Business Management: Security Support and Executive Communications
-
News
11 Aug 2022
Zero Day Initiative launches new bug disclosure timelines
The Trend Micro Zero Day Initiative's vulnerability disclosure policy will now mandate shorter disclosure windows for flaws believed to result from bypassed security patches. Continue Reading
-
Opinion
11 Aug 2022
Why 2023 is the year of passwordless authentication
Passwords may soon be relegated to the past thanks to IAM vendors' efforts to create passwordless login options. Here's why 2023 should be the year of passwordless authentication. Continue Reading
-
News
11 Aug 2022
How CI/CD pipelines are putting enterprise networks at risk
At Black Hat USA 2022, NCC Group researchers demonstrated how threat actors can compromise CI/CD pipelines and break out into enterprise networks and cloud environments. Continue Reading
-
News
11 Aug 2022
Google researchers dissect Android spyware, zero days
Researchers with Google's Threat Analysis Group say the ecosystem of surveillance vendors is far larger than just NSO Group, and some vendors are sharing or trading exploits. Continue Reading
-
Feature
11 Aug 2022
What is data security? The ultimate guide
Dig into the essentials of data security, from must-have tools, technologies and processes to best practices for keeping data safe. Continue Reading
-
News
10 Aug 2022
Ermetic addresses IAM weaknesses in multi-cloud environments
Researchers at the cloud security vendor discussed the importance of understanding the different identity and access management features among the major cloud providers. Continue Reading
-
News
10 Aug 2022
Chris Krebs: It's still too hard to work with the government
Former CISA Director Chris Krebs offered multiple areas of improvement to the U.S. government's cyber readiness during a Black Hat 2022 keynote. Continue Reading
-
Tip
10 Aug 2022
Compare SAST vs. DAST vs. SCA for DevSecOps
SAST, DAST and SCA DevSecOps tools can automate code security testing. Discover what each testing method does, and review some open source options to choose from. Continue Reading
-
News
10 Aug 2022
Industroyer2: How Ukraine avoided another blackout attack
A Black Hat 2022 session explained how the latest attack on Ukraine's energy grid was thwarted this spring, thanks to quick responses and timely sharing of threat data. Continue Reading
-
Feature
10 Aug 2022
Is ethical hacking legal? And more ethical hacking advice
Is ethical hacking legal? Learn about the legality of ethical hacking, why it's important, its benefits and what organizations should look for when hiring an ethical hacker. Continue Reading
-
Feature
10 Aug 2022
Ethical hacking: How to conduct a Sticky Keys hack
Physical security is often overlooked by cybersecurity teams. Learn about physical cybersecurity attacks in step-by-step instruction on how to conduct a Windows Sticky Keys hack. Continue Reading
-
Tip
10 Aug 2022
Cloud database security: Key vendor controls, best practices
If your company is using a cloud database, it's critical to stay on top of security. Review the security features offered by top cloud providers, plus some best practices. Continue Reading
-
News
08 Aug 2022
U.S. sanctions another cryptocurrency mixer in Tornado Cash
The U.S. Treasury Department issued sanctions against Tornado Cash, a cryptocurrency mixer accused of helping North Korea's Lazarus Group launder stolen funds. Continue Reading
-
Tip
08 Aug 2022
10 top open source security testing tools
From Kali Linux to Mimikatz to Metasploit, learn about 10 open source penetration testing tools organizations can use to determine how secure their network is. Continue Reading
-
News
08 Aug 2022
VMware: The threat of lateral movement is growing
The majority of incident response professionals surveyed for VMware's 'Global Incident Response Threat Report' observed lateral movement in at least some attacks in the past year. Continue Reading
-
Conference Coverage
08 Aug 2022
Guide to the latest Black Hat 2022 Conference news
This Black Hat 2022 guide offers readers breaking news, trending topics and technical expert insights from one of the leading cybersecurity conferences. Continue Reading
-
Tip
05 Aug 2022
5 data security challenges enterprises face today
Data empowers enterprises to succeed. But with great power comes great responsibility -- to keep that data secure. Here are five challenges today's businesses must meet. Continue Reading
-
Feature
05 Aug 2022
Importance of enterprise endpoint security during a pandemic
Enterprises often focus greatly on communications security and less on endpoint security. Review the importance of enterprise endpoint security and best practices to implement it. Continue Reading
-
Feature
05 Aug 2022
Cybersecurity lessons learned from COVID-19 pandemic
Cybersecurity lessons companies learn from the COVID-19 pandemic include having work-from-home preparations and developing disaster recovery and business continuity plans. Continue Reading
-
News
04 Aug 2022
Amazon CSO Steve Schmidt talks prescriptive security for AWS
In part two of this Q&A, Amazon CSO Steve Schmidt discusses why AWS has taken a more prescriptive approach to customer security and how it influences areas like incident response. Continue Reading
-
News
03 Aug 2022
Amazon CSO Steve Schmidt preaches fungible resources, MFA
In a Q&A with SearchSecurity, Amazon CSO Steve Schmidt discusses his time as head of AWS security and shifts the cloud provider made to improve its posture, as well as customers'. Continue Reading
-
News
03 Aug 2022
Thoma Bravo to acquire Ping Identity for $2.8B
Thoma Bravo's bid is expected to close in the fourth quarter of 2022. Ping Identity's purchase price represents a 63% premium over the vendor's closing price Tuesday. Continue Reading
-
News
02 Aug 2022
New Microsoft tools aim to protect expanding attack surface
New security concerns have arisen around initial attack vectors and visibility into a broader attack surface as companies have moved to the cloud, according to Microsoft. Continue Reading
-
News
02 Aug 2022
July another down month in ransomware attack disclosures
July saw a similar number of ransomware attack disclosures as June, previously the sparsest month for disclosures this year, according to SearchSecurity's data. Continue Reading
-
Tip
02 Aug 2022
Data masking vs. data encryption: How do they differ?
Discover how the data security techniques of data masking and data encryption compare, while also learning about different types of both and their use cases. Continue Reading
-
Feature
02 Aug 2022
The importance of data security in the enterprise
Three industry experts discuss the criticality of data security in the enterprise, including the significance of data breaches and compliance regulations. Continue Reading
-
Tip
02 Aug 2022
10 enterprise database security best practices
Beyond protecting enterprise databases from vulnerabilities, it is critical to improve and review their security on a regular basis. Learn more with these database security best practices. Continue Reading
-
Tip
01 Aug 2022
Top 10 UEBA enterprise use cases
The top user and entity behavior analytics use cases fall in cybersecurity, network and data center operations, management and business operations. Check out the risks. Continue Reading
-
Feature
29 Jul 2022
10 biggest data breaches in history, and how to prevent them
Did you know the biggest data breach in history exposed a whopping 3 billion records? Learn more about the largest data breaches and get advice on how to prevent similar attacks. Continue Reading
-
News
29 Jul 2022
Coveware: Median ransom payments dropped 51% in Q2
Coveware hypothesized that large enterprises are making themselves more expensive targets for ransomware gangs and refusing to give into high demands. Continue Reading
-
Tip
29 Jul 2022
SSH key management best practices and implementation tips
SSH connects key systems and the people and processes necessary to keep them functioning. Learn how to use SSH key management best practices to protect your systems and network. Continue Reading
-
Tip
28 Jul 2022
How to perform a data risk assessment, step by step
Organizations need confidence that they are properly identifying and protecting sensitive data. Follow these five steps to create a data risk assessment. Continue Reading
-
News
28 Jul 2022
Microsoft: Austrian company DSIRF selling Subzero malware
Microsoft said Austrian penetration testing firm DSIRF exploited multiple zero-day vulnerabilities, including the recently patched CVE-2022-22047. Continue Reading
-
Tip
28 Jul 2022
How to prevent a data breach: 10 best practices and tactics
When it comes to data breach prevention, the stakes are high. While it's impossible to eliminate the risk, organizations can minimize it by following these best practices. Continue Reading
-
Feature
28 Jul 2022
How to develop a data breach response plan: 5 steps
A data breach response plan outlines how a business will react to a breach. Follow these five steps, and use our free template to develop your organization's plan. Continue Reading
-
News
28 Jul 2022
AWS adds anti-malware and PII visibility to storage
New tools unveiled by AWS at re:Inforce 2022 add new anti-malware capabilities to AWS block storage and a way to find personally identifiable information with S3 object storage. Continue Reading
-
Feature
28 Jul 2022
How to secure data at rest, in use and in motion
With internal and external cyber threats on the rise, check out these tips to best protect and secure data at rest, in use and in motion. Continue Reading
-
Tip
27 Jul 2022
SSH2 vs. SSH1 and why SSH versions still matter
The Secure Shell protocol, SSH, was redesigned and released as SSH2 in 2006. While SSH1 lingers for legacy uses, find out how the protocols differ and why it's important. Continue Reading
-
News
26 Jul 2022
AWS issues MFA call to action at re:Inforce 2022
To reduce growing attack surfaces in the cloud, AWS executives emphasized the importance of implementing MFA to protect accounts and blocking public access to cloud resources. Continue Reading
-
Guest Post
26 Jul 2022
3 ways to help cybersecurity pros avoid burnout
Many security professionals are pushed to their breaking point. Discover three ways employers and managers can help their employees avoid burnout. Continue Reading
-
News
26 Jul 2022
CrowdStrike launches cloud threat hunting service
Launched at AWS re:Inforce 2022, CrowdStrike's Falcon OverWatch Cloud Threat Hunting is a standalone threat hunting service built to stop advanced threats from within the cloud. Continue Reading
-
Tip
22 Jul 2022
Top 10 enterprise data security best practices
To protect your organization's data and prevent its misuse, incorporate these 10 data security best practices into your enterprise data security strategy. Continue Reading
-
Answer
22 Jul 2022
Symmetric vs. asymmetric encryption: What's the difference?
Explore the differences between symmetric vs. asymmetric encryption, including how they work and common algorithms, as well as their pros and cons. Continue Reading
-
News
21 Jul 2022
NCC Group observes a drop in ransomware attacks -- for now
Changes in top ransomware-as-a-service groups like LockBit 2.0 and Conti accounted for the decline in activity, though NCC Group anticipates attacks will ramp back up. Continue Reading
-
News
21 Jul 2022
Atlassian Confluence plugin contains hardcoded password
A flaw in Questions for Confluence, a first-party application in Atlassian Confluence, contains a hardcoded password enabling access into any vulnerable instance. Continue Reading
-
Feature
21 Jul 2022
How to create a data security policy, with template
Are you looking to create or update your organization's data security policy? Learn about the key elements of a data security policy, and use our free template to get started. Continue Reading
-
News
21 Jul 2022
SynSaber: Only 41% of ICS vulnerabilities require attention
The industrial cybersecurity vendor analyzed 681 ICS vulnerabilities that were disclosed this year and found many had a low probability of exploitation. Continue Reading
-
News
20 Jul 2022
DOJ report warns of escalating cybercrime, 'blended' threats
The Department of Justice's cyber review report warned that the lines between conventional cybercriminal activity and national security threats have all but disappeared. Continue Reading
-
Feature
20 Jul 2022
VMDR: Inside vulnerability management, detection and response
VMDR offers automated asset identification, threat prioritization and patch management. But do companies need another vulnerability management tool? Continue Reading
-
News
20 Jul 2022
Sophos launches cross-operational task force X-Ops
The Sophos X-Ops team aims to create an AI-assisted security operations center using the cybersecurity vendor's research and threat response teams. Continue Reading
-
Feature
19 Jul 2022
Cyber-war game case study: Preparing for a ransomware attack
In this real-world cyber-war game case study, an exercise on ransomware preparedness helped a company discover shortcomings in its incident response plan. Continue Reading
-
Tip
18 Jul 2022
Key factors to achieve data security in cloud computing
Enterprises face a variety of data security concerns when deploying assets to the cloud. But there are some guidelines you can follow to make sure your assets are protected. Continue Reading
-
News
15 Jul 2022
Cryptocurrency mixer activity reaches new heights in 2022
Chainalysis observed a stark uptick in April that led to a steady decline in May and June, but illicit addresses and DeFi platforms have kept mixers busy so far this year. Continue Reading
-
Podcast
15 Jul 2022
Risk & Repeat: Ransomware in 2022 so far
This podcast episode discusses ransomware in 2022, including an apparent decrease in attacks, the evolution of cybercrime operations and the lack of visibility into the threat. Continue Reading
-
Tip
15 Jul 2022
Pen testing vs. vulnerability scanning: What’s the difference?
Confused by the differences between pen tests and vulnerability scans? You're not alone. Learn the key differences between the two and when each should be used. Continue Reading
-
News
14 Jul 2022
Cryptocurrency crash triggers crisis for dark web exchanges
Cybersixgill says dark web exchanges that help cybercriminals launder their funds are facing a crisis as users are cashing out amid a cryptocurrency price crash. Continue Reading
-
Tip
14 Jul 2022
3 steps for getting started with security service edge
Before getting started with security service edge (SSE), formulate a migration strategy. Check out these three expert tips for tackling SSE with maximum efficiency and ease. Continue Reading
-
Tip
14 Jul 2022
SecOps vs. CloudSecOps: What does a CloudSecOps team do?
Now, more than ever, organizations need to build controls, monitor and enact security response activities for the cloud. This is where the CloudSecOps team comes into play. Continue Reading
-
News
13 Jul 2022
Researcher develops Hive ransomware decryption tool
Despite being only a year old, Hive ransomware has grown into a prominent ransomware-as-a-service operator. The decryptor tackles Hive's newer, better-encrypted version. Continue Reading
-
News
13 Jul 2022
Supreme Court justices doxxed on dark web
Five conservative Supreme Court justices were reportedly doxxed by threat actors that claim to have obtained credit card numbers, addresses and other information. Continue Reading
-
News
12 Jul 2022
4 critical flaws among 84 fixes in July Patch Tuesday
Microsoft's Patch Tuesday release for July brought dozens of fixes for security flaws in Windows, an Azure disaster recovery tool and the problematic Print Spooler service. Continue Reading
-
Tutorial
11 Jul 2022
How to use SSH tunnels to cross network boundaries
The Secure Shell protocol authenticates and encrypts network connections. Find out how it's used to build tunnels while crossing private networks and even firewalls. Continue Reading
-
Feature
08 Jul 2022
Clearing up cybersecurity architecture confusion, challenges
There's no lack of cybersecurity frameworks, but there is a lack of resources to help small and midsize organizations build a cybersecurity architecture -- until now. Continue Reading
-
Feature
08 Jul 2022
4 criteria to measure cybersecurity goal success
Measuring the success of cybersecurity goals is challenging because they are components of larger goals and often probabilistic rather than deterministic. Continue Reading
-
Feature
08 Jul 2022
Top 7 types of data security technology
These seven types of data security technologies -- from encryption to masking -- will better protect customer and enterprise data from inappropriate and unauthorized access and use. Continue Reading
-
News
07 Jul 2022
Early detection crucial in stopping BEC scams
Cofense Intelligence studied hundreds of business email compromise attacks and found that most scams attempt to establish trust with targeted employees over multiple emails. Continue Reading
-
Tip
07 Jul 2022
How to create a critical infrastructure incident response plan
Does your organization have an incident response plan for disruptions to critical infrastructure? Learn how to write a successful plan for your company. Continue Reading
-
News
07 Jul 2022
Public sector still facing ransomware attacks amid decline
While ransomware activity has reportedly decreased worldwide in recent months, several public sector organizations in the U.S. suffered attacks in June. Continue Reading
-
News
06 Jul 2022
5G networks vulnerable to adversarial ML attacks
A team of academic researchers introduced an attack technique that could disrupt 5G networks, requiring new ways to protect against adversarial machine learning attacks. Continue Reading
-
News
06 Jul 2022
HackerOne incident raises concerns for insider threats
While the threat actor's motivation appears to be financial, it shows just how damaging an insider threat could be for vulnerability disclosure and bug bounty systems. Continue Reading
-
News
05 Jul 2022
Ransomware in 2022: Evolving threats, slow progress
Experts say trends involving new forms of leverage, increasing numbers of affiliates and the evolving cyber insurance market are shaping the ransomware landscape in 2022. Continue Reading
-
Feature
05 Jul 2022
How to write a cybersecurity job posting
Is your organization struggling to find cybersecurity talent? Your job descriptions could be the problem. Learn how to write a good cybersecurity job posting. Continue Reading
-
Feature
05 Jul 2022
How to define cyber-risk appetite as a security leader
In this excerpt from 'The CISO Evolution: Business Knowledge for Cybersecurity Executives,' learn how to define and communicate an enterprise's true cyber-risk appetite. Continue Reading
-
Feature
05 Jul 2022
How to find your niche in cybersecurity
It's difficult to navigate a career in cybersecurity, especially with all the varying roles. A veteran CISO offers advice on how to find your niche in the security industry. Continue Reading
-
Feature
05 Jul 2022
A 'CISO evolution' means connecting business value to security
As cybersecurity has changed, so has the CISO role. 'The CISO Evolution: Business Knowledge for Cybersecurity Executives' aims to help security leaders succeed in the C-suite. Continue Reading
-
News
30 Jun 2022
SANS Institute: Human error remains the top security issue
The SANS Institute's annual report on security awareness found that human risk is still the biggest source of data breaches and security issues for enterprises. Continue Reading
-
Tip
29 Jun 2022
How to conduct a cyber-resilience assessment
It's a good cyber hygiene practice to periodically review your organization's cybersecurity plans and procedures. Use this checklist to guide your cyber-resilience assessment. Continue Reading
-
News
28 Jun 2022
Ransomware gangs using Log4Shell to attack VMware instances
Ransomware groups are exploiting the Log4Shell flaw in VMware Horizon and using DLL sideloading techniques to exfiltrate and encrypt data, according to Trend Micro. Continue Reading
-
News
28 Jun 2022
Cisco Talos techniques uncover ransomware sites on dark web
One of the three techniques Cisco Talos used to de-anonymize ransomware dark web sites is to match TLS certificate serial numbers from dark web leak sites to the clear web. Continue Reading
-
Guest Post
28 Jun 2022
Why the next-gen telecom ecosystem needs better regulations
The telecom industry keeps the world connected but also poses national and cybersecurity risks. Learn why the sector needs better -- and uniform -- regulations. Continue Reading
-
News
28 Jun 2022
Wiz launches open database to track cloud vulnerabilities
Wiz researchers Alon Schindel and Amitai Cohen and Scott Piper, cloud security engineer at Block, launched a database to list all known cloud vulnerabilities and security issues. Continue Reading
-
Tip
28 Jun 2022
Negotiating a golden parachute clause in a CISO contract
If a CISO becomes the company scapegoat after a security incident, a strong golden parachute clause can mean the difference between a soft landing and a hard crash. Continue Reading
-
Feature
27 Jun 2022
How to determine out-of-scope bug bounty assets
What happens when a security researcher discovers a bug in an out-of-scope asset? Learn how to handle bug bounty scope in this excerpt from 'Corporate Cybersecurity.' Continue Reading
-
Feature
27 Jun 2022
An enterprise bug bounty program vs. VDP: Which is better?
Creating a bug bounty or vulnerability disclosure program? Learn which option might prove more useful, and get tips on getting a program off the ground. Continue Reading
-
Tip
24 Jun 2022
Top 4 best practices to secure the SDLC
NIST's Secure Software Development Framework is a set of practices for mitigating software vulnerabilities. Learn about the top SDLC best practices included in this framework. Continue Reading
-
News
24 Jun 2022
Researchers criticize Oracle's vulnerability disclosure process
While the critical flaws were reported in April, it took the vendor nearly half a year to issue patches, exceeding the standard responsible coordinated disclosure policy. Continue Reading
-
News
23 Jun 2022
Chinese HUI Loader malware ups the ante on espionage attacks
A state-sponsored piece of malware may become a favorite weapon for Beijing-backed hacking crews looking to lift intellectual property from foreign firms. Continue Reading
-
Guest Post
23 Jun 2022
3 threats dirty data poses to the enterprise
The Information Security Forum predicted dirty data will pose three threats to the enterprise. Learn about these threats, and get tips on how to protect your organization from them. Continue Reading
-
Tutorial
23 Jun 2022
Use ssh-keygen to create SSH key pairs and more
Learn how to use ssh-keygen to create new key pairs, copy host keys, use a single login key pair for multiple hosts, retrieve key fingerprints and more in this tutorial. Continue Reading
-
News
23 Jun 2022
Access management issues may create security holes
Employees who aren't credentialed to access corporate systems to do their jobs find ways around the red tape that could lead to security breaches. Continue Reading
-
News
22 Jun 2022
Ongoing PowerShell security threats prompt a call to action
Although PowerShell poses an ongoing risk to enterprise security as a post-exploitation tool, authorities strongly advise against disabling it completely. Continue Reading
-
News
22 Jun 2022
Kaspersky unveils unknown APT actor 'ToddyCat'
The origin of 'ToddyCat' is unknown. However, Kaspersky said the APT actor carries similarities with a number of Chinese-speaking threat groups. Continue Reading
-
Opinion
22 Jun 2022
What's driving converged endpoint management and security?
Security and IT teams face challenges in managing and securing a growing number of endpoints, which is driving organizations to look for converged capabilities, according to ESG. Continue Reading
-
Feature
22 Jun 2022
Publicly disclosed U.S. ransomware attacks database
Each day SearchSecurity looks for every publicly available instance of a ransomware attack in the U.S. and compiles this data into a list to keep readers updated on recent threats. Continue Reading
-
News
22 Jun 2022
Proofpoint: Social engineering attacks slipping past users
Executives, administrators and network defenders overlook the severity of many of the most effective social engineering tools, Proofpoint cautions. Continue Reading
-
Guest Post
21 Jun 2022
How to address security risks in GPS-enabled devices
GPS-enabled devices not only pose personal risks but also pose risks to organizations. Learn about the security risks associated with tracking devices and how to address them. Continue Reading
-
News
21 Jun 2022
Forescout discloses 'OT:Icefall,' 56 flaws from 10 vendors
The OT:Icefall vulnerabilities come from 10 operational technology vendors that make hardware for critical infrastructure, including Emerson, Honeywell, Motorola and more. Continue Reading
-
Tip
21 Jun 2022
Key software patch testing best practices
Every company has to update and patch its software, but unless the process is carefully managed, serious problems can occur. How can you make sure you're following the right steps? Continue Reading
-
News
20 Jun 2022
Cleveland BSides takes heat for Chris Hadnagy appearance
The Cleveland BSides security conference is experiencing turmoil after booking a 'surprise' keynote speaker who was recently barred from DEF CON for misconduct. Continue Reading
-
News
20 Jun 2022
Paige Thompson found guilty in 2019 Capital One data breach
The former Amazon engineer who hacked AWS and gained access to sensitive data belonging to Capital One customers has been convicted. Continue Reading