Cloud Computing Security Standards

Ivanti makes double acquisition of MobileIron, Pulse Secure

Ivanti will acquire all outstanding shares of MobileIron stock for approximately $872 million. The financial terms of Pulse Secure's acquisition were not disclosed. Continue Reading

Cybersecurity testing essentials for mergers and acquisitions

Before moving forward with an M&A, conduct some cybersecurity testing to ensure your company knows how the acquired company protects data, employees and customers. Continue Reading

IBM: Ransomware attacks surged in Q2, ransom demands rising

IBM Security examined several concerning ransomware for this year, as well as an exponential increase in ransom demands and massive spike in attacks during the spring. Continue Reading

Critical IIoT security risks cloud IoT's expansion into industry

The convergence of IoT with industrial processes increases productivity, improves communications and makes real-time data readily available. But serious IIoT security risks must be considered as well. Continue Reading

Prevent cloud account hijacking with 3 key strategies

The ability to identify the various methods of cloud account hijacking is key to prevention. Explore three ways to limit potential consequences of cloud credential compromise. Continue Reading

Microsoft detects Netlogon vulnerability exploitation in the wild

While Microsoft released a patch last month for the Netlogon flaw, the company said it detected threat actors using exploits for the critical vulnerability. Continue Reading

Shopify discloses data breach caused by insider threats

Canadian e-commerce company Shopify disclosed a data breach involving two insider threats, but questions remain about the breach and how it was discovered. Continue Reading

Cybersecurity team structure stronger with 3 new roles

Having the right cybersecurity team in place can help reduce how long it takes to control threats. Consider adding cloud security, third-party risk and digital ethics specialists. Continue Reading

7 SOC automation use cases to augment security operations

Implementing SOC automation can have far-reaching benefits for an organization's infosec program and security culture. Learn how by exploring these seven use cases of AI in SOCs. Continue Reading

FBI: Disinformation attacks on election results 'likely'

Foreign threat actors and cybercriminals are "likely" to spread disinformation around 2020 election results through social media and also alter election-related websites. Continue Reading

5 key enterprise SOC team roles and responsibilities

Review the key players in the 2020 SOC and their specific responsibilities, as well as best practices to ensure effective teamwork for a secure organization. Continue Reading

ConnectWise launches bug bounty program to boost security

ConnectWise, which provides remote management software to MSPs, partnered with HackerOne in its first bug bounty program, which is part of a larger strategy to improve security. Continue Reading

Format-preserving encryption use cases, benefits, alternative

With format-preserving encryption, a ciphertext's format is the same as its plaintext's. Read up on the benefits of this cryptography method, NIST FPE methods, vendors and more. Continue Reading

Inclusive job descriptions key for infosec hiring

When seeking candidates for infosec job roles, it helps to think outside the box. Inclusive job descriptions and cutting back on unnecessary requirements are good places to start. Continue Reading

Cyber attacks on schools increasing amid remote learning shift

The pandemic forced schools to make a quick transition to remote learning with little resources and weak security postures, and threat actors have increased their attacks. Continue Reading

Top 4 firewall-as-a-service security features and benefits

Firewall-as-a-service offerings implement security policies across consolidated traffic headed to all locations. Learn about four security features and benefits of FWaaS. Continue Reading

Security for SaaS applications starts with collaboration

Following established best practices helps enterprises facilitate collaboration and communication through SaaS applications while simultaneously ensuing secure SaaS use. Continue Reading

Gartner: Paying after ransomware attacks carries big risks

The average cost of a ransomware payment in Q1 2020 was $178,254, according to a session at Gartner's Security & Risk Management Summit -- and that doesn't include downtime cost. Continue Reading

Maze ransomware gang uses VMs to evade detection

A Sophos investigation into a Maze ransomware attack revealed that threat actors borrowed an attack technique pioneered by Ragnar Locker operators earlier this year. Continue Reading

Gartner: Securing remote workforce a top priority

In a COVID-19 pandemic world with new security threats and risks emerging, Gartner analysts discussed the urgency of securing access and devices for remote employees. Continue Reading

An inside look at the CCSP cloud security cert

Get insights into the Certified Cloud Security Professional cert, cloud infrastructure and platform benefits and risks, and more from the author of a CCSP exam guide. Continue Reading

Test your cloud security smarts with these CCSP exam questions

Read up on cloud-based BCDR in this excerpt from Chapter 4 of 'CCSP Certified Cloud Security Professional All-in-One Guide,' then quiz yourself to see what you've learned. Continue Reading

Cloud computing security technology quiz

As companies migrate to the cloud to improve accessibility and scalability, there are many aspects of security to consider. Test your cloud security knowledge with this quiz. Continue Reading

Gartner: Privileged access management a must in 2020

Gartner's 2020 Security & Risk Management Summit focused on the importance of privileged access management to cybersecurity as threat actors increasingly target admin credentials. Continue Reading

How to protect companies from business email compromise

Research shows that business email compromise attacks continue to proliferate as threat actors continue to see success. Here are a few ways to protect your company. Continue Reading

3 steps to secure codebase updates, prevent vulnerabilities

Codebase updates are critical, but what about when they introduce vulnerabilities? These three steps will help app developers secure codebase updates and keep their apps safe. Continue Reading

Combination of new, old tech driving remote access security

The massive shift to home-based workforces left IT vulnerable to unexpected threats, but organizations are combining old and new strategies to maintain remote access security. Continue Reading

How cloud security posture management protects multi-cloud

Improve control plane security at your organization by integrating a cloud security posture management tool into your existing multi-cloud strategy. Continue Reading

Disinformation, mail-in ballots top election security concerns

While there have been no major cyberattacks this election season, threat actors are waging disinformation campaigns around hot-button issues like mail-in ballots. Continue Reading

Manage unsuccessful login attempts with account lockout policy

Learn how to create account lockout policies that detail how many unsuccessful login attempts are allowed before a password lockout in order to prevent credential-based attacks. Continue Reading

Best practices for ethically teaching cybersecurity skills

Jonathan Meyers has recommendations that teachers and students can use to enhance their teaching and learning of cybersecurity skills to remain relevant in this fast-paced industry. Continue Reading

Intel patches critical flaw in Active Management Technology

Intel's Patch Tuesday featured four security advisories, including a critical flaw in Active Management Technology that could allow an attacker privilege escalation. Continue Reading

CISA issues vulnerability disclosure order for federal agencies

The U.S. Cybersecurity and Infrastructure Security Agency gives a directive for federal agencies to establish vulnerability disclosure policies in the next 180 calendar days. Continue Reading

CISA and FBI say there have been no hacks on voter databases

After a false Russian news report circulated on the internet, CISA and the FBI released a joint statement that denied any hacks to election security. Continue Reading

Big ransomware attacks overshadowing other alarming trends

Large ransomware attacks on major enterprises have dominated the news, but security experts say there are other alarming trends. Continue Reading

Cisco issues alert for zero-day vulnerability under attack

Cisco discovered attempted exploitation of a high-severity vulnerability found in the IOS XR software used in some of its networking equipment. Continue Reading

The Uber data breach cover-up: A timeline of events

The criminal charges against former Uber CSO Joe Sullivan were the latest development in the ongoing scandal over the ride-sharing company's concealment of a 2016 data breach. Continue Reading

Inclusivity a crucial step beyond diversity in cybersecurity

Spurred on by the social justice movement around the world, cybersecurity experts want to see a move beyond diversity efforts to ensure inclusivity in organizations as well. Continue Reading

Site-to-site VPN security benefits and potential risks

Not every enterprise needs the functionality of a standard VPN client. A site-to-site VPN may be a better choice for some companies, but it's not without risk. Continue Reading

North Korea's 'BeagleBoyz' target banks with ATM cash-out attacks

The U.S. Government issued a joint alert for an ATM cash-out scheme run by a newly identified North Korean nation-state hacking group known as 'BeagleBoyz.' Continue Reading

Maze ransomware 'cartel' expands with new members

Two more ransomware groups have apparently joined the Maze 'cartel' in an effort to expose victims' data on leak sites and shame them into paying expensive ransoms. Continue Reading

AI security concerns keeping infosec leaders up at night

Conversations about 'AI as a solution' may overlook potentially grave AI security issues. Explore the potential infosec implications of the emerging technology in this video. Continue Reading

Infrastructure as code's security risks and rewards

Infrastructure as code can yield some exciting security benefits for enterprises, but they each come with drawbacks. Learn more about the most critical IaC security impacts. Continue Reading

'Meow' attacks top 25,000 exposed databases, services

One month after the notorious 'meow' attacks were first detected, the threat to misconfigured databases exposed on the internet shows little sign of slowing down. Continue Reading

FBI and CISA issue vishing campaign warning

The FBI and CISA have issued a joint advisory related to a vishing campaign that began in mid-July, with numerous attacks that gained access to corporate VPN credentials. Continue Reading

The 7 elements of an enterprise cybersecurity culture

An effective 'human firewall' can prevent or mitigate many of the threats enterprises face today. Adopt these seven elements of a culture of cybersecurity to defend against risks. Continue Reading

Claroty: 70% of ICS vulnerabilities are remotely exploitable

Out of 365 ICS vulnerabilities that were disclosed by the National Vulnerability Database in the first half of 2020, Claroty found more than 70% can be remotely exploited. Continue Reading

Former Uber CSO charged over 'hush money' payment to hackers

Joe Sullivan, who was fired by Uber in 2017, was charged by federal prosecutors for allegedly covering up a massive 2016 data breach at the ride-sharing company. Continue Reading

Cybersecurity new normal needs change in process, CISOs say

As CISOs face an increasingly remote workforce, they need to confront past security mistakes, while adjusting to cybersecurity's new normal. Continue Reading

CISSP practice exam questions and answers

Test your knowledge and preparedness for the CISSP exam with 16 questions taken directly from the latest 'CISSP All-in-One Exam Guide' from McGraw Hill. Continue Reading

Apache Struts vulnerabilities allow remote code execution, DoS

The Apache Software Foundation issued security advisories last week for two Apache Struts vulnerabilities that were originally patched but not fully disclosed last fall. Continue Reading

'Secure by Design' principles include failures, exceptions

Using design principles with built-in security, along with properly defining exceptions, can help developers not only build safe code, but do so while meeting deadlines. Continue Reading

Exception handling best practices call for secure code design

Making software secure by design requires tremendous consideration about how failures are handled. Learn more from these exception handling examples. Continue Reading

10 RDP security best practices to prevent cyberattacks

Securing remote connections is critical, especially in a pandemic. Enact these RDP security best practices at your organization to prevent ransomware, brute-force attacks and more. Continue Reading

Hands-on guide to S3 bucket penetration testing

Attention AWS pen testers: The trick to understanding the indicators of AWS S3 bucket vulnerabilities is setting up an insecure bucket. Learn how in this actionable guide. Continue Reading

Email enigma: Why is Canada hit with so many phishing attacks?

Canada has become an increasingly popular target for phishing attacks, according to several security vendors, but the reasons for the increase remain a mystery. Continue Reading

How to handle Amazon S3 bucket pen testing complexity

Security researcher Benjamin Caudill shares details from his book, 'Hands-On AWS Penetration Testing with Kali Linux,' and advice on Amazon S3 bucket pen testing for ethical hackers. Continue Reading

Risk & Repeat: Black Hat 2020 highlights

This week's Risk & Repeat podcast recaps Black Hat USA 2020 and discusses some of the best sessions, worst vulnerabilities and the overall virtual conference experience. Continue Reading

How security champions can help, despite working remotely

By effectively using collaboration tools, security champions can still spread a company's security message even as most offices stay closed and employees work remotely. Continue Reading

Kaspersky reveals 2 Windows zero-days from failed attack

Kaspersky prevented an attack against a South Korean company back in May that used two zero-day vulnerabilities. One, arguably the more dangerous, focused on Internet Explorer. Continue Reading

What cybersecurity teams can learn from COVID-19

Nabil Hannan examines key similarities between medical and computer viruses that cybersecurity teams can use to keep businesses protected effectively. Continue Reading

Healthcare CISO offers alternatives to 'snake oil' companies

Indiana University Health CISO Mitchell Parker discussed internal risk assessments, security snake oil salesmen and more at his Black Hat USA 2020 talk. Continue Reading

Security team analyzes data breach costs for better metrics

Security researchers discuss their findings on misleading and incorrect data breach cost metrics and share how breach reporting and information sharing can help all organizations. Continue Reading

Games, not shame: Why security awareness training needs a makeover

Elevate Security co-founder Masha Sedova spoke at Black Hat USA 2020 about why traditional security awareness training is ineffective and fails to change risky behavior. Continue Reading

10 years after Stuxnet, new zero-days discovered

A decade after Stuxnet, SafeBreach Labs researchers discovered new zero-day vulnerabilities connected to the threat, which they unveiled at Black Hat USA 2020. Continue Reading

Not just politics: Disinformation campaigns hit enterprises, too

In her Black Hat USA 2020 keynote, Renée DiResta of the Stanford Internet Observatory explains how nation-state hackers have launched 'reputational attacks' against enterprises. Continue Reading

Voting vendor ES&S unveils vulnerability disclosure program

Election Systems & Software, the biggest vendor of U.S. voting equipment, will allow the security researcher community to test its elections equipment for vulnerabilities. Continue Reading

CISA chief: Ransomware could threaten election security

During a Black Hat USA 2020 session, CISA Chief Christopher Krebs said ransomware attacks on city, state and local governments are a major concern for election security. Continue Reading

Ripple20 vulnerabilities still plaguing IoT devices

Months after Ripple20 vulnerabilities were reported, things haven't gotten much better, say experts at Black Hat USA 2020. In fact, the world may never be fully rid of the flaws. Continue Reading

Matt Blaze warns of election security challenges amid COVID-19

In his Black Hat USA 2020 keynote, security researcher Matt Blaze discussed the challenges facing U.S. elections this year and what must be done to solve them. Continue Reading

How to send secure email attachments

Sending sensitive information in attachments is inherently unsafe, and the main way to secure them -- encryption -- can be implemented inconsistently, negating security benefits. Continue Reading

Twitter breach raises concerns over phone phishing

The alleged mastermind behind the Twitter breach has been arrested, and the method of social engineering attack has also been revealed: phone phishing, or vishing. Continue Reading

Risk & Repeat: Sophos warns of evolving ransomware threats

Dan Schiappa and Chester Wisniewski of Sophos join the Risk & Repeat podcast to discuss how ransomware groups are evolving and embracing innovative evasion techniques. Continue Reading

Test your cybersecurity knowledge with this quick ISM quiz

Read our August 2020 e-zine, and then take this short quiz to test your knowledge of cybersecurity awareness training and other issues -- from types of CISOs to talent recruitment. Continue Reading

How to start an enterprise bug bounty program and why

Incentivizing researchers for finding software vulnerabilities can be advantageous for vendors and participants. Here's what to know before starting a bug bounty program. Continue Reading

How to shift from DevOps to DevSecOps

A successful DevSecOps rollout requires software developers to be equipped with the proper security skills and tools. Learn how to transition smoothly from DevOps to DevSecOps. Continue Reading

Which type of CISO are you? Company fit matters

Incompatibility between CISOs and their companies can lead to stress, frustration, burnout and rapid turnover. Identify your CISO style to target the ideal role and environment for you. Continue Reading

The case for cybersecurity by design in application software

Security must be part of IT from the start and then continue through the entire product lifecycle -- design, build, release and maintenance. Consumers now demand it. Continue Reading

10 tips for cybersecurity awareness programs in uncertain times

Explore the winning tactics and tools CISOs and other cybersecurity leaders are employing in their programs to raise employee security awareness -- and consider how they might work for you. Continue Reading

Importance of cybersecurity awareness never greater

Security awareness is more essential than ever, but in a world of increasingly sophisticated threats, making it a reality requires more than set-it-and-forget-it training. Continue Reading

Develop internal cybersecurity talent to build your dream team

Cybersecurity duties have changed, with cloud and coding being essential knowledge now. But CISOs can still build their dream cybersecurity team through internal talent development. Continue Reading

The pros and cons of biometric authentication

Hoping for a passwordless future? Multifactor authentication using biometrics may be the answer. Consider the pros, cons and implications of biometric authentication before deploying. Continue Reading

Security pros explain how to prevent cyber attacks

Even during pandemics, hackers use malware such as ransomware and phishing to exploit an organization's vulnerabilities. IT security pros discuss how they prevent cyber attacks. Continue Reading

7 security awareness statistics to keep you up at night

As if protecting corporate systems and data wasn't hard enough, beware of another potential foe: those well-meaning but woefully uninformed staff members. Continue Reading

Cybersecurity education for employees: Learn what works

 Continue Reading

The case for cybersecurity by design in application software

 Continue Reading

10 tips for cybersecurity awareness programs in uncertain times

 Continue Reading

Importance of cybersecurity awareness never greater

 Continue Reading

Develop internal cybersecurity talent to build your dream team

 Continue Reading

How to mitigate an HTTP request smuggling vulnerability

Exploiting an HTTP request smuggling vulnerability can result in the inadvertent execution of unauthorized HTTP requests. Learn how to defend web environments from this attack. Continue Reading

Security issues with working remotely (and how to fix them)

With companies continuing work from home for the foreseeable future, Rohit Dhamankar offers home security advice to help security teams and employees address security issues with working remotely. Continue Reading

6 persistent enterprise authentication security issues

Some authentication factors are considered more secure than others but still come with potential drawbacks. Learn about the most common enterprise authentication security issues. Continue Reading

How CISOs can deal with cybersecurity stress and burnout

Being a paramedic and working in cybersecurity taught CISO Rich Mogull how to avoid stress and burnout. Check out his advice to maintain mental health in high-stress roles. Continue Reading

'Meow' attacks continue, thousands of databases deleted

More than one week later, the mysterious attacks on insecure databases on ElasticSearch, MongoDB and others have not only persisted but grown, with no explanation. Continue Reading

As network security analysis proves invaluable, NDR market shifts

IT infrastructure threat detection and response have emerged as critical elements of enterprise cybersecurity as network security analysis proves invaluable to protecting data. Continue Reading

'BootHole' bug puts most Linux, Windows systems in jeopardy

Hardware security vendor Eclypsium discovered a bootloader vulnerability that bypasses Secure Boot protection and affects a majority of modern Linux and Windows systems. Continue Reading

Cloud security quiz: Application security best practices

Think you know all there is to know about securing apps in the cloud? Test your grasp of cloud application security best practices with this quiz. Continue Reading

IBM: Compromised credentials led to higher data breach costs

The average total cost of a data breach is $3.86 million, according to new research from IBM and the Ponemon Institute, and compromised credentials are the biggest reason why. Continue Reading

The importance of security, data encryption for cloud

As more companies migrate to the cloud, they need to also invest in cybersecurity for their cloud computing, such as through better encryption and authentication tools. Continue Reading

IDS/IPS quiz: Intrusion detection and prevention systems

Want a baseline of your intrusion detection and prevention system knowledge? Test your insights with this IDS/IPS quiz. Continue Reading