state hackers attacking the U.S.
Cybersecurity experts weigh in on what it means to be a nation-state hacker, as well as the activities and motivations of the 'big four' countries attacking the U.S. Continue Reading
-
Tip
16 Apr 2021
6 SSH best practices to protect networks from attacks
SSH is essential, but default installations can be costly. Auditing and key management are among critical SSH best practices to employ at any organization. Continue Reading
-
Guest Post
16 Apr 2021
Companies must train their SOC teams well to prevent breaches
SOC teams can have all the latest and greatest cybersecurity tools, but unless they have the proper training, it won't be enough to mitigate an attack. Continue Reading
-
Podcast
15 Apr 2021
Risk & Repeat: FBI's web shell removal raises questions
The FBI accessed computers -- without the knowledge or consent of the owners -- to remove hundreds of web shells placed in vulnerable Microsoft Exchange servers. Continue Reading
-
News
15 Apr 2021
Applus inspection systems still down following malware attack
Applus Technologies said it stopped a malware attack two weeks ago, but systems are still down as eight states are forced to extend vehicle inspection dates. Continue Reading
-
Feature
15 Apr 2021
Nation-state hacker indictments: Do they help or hinder?
While there are some benefits to filing criminal charges against nation-state actors, infosec experts say thus far, indictments haven't reduced cyber attacks. Continue Reading
-
Tip
15 Apr 2021
Unify on-premises and cloud access control with SDP
One security framework available to organizations struggling with on-premises and cloud access control issues is a software-defined perimeter. Learn how SDP can help. Continue Reading
-
Tip
15 Apr 2021
Get to know cloud-based identity governance capabilities
As enterprise cloud adoption increases, the market for cloud identity governance is expected to expand. Learn more about the use cases, benefits and available product options. Continue Reading
-
Guest Post
15 Apr 2021
5 cybersecurity testing areas CISOs need to address
With increasing board interest in cybersecurity risk, CISOs need to explain the preventive steps they are taking to have the right cybersecurity testing in place to minimize risk. Continue Reading
-
News
14 Apr 2021
FBI removes web shells from infected Exchange servers
The DOJ announced the FBI had successfully removed hundreds of web shells from computers impacted by ProxyLogon and related Exchange Server vulnerabilities. Continue Reading
-
Quiz
14 Apr 2021
Sample CCISO exam questions on security project management
This excerpt of 'CCISO Certified Chief Information Security Officer All-In-One Exam Guide' explains security project management fundamentals and provides practice CCISO exam questions. Continue Reading
-
Feature
14 Apr 2021
CCISO exam guide authors discuss the changing CISO role
Learn more about EC-Council's Certified CISO exam and how the certification helps CISOs at any organization manage successful infosec programs and a changing threat landscape. Continue Reading
-
News
13 Apr 2021
NSA finds new Exchange Server vulnerabilities
Microsoft said it has not seen the new Exchange Server vulnerabilities being used in attacks against customers, but customers are still advised to patch immediately. Continue Reading