Business Management: Security Support and Executive Communications
-
Feature
29 Nov 2022
How to maintain security with an understaffed security team
Unsurprisingly, many companies function without a complete security team. Security tasks often fall to others in the organization. Here's some advice for stand-in security members. Continue Reading
-
News
28 Nov 2022
Infosec researcher reports possible 'massive' Twitter breach
The alleged Twitter breach involves a data set from late 2021 and includes the phone numbers and personal information of millions of users in the U.S. and Europe. Continue Reading
-
Feature
28 Nov 2022
WLAN security: Best practices for wireless network security
Follow these wireless network security best practices to ensure your company's WLAN remains protected against the top threats and vulnerabilities. Continue Reading
-
News
23 Nov 2022
Cybereason warns of fast-moving Black Basta campaign
Threat actors with the Black Basta ransomware-as-a-service group are compromising networks in as little as one hour and stealing sensitive data before disabling DNS services. Continue Reading
-
News
22 Nov 2022
Google's new YARA rules fight malicious Cobalt Strike use
Google's YARA rules detect cracked versions of Cobalt Strike's older releases so that legitimate instances of the red teaming tool, which use the latest version, aren't targeted. Continue Reading
-
Tip
18 Nov 2022
Top metaverse cybersecurity challenges: How to address them
As the metaverse takes shape, companies must consider a slew of new cybersecurity challenges and how to deal with them. Continue Reading
-
News
17 Nov 2022
Magecart malware menaces Magento merchants
Sansec researchers say as many as 38% of commercial customers running the Adobe Commerce and Magento platforms could be infected with Magecart's TrojanOrders malware. Continue Reading
-
Tip
17 Nov 2022
Top 5 vulnerability scanning tools for security teams
Use these five vulnerability scanning tools to find weaknesses and potential exploits in web applications, IT and cloud infrastructure, IoT devices and more. Continue Reading
-
Guest Post
17 Nov 2022
Do companies need cyber insurance?
As cyber insurance costs rise, companies must determine whether they truly need cyber insurance to tackle their increased risk of cyber attacks. Continue Reading
-
Tip
17 Nov 2022
Industrial control system security needs ICS threat intelligence
Threat actors and nation-states constantly try to find ways to attack all-important industrial control systems. Organizations need specialized ICS threat intelligence to fight back. Continue Reading
-
News
17 Nov 2022
CISA: Iranian APT actors compromised federal network
CISA said Iranian nation-state actors exploited Log4Shell flaws on an unpatched VMware Horizon server before deploying a cryptominer and attempting to gain persistent access. Continue Reading
-
Tip
17 Nov 2022
Top Kali Linux tools and how to use them
Learning to use Kali Linux is a journey, the first step of which is discovering which of the hundreds of cybersecurity tools included are most relevant to the task at hand. Continue Reading
-
News
17 Nov 2022
LockBit ransomware activity nose-dived in October
LockBit, the most prolific ransomware group in 2022, had itself a down month as GuidePoint Security researchers reported a 49% decrease in its infections for October. Continue Reading
-
Tip
16 Nov 2022
Reality check: CISO compensation packages run the gamut
A capable security executive is invaluable -- a fact organizations increasingly recognize. CISOs' salaries are generally trending up, but the range in compensation is wide. Continue Reading
-
Podcast
16 Nov 2022
Risk & Repeat: Researchers criticize HackerOne
This podcast episode discusses a recent TechTarget Security article about bug bounty platform HackerOne in which researchers aired several complaints about the company. Continue Reading
-
News
16 Nov 2022
Rapid7 discloses more F5 BIG-IP vulnerabilities
While the severity of the issues is relatively low, F5 devices are commonly targeted by attackers to gain persistence inside a network. Continue Reading
-
Tip
16 Nov 2022
How Wireshark OUI lookup boosts network security
Learn why using Wireshark OUI lookup for tracking devices by their network interface's organizationally unique identifier is such an important tool for security pros. Continue Reading
-
News
15 Nov 2022
Twitter users experience apparent SMS 2FA disruption
The 2FA notification disruption occurred after CEO Elon Musk announced plans to shutter a majority of Twitter's microservices, though reasons for the outage are unconfirmed. Continue Reading
-
News
14 Nov 2022
Moreno Valley school system shores up ransomware defenses
Moreno Valley Unified School District officials discuss the steps they've taken to better protect sensitive data and critical applications against the growing threat of ransomware. Continue Reading
-
News
10 Nov 2022
DOJ charges accused Lockbit ransomware actor
The U.S. Department of Justice filed criminal charges against a Canadian man with dual Russian citizenship who is accused of being part of the LockBit ransomware crew. Continue Reading
-
News
10 Nov 2022
Flashpoint launches new 'ransomware prediction model'
Flashpoint's new model assigns a 'ransomware likelihood' rating for vulnerabilities contained in the VulnDB database, which contains more than 300,000 flaws. Continue Reading
-
Opinion
10 Nov 2022
Secure development focus at KubeCon + CloudNativeCon 2022
The pressure is on. It's time for better security that can keep up with modern software developers. That was the message at this year's KubeCon + CloudNativeCon. Continue Reading
-
Tip
10 Nov 2022
5 essential programming languages for cybersecurity pros
Coding is an important skill across almost every technology discipline today, and cybersecurity is no exception. Learn about the top programming languages for security professionals. Continue Reading
-
News
10 Nov 2022
TrustCor under fire over certificate authority concerns
TrustCor Systems, a certificate authority registered in Panama, is in hot water after a Washington Post report raised questions about its apparent connections to a spyware vendor. Continue Reading
-
Tip
10 Nov 2022
Common lateral movement techniques and how to prevent them
Lateral movement techniques enable attackers to dig deeper into compromised environments. Discover what lateral movement attacks are and four attack techniques. Continue Reading
-
Tip
10 Nov 2022
How to perform a cybersecurity risk assessment in 5 steps
This five-step framework for performing a cybersecurity risk assessment will help your organization prevent and reduce costly security incidents and avoid compliance issues. Continue Reading
-
Opinion
09 Nov 2022
Multichannel communications need more than email security
To remain protected against social engineering attacks in all communication channels, enterprises need new security strategies that extend beyond email to new collaboration tools. Continue Reading
-
Feature
08 Nov 2022
5 ways to overcome multifactor authentication vulnerabilities
Improve the resiliency of multifactor authentication by giving users more information, making default settings more secure, hiding secrets and more. Continue Reading
-
Tip
08 Nov 2022
Types of vulnerability scanning and when to use each
Vulnerability scanning gives companies a key weapon when looking for security weaknesses. Discovery, assessment and threat prioritization are just a few of its benefits. Continue Reading
-
Answer
08 Nov 2022
3 best professional certifications for CISOs and aspiring CISOs
While one doesn't necessarily need professional cybersecurity certifications to become a CISO, they don't hurt. Explore the best certifications for CISOs and aspiring CISOs. Continue Reading
-
Feature
08 Nov 2022
How to build a shadow IT policy to reduce risks, with template
With a shadow IT policy in place, organizations reduce security risks from unapproved applications and services that employees introduce independently. Continue Reading
-
News
07 Nov 2022
Microsoft: Nation-state threats, zero-day attacks increasing
Microsoft's Digital Defense Report 2022 pointed the finger at China, which enacted a new vulnerability disclosure law last year, as the source of many zero-day attacks. Continue Reading
-
News
07 Nov 2022
Nozomi Networks CEO talks OT security and 'budget muscle'
Nozomi Networks CEO Edgard Capdevielle sat down with TechTarget Editorial to discuss the evolution of OT security and the challenge of 'budget muscle' many organizations face. Continue Reading
-
Answer
04 Nov 2022
The 7 core pillars of a zero-trust architecture
Learn how Forrester's seven pillars of zero trust model can help IT leaders identify, organize and implement the appropriate cybersecurity tools for a zero-trust framework. Continue Reading
-
News
04 Nov 2022
Honeywell weighs in on OT cybersecurity challenges, evolution
TechTarget Editorial sat down with Honeywell's Paul Griswold and Jeff Zindel to discuss the rapid growth and evolution of the operational technology cybersecurity industry. Continue Reading
-
News
04 Nov 2022
Yanluowang ransomware gang goes dark after leaks
The Yanluowang ransomware operation appears to have shut down for the time being after an anonymous individual published a series of internal code and chat leaks. Continue Reading
-
News
03 Nov 2022
Ransomware on the rise, hitting schools and healthcare
October ransomware disclosures and public reports tracked by TechTarget Editorial increased from previous months, with notable attacks on education and healthcare organizations. Continue Reading
-
News
02 Nov 2022
U.S. Treasury: Ransomware attacks increased in 2021
A new report from the U.S. Treasury's Financial Crimes Enforcement Network showed an increase in businesses reporting ransomware attacks in the second half of 2021. Continue Reading
-
News
01 Nov 2022
OpenSSL vulnerabilities get high-priority patches
The OpenSSL Project released version 3.0.7 Tuesday to address a pair of high-severity buffer overflow vulnerabilities in the widely used cryptography library. Continue Reading
-
Tip
01 Nov 2022
Ideal CISO reporting structure is to high-level business leaders
CISOs usually report to a high-level executive, but reporting to a top-level business executive like the CEO rather than a technology executive protects the business best. Continue Reading
-
Opinion
31 Oct 2022
Security hygiene and posture management requires new tools
Using multiple tools to address security hygiene and posture management at scale is costly and difficult. A new converged security technology category may be the answer. Continue Reading
-
Feature
28 Oct 2022
Equipment to include in a computer forensic toolkit
Computer forensic investigators require more than software to do their job. Learn what equipment constitutes a complete computer forensic toolkit. Continue Reading
-
Feature
28 Oct 2022
Advice for beginner computer forensic investigators
For those interesting in becoming a computer forensics investigator, learn about the career and what to expect, as well as why digital evidence is the most volatile evidence. Continue Reading
-
Podcast
28 Oct 2022
Risk & Repeat: Microsoft, SOCRadar spar over data leak
This podcast episode discusses threat intelligence vendor SOCRadar's disclosure of a large Microsoft data leak and the contentious exchange between the two companies that followed. Continue Reading
-
Guest Post
28 Oct 2022
It's time to rethink security certification for OT devices
Security certifications don't protect OT devices from vulnerable processes and insecure-by-design practices. It's time to update security certs for the connected OT age. Continue Reading
-
Feature
28 Oct 2022
Enterprise ransomware preparedness improving but still lacking
An Enterprise Strategy Group survey found enterprises are making strides in ransomware preparedness, but work remains to prevent and mitigate attacks. Continue Reading
-
Opinion
27 Oct 2022
How Sheltered Harbor helps banks navigate cyber-recovery
Banks must be able to recover quickly from a cyber attack -- a difficult task, given the volume and sophistication of attacks. The not-for-profit Sheltered Harbor aims to help. Continue Reading
-
Tip
27 Oct 2022
Types of cloud malware and how to defend against them
Cloud malware isn't going away anytime soon, but organizations have a growing number of tools at their disposal to combat the threat. Continue Reading
-
News
26 Oct 2022
Ukraine: Russian cyber attacks aimless and opportunistic
Victor Zhora, a key Ukrainian cybersecurity official, says Russia is acting with "no particular strategy" in its cyber attacks on his country as their military invasion drags on. Continue Reading
-
News
26 Oct 2022
Cisco, CISA warn 2 AnyConnect flaws are under attack
CISA added two Cisco AnyConnect flaws to its Known Exploited Vulnerabilities catalog, which signals active exploitation and an urgency to patch. Continue Reading
-
Tip
26 Oct 2022
Why it's time to expire mandatory password expiration policies
Password expiration policies that force users to regularly reset passwords are counterproductive. It's time to align those policies with proven approaches to password security. Continue Reading
-
News
26 Oct 2022
Researchers criticize HackerOne over triage, mediation woes
HackerOne researchers told TechTarget Editorial that they regularly encountered months-long wait times for responses and a mediation process that rarely favors researchers. Continue Reading
-
News
25 Oct 2022
Cryptomining campaign abused free GitHub account trials
Cloud security vendor Sysdig uncovered the largest cryptomining operation it's ever seen as threat actors used free account trials to shift the costs to service providers. Continue Reading
-
Tutorial
25 Oct 2022
How to use PuTTY for SSH key-based authentication
This tutorial on the open source PuTTY SSH client covers how to install it, its basic use, and step-by-step instructions for configuring key-based authentication. Continue Reading
-
News
25 Oct 2022
Apple patches actively exploited zero-day iOS bug
The iOS zero-day was joined by a slew of other vulnerabilities in Apple's Oct. 24 security update. The iOS 16 update contained patches for 13 arbitrary code execution flaws. Continue Reading
-
Tip
25 Oct 2022
Top security-by-design frameworks
Following a security-by-design framework, or designing one specific to your company, is key to implanting security into every step of the software development lifecycle. Continue Reading
-
News
24 Oct 2022
CISA warns of ransomware attacks on healthcare providers
A new CISA advisory warned administrators at hospitals and healthcare providers about newly discovered ransomware variant, dubbed Daixin Team, that poses a particular threat. Continue Reading
-
Tip
24 Oct 2022
6 ways to prevent privilege escalation attacks
Privileges dictate the access a user or device gets on a network. Hackers who access these privileges can create tremendous damage. But there are ways to keep your networks safe. Continue Reading
-
Tip
21 Oct 2022
The top 5 ethical hacker tools to learn
Ethical hackers have a wealth of tools at their disposal that search for vulnerabilities in systems. Learn about five such tools that should be part of any hacker's tool set. Continue Reading
-
News
21 Oct 2022
BlackByte ransomware using custom data exfiltration tool
Symantec researchers say BlackByte ransomware may be poised to move into the elite ransomware ranks, as the group has begun developing its own custom malware tools. Continue Reading
-
News
20 Oct 2022
Brazil arrests alleged Lapsus$ hacker
Federal police in Brazil arrested a person accused of being a key member of the Lapsus$ hacking group on charges related to the takedown of government websites. Continue Reading
-
News
20 Oct 2022
Microsoft confirms data leak caused by misconfiguration
Microsoft criticized SOCRadar's reporting of the data leak, saying the threat intelligence vendor "greatly exaggerated" its claim that 65,000-plus entities had data exposed. Continue Reading
-
News
19 Oct 2022
ProxyLogon researcher details new Exchange Server flaws
After testing Microsoft's mitigations for ProxyLogon, security researcher Orange Tsai discovered new Exchange Server bugs, including one flaw that took more than a year to fix. Continue Reading
-
Tip
19 Oct 2022
How to manage and reduce secret sprawl
Secret sprawl plagues companies, making them vulnerable to data breaches. Discover what causes secret sprawl and how to better protect secrets. Continue Reading
-
Feature
19 Oct 2022
Top 10 pen testing interview questions with answers
Are you pursuing a career in pen testing? Prepare with this list of 10 pen testing interview questions and answers created by three security experts. Continue Reading
-
Feature
19 Oct 2022
Top IT security manager interview questions
Are you looking for a leadership role in cybersecurity? Three security experts offer their advice on how to answer the most common IT security manager interview questions. Continue Reading
-
News
19 Oct 2022
Mandiant launches Breach Analytics for Google's Chronicle
Mandiant Breach Analytics for Google Cloud's Chronicle marks a new product launch from the security giant after its acquisition by Google was completed last month. Continue Reading
-
Guest Post
19 Oct 2022
3 cloud security posture questions CISOs should answer
As cloud adoption continues to accelerate, CISOs must help IT and cybersecurity teams keep pace with evolving cloud markets, especially when it comes to cloud security posture. Continue Reading
-
News
19 Oct 2022
Azure vulnerability opens door to remote takeover attacks
Orca Security researchers uncovered a flaw in Azure Service Fabric that was fixed in last week's Patch Tuesday. It allows elevation of privilege and remote takeover of nodes. Continue Reading
-
News
18 Oct 2022
Python vulnerability highlights open source security woes
A 15-year-old unpatched vulnerability in a tarfile module for the Python programming language prompted researchers from cybersecurity vendor Trellix to take action. Continue Reading
-
Tip
18 Oct 2022
Compare vulnerability assessment vs. vulnerability management
Vulnerability assessments and vulnerability management are different but similar-sounding security terms. Discover their similarities and differences. Continue Reading
-
Podcast
14 Oct 2022
Risk & Repeat: Breaking down the Joe Sullivan conviction
This podcast episode discusses conviction of former Uber CSO Joe Sullivan, who was found guilty last week of covering up the company's 2016 data breach. Continue Reading
-
Guest Post
14 Oct 2022
The role of transparency in digital trust
To retain digital trust, organizations must be transparent in the aftermath of cybersecurity attacks and data breaches. Learn more about the roles of transparency in trust. Continue Reading
-
News
13 Oct 2022
NPM API flaw exposes secret packages
A flaw in the API for NPM could potentially allow a threat actor to see the internal packages for corporate users -- a possible first step for a supply chain attack. Continue Reading
-
News
13 Oct 2022
Despite LockBit rebound, ransomware attacks down in 2022
LockBit cybercriminals are back in action with new ransomware attacks and publicity pushes. But many other new groups saw lower levels in activity in Q3, according to Cyberint. Continue Reading
-
Feature
13 Oct 2022
Why Kali Linux is the go-to distribution for penetration testing
Discover why penetration testers prefer to use the Kali Linux distribution for offensive security, from collecting useful tools together to being usable from multiple devices. Continue Reading
-
Feature
13 Oct 2022
How to configure and customize Kali Linux
Learning how to use Kali Linux for ethical hacking and penetration testing? Read step by step how to configure and customize the distribution. Continue Reading
-
Feature
12 Oct 2022
7 steps for implementing zero trust, with real-life examples
More than a decade since the term's inception, zero-trust security is still much easier said than done. Here's how to get started. Continue Reading
-
Tip
12 Oct 2022
An overview of the CISA Zero Trust Maturity Model
A zero-trust framework blocks all attempts to access internal infrastructure without authentication. The CISA Zero Trust Maturity Model is a roadmap to get there. Continue Reading
-
News
11 Oct 2022
NPM malware attack goes unnoticed for a year
A cybercriminal crew known as "LofyGang" poisoned software supply chains with bad NPM packages for more than a year, according to Checkmarx researchers. Continue Reading
-
News
11 Oct 2022
BlackByte ransomware uses new EDR evasion technique
Attackers deploying the BlackByte ransomware strain are using vulnerable drivers to target a part of the operating system that many security products rely on for protection. Continue Reading
-
News
11 Oct 2022
Critical Fortinet vulnerability under active exploitation
Fortinet said the critical vulnerability affects three of its services -- FortiOS, FortiProxy and FortiSwitch Manager -- and urged customers to take immediate action. Continue Reading
-
Feature
11 Oct 2022
LinkedIn scams, fake Instagram accounts hit businesses, execs
Even the most secure business and executive social media accounts that have strong passwords and multifactor authentication are vulnerable to cloning schemes. Continue Reading
-
Tip
11 Oct 2022
Top 6 challenges of a zero-trust security model
Zero trust has a number of challenges, but because the model is highly beneficial, it's important for organizations to learn how to overcome them. Continue Reading
-
News
11 Oct 2022
Google launches new supply chain security offerings
Securing the software supply chain, especially open source libraries, was a major theme behind the new products released at the Google Cloud Next '22 conference. Continue Reading
-
Tip
11 Oct 2022
How to conduct a cybersecurity audit based on zero trust
This checklist offers guidance on how to prepare for a zero-trust cybersecurity audit and helps document how well cybersecurity controls are performing based on CISA's ZTMM. Continue Reading
-
News
07 Oct 2022
CISA lists top vulnerabilities exploited by Chinese hackers
The U.S. government published a list of the most commonly exploited vulnerabilities exploited by Chinese state-sponsored actors, including Log4Shell and the ProxyLogon bugs. Continue Reading
-
Tip
07 Oct 2022
Perimeter security vs. zero trust: It's time to make the move
Perimeter security requires a border to protect enterprise data. With more and more users working outside that border, zero trust promises a better security option for the future. Continue Reading
-
News
06 Oct 2022
Former Uber CSO Joe Sullivan found guilty in breach cover-up
Sullivan was convicted of obstruction of proceedings of the Federal Trade Commission and misprision of felony in connection with the cover-up of Uber's 2016 data breach. Continue Reading
-
News
05 Oct 2022
APTs compromised defense contractor with Impacket tools
A CISA alert warned that APT actors compromised a defense contractor's Microsoft Exchange server and used Impacket, an open source Python toolkit, to move laterally in the network. Continue Reading
-
News
05 Oct 2022
Ransomware attacks ravage schools, municipal governments
Attacks disclosed in September revealed that K-12 schools, universities and local governments continued to suffer at the hands of gangs such as Vice Society and BlackCat/Alphv. Continue Reading
-
Feature
05 Oct 2022
Top zero-trust certifications and training courses
Most organizations are expected to implement zero trust in the next few years. Learn about zero-trust certifications and trainings that can help prepare your security team. Continue Reading
-
News
04 Oct 2022
Secureworks finds network intruders see little resistance
A report from Secureworks found that in many network intrusions, the attackers only need to employ basic, unsophisticated measures to evade detection. Continue Reading
-
News
04 Oct 2022
Tenable shifts focus, launches exposure management platform
The company said it's expanding beyond vulnerability management to address the growing attack surface and the challenges customers face to address it. Continue Reading
-
Tip
04 Oct 2022
Top zero-trust use cases in the enterprise
Still hesitating to adopt zero trust? Learn about the main zero-trust use cases, as well as its benefits, myths and trends that are beginning to emerge. Continue Reading
-
News
03 Oct 2022
Intermittent encryption attacks: Who's at risk?
Threat analysts have observed some ransomware gangs using a new technique that only partially encrypts victims' files, which could evade some ransomware defenses. Continue Reading
-
News
30 Sep 2022
Microsoft Exchange Server targeted with zero-day vulnerabilities
Microsoft warned that two unpatched zero-day vulnerabilities are being exploited against Exchange Server, a problem that's causing déjà vu for some researchers. Continue Reading
-
Answer
30 Sep 2022
Top 6 benefits of zero-trust security for businesses
The zero-trust security model demands infosec leaders take a holistic approach to IT infrastructure security. Learn about the top six business benefits of zero trust here. Continue Reading
-
News
29 Sep 2022
Cobalt Strike malware campaign targets job seekers
Cisco Talos researchers spotted a new wave of phishing attacks that target job seekers in the U.S. and New Zealand, infecting them with Cobalt Strike beacons. Continue Reading
-
News
29 Sep 2022
Unit 42 finds polyglot files delivering IcedID malware
Palo Alto Networks' Unit 42 says attackers are using decoy Microsoft Compiled HTML Help files containing multiple file formats to infect systems with information-stealing malware. Continue Reading