Cloud Computing Security Standards
-
News
28 Sep 2020
Ivanti makes double acquisition of MobileIron, Pulse Secure
Ivanti will acquire all outstanding shares of MobileIron stock for approximately $872 million. The financial terms of Pulse Secure's acquisition were not disclosed. Continue Reading
-
Guest Post
28 Sep 2020
Cybersecurity testing essentials for mergers and acquisitions
Before moving forward with an M&A, conduct some cybersecurity testing to ensure your company knows how the acquired company protects data, employees and customers. Continue Reading
-
News
28 Sep 2020
IBM: Ransomware attacks surged in Q2, ransom demands rising
IBM Security examined several concerning ransomware for this year, as well as an exponential increase in ransom demands and massive spike in attacks during the spring. Continue Reading
-
Tip
28 Sep 2020
Critical IIoT security risks cloud IoT's expansion into industry
The convergence of IoT with industrial processes increases productivity, improves communications and makes real-time data readily available. But serious IIoT security risks must be considered as well. Continue Reading
-
Tip
24 Sep 2020
Prevent cloud account hijacking with 3 key strategies
The ability to identify the various methods of cloud account hijacking is key to prevention. Explore three ways to limit potential consequences of cloud credential compromise. Continue Reading
-
News
24 Sep 2020
Microsoft detects Netlogon vulnerability exploitation in the wild
While Microsoft released a patch last month for the Netlogon flaw, the company said it detected threat actors using exploits for the critical vulnerability. Continue Reading
-
News
24 Sep 2020
Shopify discloses data breach caused by insider threats
Canadian e-commerce company Shopify disclosed a data breach involving two insider threats, but questions remain about the breach and how it was discovered. Continue Reading
-
Tip
24 Sep 2020
Cybersecurity team structure stronger with 3 new roles
Having the right cybersecurity team in place can help reduce how long it takes to control threats. Consider adding cloud security, third-party risk and digital ethics specialists. Continue Reading
-
Tip
23 Sep 2020
7 SOC automation use cases to augment security operations
Implementing SOC automation can have far-reaching benefits for an organization's infosec program and security culture. Learn how by exploring these seven use cases of AI in SOCs. Continue Reading
-
News
23 Sep 2020
FBI: Disinformation attacks on election results 'likely'
Foreign threat actors and cybercriminals are "likely" to spread disinformation around 2020 election results through social media and also alter election-related websites. Continue Reading
-
Tip
23 Sep 2020
5 key enterprise SOC team roles and responsibilities
Review the key players in the 2020 SOC and their specific responsibilities, as well as best practices to ensure effective teamwork for a secure organization. Continue Reading
-
News
23 Sep 2020
ConnectWise launches bug bounty program to boost security
ConnectWise, which provides remote management software to MSPs, partnered with HackerOne in its first bug bounty program, which is part of a larger strategy to improve security. Continue Reading
-
Tip
22 Sep 2020
Format-preserving encryption use cases, benefits, alternative
With format-preserving encryption, a ciphertext's format is the same as its plaintext's. Read up on the benefits of this cryptography method, NIST FPE methods, vendors and more. Continue Reading
-
Feature
22 Sep 2020
Inclusive job descriptions key for infosec hiring
When seeking candidates for infosec job roles, it helps to think outside the box. Inclusive job descriptions and cutting back on unnecessary requirements are good places to start. Continue Reading
-
News
21 Sep 2020
Cyber attacks on schools increasing amid remote learning shift
The pandemic forced schools to make a quick transition to remote learning with little resources and weak security postures, and threat actors have increased their attacks. Continue Reading
-
Tip
18 Sep 2020
Top 4 firewall-as-a-service security features and benefits
Firewall-as-a-service offerings implement security policies across consolidated traffic headed to all locations. Learn about four security features and benefits of FWaaS. Continue Reading
-
Feature
18 Sep 2020
Security for SaaS applications starts with collaboration
Following established best practices helps enterprises facilitate collaboration and communication through SaaS applications while simultaneously ensuing secure SaaS use. Continue Reading
-
News
17 Sep 2020
Gartner: Paying after ransomware attacks carries big risks
The average cost of a ransomware payment in Q1 2020 was $178,254, according to a session at Gartner's Security & Risk Management Summit -- and that doesn't include downtime cost. Continue Reading
-
News
17 Sep 2020
Maze ransomware gang uses VMs to evade detection
A Sophos investigation into a Maze ransomware attack revealed that threat actors borrowed an attack technique pioneered by Ragnar Locker operators earlier this year. Continue Reading
-
News
16 Sep 2020
Gartner: Securing remote workforce a top priority
In a COVID-19 pandemic world with new security threats and risks emerging, Gartner analysts discussed the urgency of securing access and devices for remote employees. Continue Reading
-
Feature
16 Sep 2020
An inside look at the CCSP cloud security cert
Get insights into the Certified Cloud Security Professional cert, cloud infrastructure and platform benefits and risks, and more from the author of a CCSP exam guide. Continue Reading
-
Quiz
16 Sep 2020
Test your cloud security smarts with these CCSP exam questions
Read up on cloud-based BCDR in this excerpt from Chapter 4 of 'CCSP Certified Cloud Security Professional All-in-One Guide,' then quiz yourself to see what you've learned. Continue Reading
-
Quiz
15 Sep 2020
Cloud computing security technology quiz
As companies migrate to the cloud to improve accessibility and scalability, there are many aspects of security to consider. Test your cloud security knowledge with this quiz. Continue Reading
-
News
15 Sep 2020
Gartner: Privileged access management a must in 2020
Gartner's 2020 Security & Risk Management Summit focused on the importance of privileged access management to cybersecurity as threat actors increasingly target admin credentials. Continue Reading
-
Guest Post
15 Sep 2020
How to protect companies from business email compromise
Research shows that business email compromise attacks continue to proliferate as threat actors continue to see success. Here are a few ways to protect your company. Continue Reading
-
Tip
15 Sep 2020
3 steps to secure codebase updates, prevent vulnerabilities
Codebase updates are critical, but what about when they introduce vulnerabilities? These three steps will help app developers secure codebase updates and keep their apps safe. Continue Reading
-
Tip
10 Sep 2020
Combination of new, old tech driving remote access security
The massive shift to home-based workforces left IT vulnerable to unexpected threats, but organizations are combining old and new strategies to maintain remote access security. Continue Reading
-
Tip
10 Sep 2020
How cloud security posture management protects multi-cloud
Improve control plane security at your organization by integrating a cloud security posture management tool into your existing multi-cloud strategy. Continue Reading
-
News
10 Sep 2020
Disinformation, mail-in ballots top election security concerns
While there have been no major cyberattacks this election season, threat actors are waging disinformation campaigns around hot-button issues like mail-in ballots. Continue Reading
-
Answer
10 Sep 2020
Manage unsuccessful login attempts with account lockout policy
Learn how to create account lockout policies that detail how many unsuccessful login attempts are allowed before a password lockout in order to prevent credential-based attacks. Continue Reading
-
Guest Post
09 Sep 2020
Best practices for ethically teaching cybersecurity skills
Jonathan Meyers has recommendations that teachers and students can use to enhance their teaching and learning of cybersecurity skills to remain relevant in this fast-paced industry. Continue Reading
-
News
09 Sep 2020
Intel patches critical flaw in Active Management Technology
Intel's Patch Tuesday featured four security advisories, including a critical flaw in Active Management Technology that could allow an attacker privilege escalation. Continue Reading
-
News
03 Sep 2020
CISA issues vulnerability disclosure order for federal agencies
The U.S. Cybersecurity and Infrastructure Security Agency gives a directive for federal agencies to establish vulnerability disclosure policies in the next 180 calendar days. Continue Reading
-
News
02 Sep 2020
CISA and FBI say there have been no hacks on voter databases
After a false Russian news report circulated on the internet, CISA and the FBI released a joint statement that denied any hacks to election security. Continue Reading
-
News
01 Sep 2020
Big ransomware attacks overshadowing other alarming trends
Large ransomware attacks on major enterprises have dominated the news, but security experts say there are other alarming trends. Continue Reading
-
News
31 Aug 2020
Cisco issues alert for zero-day vulnerability under attack
Cisco discovered attempted exploitation of a high-severity vulnerability found in the IOS XR software used in some of its networking equipment. Continue Reading
-
News
31 Aug 2020
The Uber data breach cover-up: A timeline of events
The criminal charges against former Uber CSO Joe Sullivan were the latest development in the ongoing scandal over the ride-sharing company's concealment of a 2016 data breach. Continue Reading
-
Feature
31 Aug 2020
Inclusivity a crucial step beyond diversity in cybersecurity
Spurred on by the social justice movement around the world, cybersecurity experts want to see a move beyond diversity efforts to ensure inclusivity in organizations as well. Continue Reading
-
Answer
28 Aug 2020
Site-to-site VPN security benefits and potential risks
Not every enterprise needs the functionality of a standard VPN client. A site-to-site VPN may be a better choice for some companies, but it's not without risk. Continue Reading
-
News
27 Aug 2020
North Korea's 'BeagleBoyz' target banks with ATM cash-out attacks
The U.S. Government issued a joint alert for an ATM cash-out scheme run by a newly identified North Korean nation-state hacking group known as 'BeagleBoyz.' Continue Reading
-
News
27 Aug 2020
Maze ransomware 'cartel' expands with new members
Two more ransomware groups have apparently joined the Maze 'cartel' in an effort to expose victims' data on leak sites and shame them into paying expensive ransoms. Continue Reading
-
Video
26 Aug 2020
AI security concerns keeping infosec leaders up at night
Conversations about 'AI as a solution' may overlook potentially grave AI security issues. Explore the potential infosec implications of the emerging technology in this video. Continue Reading
-
Tip
25 Aug 2020
Infrastructure as code's security risks and rewards
Infrastructure as code can yield some exciting security benefits for enterprises, but they each come with drawbacks. Learn more about the most critical IaC security impacts. Continue Reading
-
News
25 Aug 2020
'Meow' attacks top 25,000 exposed databases, services
One month after the notorious 'meow' attacks were first detected, the threat to misconfigured databases exposed on the internet shows little sign of slowing down. Continue Reading
-
News
24 Aug 2020
FBI and CISA issue vishing campaign warning
The FBI and CISA have issued a joint advisory related to a vishing campaign that began in mid-July, with numerous attacks that gained access to corporate VPN credentials. Continue Reading
-
Tip
24 Aug 2020
The 7 elements of an enterprise cybersecurity culture
An effective 'human firewall' can prevent or mitigate many of the threats enterprises face today. Adopt these seven elements of a culture of cybersecurity to defend against risks. Continue Reading
-
News
21 Aug 2020
Claroty: 70% of ICS vulnerabilities are remotely exploitable
Out of 365 ICS vulnerabilities that were disclosed by the National Vulnerability Database in the first half of 2020, Claroty found more than 70% can be remotely exploited. Continue Reading
-
News
21 Aug 2020
Former Uber CSO charged over 'hush money' payment to hackers
Joe Sullivan, who was fired by Uber in 2017, was charged by federal prosecutors for allegedly covering up a massive 2016 data breach at the ride-sharing company. Continue Reading
-
Feature
21 Aug 2020
Cybersecurity new normal needs change in process, CISOs say
As CISOs face an increasingly remote workforce, they need to confront past security mistakes, while adjusting to cybersecurity's new normal. Continue Reading
-
Quiz
20 Aug 2020
CISSP practice exam questions and answers
Test your knowledge and preparedness for the CISSP exam with 16 questions taken directly from the latest 'CISSP All-in-One Exam Guide' from McGraw Hill. Continue Reading
-
News
18 Aug 2020
Apache Struts vulnerabilities allow remote code execution, DoS
The Apache Software Foundation issued security advisories last week for two Apache Struts vulnerabilities that were originally patched but not fully disclosed last fall. Continue Reading
-
Feature
18 Aug 2020
'Secure by Design' principles include failures, exceptions
Using design principles with built-in security, along with properly defining exceptions, can help developers not only build safe code, but do so while meeting deadlines. Continue Reading
-
Feature
18 Aug 2020
Exception handling best practices call for secure code design
Making software secure by design requires tremendous consideration about how failures are handled. Learn more from these exception handling examples. Continue Reading
-
Tip
18 Aug 2020
10 RDP security best practices to prevent cyberattacks
Securing remote connections is critical, especially in a pandemic. Enact these RDP security best practices at your organization to prevent ransomware, brute-force attacks and more. Continue Reading
-
Feature
17 Aug 2020
Hands-on guide to S3 bucket penetration testing
Attention AWS pen testers: The trick to understanding the indicators of AWS S3 bucket vulnerabilities is setting up an insecure bucket. Learn how in this actionable guide. Continue Reading
-
News
17 Aug 2020
Email enigma: Why is Canada hit with so many phishing attacks?
Canada has become an increasingly popular target for phishing attacks, according to several security vendors, but the reasons for the increase remain a mystery. Continue Reading
-
Feature
17 Aug 2020
How to handle Amazon S3 bucket pen testing complexity
Security researcher Benjamin Caudill shares details from his book, 'Hands-On AWS Penetration Testing with Kali Linux,' and advice on Amazon S3 bucket pen testing for ethical hackers. Continue Reading
-
Podcast
14 Aug 2020
Risk & Repeat: Black Hat 2020 highlights
This week's Risk & Repeat podcast recaps Black Hat USA 2020 and discusses some of the best sessions, worst vulnerabilities and the overall virtual conference experience. Continue Reading
-
Guest Post
13 Aug 2020
How security champions can help, despite working remotely
By effectively using collaboration tools, security champions can still spread a company's security message even as most offices stay closed and employees work remotely. Continue Reading
-
News
12 Aug 2020
Kaspersky reveals 2 Windows zero-days from failed attack
Kaspersky prevented an attack against a South Korean company back in May that used two zero-day vulnerabilities. One, arguably the more dangerous, focused on Internet Explorer. Continue Reading
-
Guest Post
12 Aug 2020
What cybersecurity teams can learn from COVID-19
Nabil Hannan examines key similarities between medical and computer viruses that cybersecurity teams can use to keep businesses protected effectively. Continue Reading
-
News
11 Aug 2020
Healthcare CISO offers alternatives to 'snake oil' companies
Indiana University Health CISO Mitchell Parker discussed internal risk assessments, security snake oil salesmen and more at his Black Hat USA 2020 talk. Continue Reading
-
Feature
11 Aug 2020
Security team analyzes data breach costs for better metrics
Security researchers discuss their findings on misleading and incorrect data breach cost metrics and share how breach reporting and information sharing can help all organizations. Continue Reading
-
News
10 Aug 2020
Games, not shame: Why security awareness training needs a makeover
Elevate Security co-founder Masha Sedova spoke at Black Hat USA 2020 about why traditional security awareness training is ineffective and fails to change risky behavior. Continue Reading
-
News
07 Aug 2020
10 years after Stuxnet, new zero-days discovered
A decade after Stuxnet, SafeBreach Labs researchers discovered new zero-day vulnerabilities connected to the threat, which they unveiled at Black Hat USA 2020. Continue Reading
-
News
07 Aug 2020
Not just politics: Disinformation campaigns hit enterprises, too
In her Black Hat USA 2020 keynote, Renée DiResta of the Stanford Internet Observatory explains how nation-state hackers have launched 'reputational attacks' against enterprises. Continue Reading
-
News
06 Aug 2020
Voting vendor ES&S unveils vulnerability disclosure program
Election Systems & Software, the biggest vendor of U.S. voting equipment, will allow the security researcher community to test its elections equipment for vulnerabilities. Continue Reading
-
News
06 Aug 2020
CISA chief: Ransomware could threaten election security
During a Black Hat USA 2020 session, CISA Chief Christopher Krebs said ransomware attacks on city, state and local governments are a major concern for election security. Continue Reading
-
News
06 Aug 2020
Ripple20 vulnerabilities still plaguing IoT devices
Months after Ripple20 vulnerabilities were reported, things haven't gotten much better, say experts at Black Hat USA 2020. In fact, the world may never be fully rid of the flaws. Continue Reading
-
News
05 Aug 2020
Matt Blaze warns of election security challenges amid COVID-19
In his Black Hat USA 2020 keynote, security researcher Matt Blaze discussed the challenges facing U.S. elections this year and what must be done to solve them. Continue Reading
-
Answer
05 Aug 2020
How to send secure email attachments
Sending sensitive information in attachments is inherently unsafe, and the main way to secure them -- encryption -- can be implemented inconsistently, negating security benefits. Continue Reading
-
News
04 Aug 2020
Twitter breach raises concerns over phone phishing
The alleged mastermind behind the Twitter breach has been arrested, and the method of social engineering attack has also been revealed: phone phishing, or vishing. Continue Reading
-
Podcast
04 Aug 2020
Risk & Repeat: Sophos warns of evolving ransomware threats
Dan Schiappa and Chester Wisniewski of Sophos join the Risk & Repeat podcast to discuss how ransomware groups are evolving and embracing innovative evasion techniques. Continue Reading
-
Quiz
03 Aug 2020
Test your cybersecurity knowledge with this quick ISM quiz
Read our August 2020 e-zine, and then take this short quiz to test your knowledge of cybersecurity awareness training and other issues -- from types of CISOs to talent recruitment. Continue Reading
-
Tip
03 Aug 2020
How to start an enterprise bug bounty program and why
Incentivizing researchers for finding software vulnerabilities can be advantageous for vendors and participants. Here's what to know before starting a bug bounty program. Continue Reading
-
Tip
03 Aug 2020
How to shift from DevOps to DevSecOps
A successful DevSecOps rollout requires software developers to be equipped with the proper security skills and tools. Learn how to transition smoothly from DevOps to DevSecOps. Continue Reading
-
Feature
03 Aug 2020
Which type of CISO are you? Company fit matters
Incompatibility between CISOs and their companies can lead to stress, frustration, burnout and rapid turnover. Identify your CISO style to target the ideal role and environment for you. Continue Reading
-
Opinion
03 Aug 2020
The case for cybersecurity by design in application software
Security must be part of IT from the start and then continue through the entire product lifecycle -- design, build, release and maintenance. Consumers now demand it. Continue Reading
-
Feature
03 Aug 2020
10 tips for cybersecurity awareness programs in uncertain times
Explore the winning tactics and tools CISOs and other cybersecurity leaders are employing in their programs to raise employee security awareness -- and consider how they might work for you. Continue Reading
-
Opinion
03 Aug 2020
Importance of cybersecurity awareness never greater
Security awareness is more essential than ever, but in a world of increasingly sophisticated threats, making it a reality requires more than set-it-and-forget-it training. Continue Reading
-
Opinion
03 Aug 2020
Develop internal cybersecurity talent to build your dream team
Cybersecurity duties have changed, with cloud and coding being essential knowledge now. But CISOs can still build their dream cybersecurity team through internal talent development. Continue Reading
-
Tip
03 Aug 2020
The pros and cons of biometric authentication
Hoping for a passwordless future? Multifactor authentication using biometrics may be the answer. Consider the pros, cons and implications of biometric authentication before deploying. Continue Reading
-
Feature
03 Aug 2020
Security pros explain how to prevent cyber attacks
Even during pandemics, hackers use malware such as ransomware and phishing to exploit an organization's vulnerabilities. IT security pros discuss how they prevent cyber attacks. Continue Reading
-
Infographic
03 Aug 2020
7 security awareness statistics to keep you up at night
As if protecting corporate systems and data wasn't hard enough, beware of another potential foe: those well-meaning but woefully uninformed staff members. Continue Reading
- E-Zine 03 Aug 2020
- 03 Aug 2020
- 03 Aug 2020
- 03 Aug 2020
- 03 Aug 2020
-
Tip
31 Jul 2020
How to mitigate an HTTP request smuggling vulnerability
Exploiting an HTTP request smuggling vulnerability can result in the inadvertent execution of unauthorized HTTP requests. Learn how to defend web environments from this attack. Continue Reading
-
Feature
31 Jul 2020
Security issues with working remotely (and how to fix them)
With companies continuing work from home for the foreseeable future, Rohit Dhamankar offers home security advice to help security teams and employees address security issues with working remotely. Continue Reading
-
Tip
31 Jul 2020
6 persistent enterprise authentication security issues
Some authentication factors are considered more secure than others but still come with potential drawbacks. Learn about the most common enterprise authentication security issues. Continue Reading
-
Feature
30 Jul 2020
How CISOs can deal with cybersecurity stress and burnout
Being a paramedic and working in cybersecurity taught CISO Rich Mogull how to avoid stress and burnout. Check out his advice to maintain mental health in high-stress roles. Continue Reading
-
News
30 Jul 2020
'Meow' attacks continue, thousands of databases deleted
More than one week later, the mysterious attacks on insecure databases on ElasticSearch, MongoDB and others have not only persisted but grown, with no explanation. Continue Reading
-
Tip
29 Jul 2020
As network security analysis proves invaluable, NDR market shifts
IT infrastructure threat detection and response have emerged as critical elements of enterprise cybersecurity as network security analysis proves invaluable to protecting data. Continue Reading
-
News
29 Jul 2020
'BootHole' bug puts most Linux, Windows systems in jeopardy
Hardware security vendor Eclypsium discovered a bootloader vulnerability that bypasses Secure Boot protection and affects a majority of modern Linux and Windows systems. Continue Reading
-
Quiz
29 Jul 2020
Cloud security quiz: Application security best practices
Think you know all there is to know about securing apps in the cloud? Test your grasp of cloud application security best practices with this quiz. Continue Reading
-
News
29 Jul 2020
IBM: Compromised credentials led to higher data breach costs
The average total cost of a data breach is $3.86 million, according to new research from IBM and the Ponemon Institute, and compromised credentials are the biggest reason why. Continue Reading
-
Feature
28 Jul 2020
The importance of security, data encryption for cloud
As more companies migrate to the cloud, they need to also invest in cybersecurity for their cloud computing, such as through better encryption and authentication tools. Continue Reading
-
Quiz
28 Jul 2020
IDS/IPS quiz: Intrusion detection and prevention systems
Want a baseline of your intrusion detection and prevention system knowledge? Test your insights with this IDS/IPS quiz. Continue Reading