Cloud Computing Security Standards
-
Answer
26 Sep 2019
Penetration testing vs. red team: What's the difference?
Is penetration testing the same as red team engagement? There are similarities, but they're not the same. Understand the differences to improve your organization's cyberdefenses. Continue Reading
-
Answer
26 Sep 2019
When should I use breach and attack simulation tools?
Thanks to automation and other features, breach and attack simulation tools are an effective way to help network administrators keep their operations secure. Continue Reading
-
News
25 Sep 2019
Trump pushes debunked DNC hack conspiracy in call with Ukraine
In a call with the Ukrainian president that is now the focus of an impeachment inquiry, President Trump discussed CrowdStrike and asked for help with finding a 'server.' Continue Reading
-
Answer
25 Sep 2019
Do network layer and application layer DDoS attacks differ?
Network layer and application layer DDoS attacks are significant threats. Learn about the differences between them and what you can do to reduce their effects. Continue Reading
-
Tip
25 Sep 2019
Build an agile cybersecurity program with Scrum
Scrum's core principles translate well into an agile cybersecurity program setting. Learn how this framework bolsters communication and collaboration within infosec teams. Continue Reading
-
Feature
25 Sep 2019
How to use SOAR tools to simplify enterprise infosec programs
SOAR tools are designed to deliver convenience and simplicity to cybersecurity programs. Explore the many benefits security orchestration and automation promises users. Continue Reading
-
News
24 Sep 2019
Cloudflare battles malicious bots with 'fight mode'
Cloudflare takes its first steps in keeping malicious bots from attacking customers by using complex challenges to waste a bot's CPU resources in an attempt to disincentivize more bots. Continue Reading
-
Feature
24 Sep 2019
Using DNS RPZ to pump up cybersecurity awareness
Combining DNS with threat intelligence feeds could hold a key to improving cybersecurity awareness by educating users who attempt to access potentially malicious websites. Continue Reading
-
Opinion
24 Sep 2019
When will we finally ditch passwords? Here’s Microsoft’s 4-step plan
Let’s be honest, passwords suck, and vendors are working to eliminate or reduce our reliance on them—what is Microsoft’s roadmap? Continue Reading
-
Tip
23 Sep 2019
How software-defined perimeter authentication ups security
Find out how the emerging software-defined perimeter model increases security by its design and how it can serve as a building block to zero-trust security. Continue Reading
-
Tip
23 Sep 2019
How to shore up your third-party risk management program
A third-party risk management program has to go beyond questionnaires and poorly designed policies. Learn what you should do to protect yourself against vendor security flaws and core risks. Continue Reading
-
News
20 Sep 2019
Broken WannaCry variants continuing to spread
Researchers are still seeing surprisingly high WannaCry detection rates and they worry this points to high risks because systems still aren't being patched against threats. Continue Reading
-
News
20 Sep 2019
Sinkholed Magecart domains resurrected for advertising schemes
Security vendor RiskIQ discovered several old Magecart domains that had been sinkholed were re-registered under new owners and are now engaged in fraudulent advertising activity. Continue Reading
-
Tip
20 Sep 2019
Create a manageable, secure IT/OT convergence strategy in 3 steps
An effective IT/OT strategy requires at least three things: an evangelist, an infrastructure reference architecture and a plan to sanely divide operations between IT and OT. Continue Reading
-
Tip
20 Sep 2019
Tips and tricks to integrate IT and OT teams securely
IT and operational teams can work in tandem to support IoT projects, but their separate roles and responsibilities to one another must be clearly defined. Continue Reading
-
Tip
20 Sep 2019
What's the role of people in IT/OT security?
To enable a smoother, more secure IT/OT convergence, get wise to the potential conflicts between IT and OT historical priorities and traditional work cultures. Continue Reading
-
Tip
19 Sep 2019
How to encrypt and secure a website using HTTPS
The web is moving to HTTPS. Find out how to encrypt websites using HTTPS to stop eavesdroppers from snooping around sensitive and restricted web data. Continue Reading
-
Tip
19 Sep 2019
Cybersecurity frameworks hold key to solid security strategy
Cybersecurity frameworks take work, but they help organizations clarify their security strategies. If you don't have one, here's what to consider, even for emerging perimeterless security options. Continue Reading
-
News
18 Sep 2019
Global cryptomining attacks use NSA exploits to earn Monero
Security researchers tracked a very active threat group launching cryptomining attacks around the world against organizations in banking, IT services, healthcare and more. Continue Reading
-
Feature
18 Sep 2019
New evasive spear phishing attacks bypass email security measures
Researchers identified a new email security threat: evasive spear phishing attacks, which take months of investigation and social engineering to coordinate. Continue Reading
-
Tip
17 Sep 2019
RPA security best practices include access control, system integration
Robotic process automation can revolutionize enterprise workflows, but if RPA security risks aren't controlled, bots could end up doing more harm than good. Continue Reading
-
News
17 Sep 2019
Researcher finds digital certificate fraud used to spread malware
A new certificate fraud scheme involves a threat actor impersonating company execs to purchase certs which are then resold to those looking to spread malware. Continue Reading
-
Opinion
17 Sep 2019
A look at ID proofing: bootstrapping a digital ID using a mobile device and physical ID
For the moment, it’s more for B2C than for employees, but it’s poised to keep spreading. Continue Reading
-
News
16 Sep 2019
DerbyCon attendees and co-founder reflect on the end
DerbyCon attendees and co-founder Dave Kennedy reflect on the legacy and future of the conference following its final event, which took place in Louisville, Ky. Continue Reading
-
Answer
16 Sep 2019
What's the purpose of CAPTCHA technology and how does it work?
Learn about the purpose of CAPTCHA challenges that enable websites to differentiate bots from authentic users to stop spammers from hijacking forums and blog comment sections. Continue Reading
-
Quiz
16 Sep 2019
Test your infosec smarts about IAM and other key subjects
Solidify your knowledge and get CPE credits by taking this quiz on IAM, security frameworks, IoT third-party risks and more. Continue Reading
-
News
12 Sep 2019
DerbyCon panel discusses IT mistakes that need to stop
Common security risks can be mitigated or prevented, according to a panel at DerbyCon. But users need to feel empowered to speak up, and education needs to be better. Continue Reading
-
Tip
12 Sep 2019
What it takes to be a DevSecOps engineer
To address security early in the application development process, DevSecOps requires a litany of skills and technology literacy. Learn what it takes to be a DevSecOps engineer. Continue Reading
-
News
11 Sep 2019
FBI says $26B lost to business email compromise over last 3 years
On the same day that 281 suspects were arrested in business email compromise stings, the FBI said worldwide losses from BEC attacks reached $26 billion over the last three years. Continue Reading
-
News
10 Sep 2019
DerbyCon session tackles cyber attribution, false flag attacks
One expert showed the crowd at DerbyCon that proper attribution of a cyberattack requires multiple indicators in order to avoid being fooled by a false flag attempt. Continue Reading
-
Feature
10 Sep 2019
Designing IoT security: Experts warn against cutting corners
Security, though costly, is essential for IoT devices; a single breach can destroy a company's reputation. IoT security by design can avoid devastating incidents. Continue Reading
-
News
10 Sep 2019
Gigamon launches platform to improve application visibility
Application Metadata Intelligence identifies network performance, application performance, operational technology communications and security and threat detection. Continue Reading
-
Tip
06 Sep 2019
How to build and maintain a multi-cloud security strategy
When using multiple cloud service providers, it's critical to consider your enterprise's cloud scope and the specifics of each cloud service to maintain security. Continue Reading
-
News
06 Sep 2019
Trustwave security platform provides visibility, control
Trustwave Fusion is a cloud-based cybersecurity platform designed with the goal of giving users better insight into how security resources are provided and monitored. Continue Reading
-
News
05 Sep 2019
Insecure Android provisioning could lead to phishing attacks
Researchers say many -- if not most -- Android smartphones are at risk of SMS-based phishing attacks that trick users into installing malicious OTA provisioning settings. Continue Reading
-
News
05 Sep 2019
Chronicle: Crimeware group takedowns 'increasingly ineffectual'
Law enforcement takedowns of cybercrime operations may not be producing the desired results, according to an extensive, five-year study from Alphabet Inc.'s Chronicle. Continue Reading
-
Feature
05 Sep 2019
How does AttackSurfaceMapper help with attack surface mapping?
A new open source pen testing tool expedites attack surface mapping -- one of the most important aspects of any penetration testing engagement. Continue Reading
-
Tip
05 Sep 2019
Why CASB tools are crucial to your cloud security
CASB tools have gained traction as cloud security becomes more important. Among other features, a cloud security access broker helps companies pinpoint shadow IT. Continue Reading
-
News
05 Sep 2019
Hackers earn nearly $2M in HackerOne's hacking event
One hundred hackers and 75 hackers in training gathered in Las Vegas for HackerOne's hacking event to find security flaws in organizations, including Verizon Media and GitHub. Continue Reading
-
News
05 Sep 2019
Awake Security adds adversarial model to security platform
The new feature is meant to enable companies to identify attackers faster. Other updates to the security system include extending cloud capabilities to Amazon Web Services. Continue Reading
-
Tip
04 Sep 2019
IoT security risks persist; here's what to do about them
Nontech manufacturers building IoT devices combined with resource constraints is a recipe for disaster. It's the reality of IoT security issues, and the problem isn't going away. Continue Reading
-
News
04 Sep 2019
USBAnywhere vulnerabilities put Supermicro servers at risk
Security researchers discovered BMC vulnerabilities -- dubbed USBAnywhere -- in Supermicro servers that could put systems at risk of remote attacks via virtualized USB drives. Continue Reading
-
Feature
29 Aug 2019
Varied options to solving the cybersecurity skills shortage
There are no easy answers for the cybersecurity skills shortage facing the industry, other than working harder to diversify and expand the workforce, according to ESG's Jon Oltsik. Continue Reading
-
Feature
29 Aug 2019
Browse the best email security products for your enterprise
Finding the best email security product is vital to protect companies from cyberattacks. Here's a look at the current market leaders. Continue Reading
-
News
29 Aug 2019
Suspect in Capital One breach indicted for additional intrusions
The alleged Capital One hacker, Paige Thompson, was charged with additional counts of fraud and abuse for stealing data from more than 30 other organizations. Continue Reading
-
Tip
29 Aug 2019
How to navigate the often challenging CISO career path
There's no clear-cut path to becoming a CISO. However, the right security certifications, an ever-questioning attitude and a strong network of CISO peers can help prepare you for the journey. Continue Reading
-
Feature
28 Aug 2019
VMware's internal Service-defined Firewall reimagines firewalling
VMware's internal firewall uses a global view of known-good behavior at the network and host level to minimize the attack surface for on-premises and cloud environments. Continue Reading
-
News
28 Aug 2019
Imperva security incident exposes cloud WAF customer data
Imperva told its cloud WAF customers to change passwords and SSL certificates after a security incident exposed data and potentially put customers at risk for further attacks. Continue Reading
-
News
28 Aug 2019
Breaking into cybersecurity careers through nontraditional paths
Some DEF CON attendees discussed their nontraditional paths into cybersecurity and how networking and being eager to learn can bridge the gap between experience and job requirements. Continue Reading
-
Tip
27 Aug 2019
Complexity requires new cloud-based patch management strategies
Patch management for cloud creates new challenges than traditional in-house programs. Expert Dave Shackleford presents patch management best practices for providers and consumers alike. Continue Reading
-
News
26 Aug 2019
Puppet launches its first vulnerability remediation product
Puppet Remediate is a vulnerability remediation product that shares data between security and IT ops, provides risk-based prioritization and offers agentless remediation. Continue Reading
-
News
23 Aug 2019
Carbon Black acquisition bolsters VMware's security play
VMware announced an agreement to acquire endpoint security vendor Carbon Black in an effort to boost its cloud security offerings; the all-cash deal is valued at $2.1 billion. Continue Reading
-
Opinion
23 Aug 2019
Securing IoT involves developers, manufacturers and end users alike
Who's to blame for the IoT security problem: manufacturers creating devices, end user deploying them or governments not creating legislation enforcing security measures? Continue Reading
-
News
23 Aug 2019
DARPA unveils first SSITH prototype to mitigate hardware flaws
DARPA is still in the early prototype stages of its SSITH program, but the aim is to develop an open source chip able to block hardware attacks and reduce the need for software patches. Continue Reading
-
Answer
23 Aug 2019
What's the best way to prevent XSS attacks?
To prevent cross-site scripting attacks, software developers must validate user input and encode output. Review characters to filter out, as well as sources and sinks to avoid. Continue Reading
-
Answer
21 Aug 2019
The difference between zero-day vulnerability and zero-day exploit
A zero-day vulnerability isn't the same as a zero-day exploit. Learn the difference between these two zero-day terms, as well as why they should be high priority on any CISO's patching list. Continue Reading
-
News
21 Aug 2019
Texas ransomware attack hits 22 municipalities, demands $2.5M
Ransomware attacks hit 22 municipalities around Texas, most of which appear to be smaller local governments, but the details surrounding the attacks are still unclear. Continue Reading
-
News
20 Aug 2019
KNOB attack puts all Bluetooth devices at risk
Security researchers discovered a way to force Bluetooth devices to use easy-to-crack encryption keys, which could lead to man-in-the-middle attacks and information leaks. Continue Reading
-
Tip
20 Aug 2019
Network traffic analysis tools secure a new, crucial role
Gartner just produced its first-ever guide to network traffic analytics security tools. Learn how the analysis of network traffic is broadening to include network security. Continue Reading
-
Answer
20 Aug 2019
Why is patch management important?
Borderless networks present new challenges for security pros. Andrew Froehlich explains how this trend makes patch management even more important. Continue Reading
-
Tip
20 Aug 2019
CISO challenges include building credibility within the business
No matter what comes at them in terms of cybersecurity issues, the main CISO challenge comes down to building credibility as a trustworthy person. Continue Reading
-
Opinion
20 Aug 2019
How does Menlo Security’s remote browser compare in an ever more crowded space?
There are now many remote browser isolation options available, from both desktop virtualization vendors and security vendors. Menlo just got a $75 million round of funding—so, how does it compare? Continue Reading
-
News
19 Aug 2019
2020 election security to face same vulnerabilities as in 2016
Confidence in the security of the 2020 election spanned the gamut, depending on who you asked at DEF CON's Voting Village, with local officials more optimistic than technologists. Continue Reading
-
Tip
19 Aug 2019
How to conduct proper AWS vulnerability scanning in 3 steps
Cloud vulnerability management can be complicated. Learn how to perform AWS vulnerability scans under the shared responsibility model. Continue Reading
-
Answer
19 Aug 2019
How to build an enterprise penetration testing plan
Simulating an attack against your network is one of the best ways to remediate security holes before the bad guys find them. Here, learn penetration testing basics and how it can help keep your enterprise safe. Continue Reading
-
Tip
16 Aug 2019
DevOps security checklist requires proper integration
There are a lot of moving parts to adding security into a DevOps environment. Using application testing DevOps security tools are key to the equation. Continue Reading
-
Feature
16 Aug 2019
How to identify and evaluate cybersecurity frameworks
Not all frameworks for cybersecurity are equal. ESG's Jon Oltsik explains what attributes make a cybersecurity framework and how to go about choosing and using one. Continue Reading
-
Feature
15 Aug 2019
Research shows cloud security vulnerabilities grow
Recent research shows the number of cloud security incidents are growing. Here are the biggest contributors to the complicated cloud threat landscape facing modern enterprises. Continue Reading
-
News
14 Aug 2019
Microsoft discovers BlueKeep-like flaws in Remote Desktop Services
Microsoft disclosed four remote code execution flaws in Remote Desktop Services that are similar to BlueKeep, as well as other vulnerabilities in RDP. Continue Reading
-
Opinion
14 Aug 2019
IoT botnets reach new threshold in Q2 of 2019
Defending against the rising number and increasing sophistication of IoT botnet attacks isn't an easy task. Learn about the latest threats and the techniques to mitigate them. Continue Reading
-
Conference Coverage
14 Aug 2019
Latest news from the Black Hat 2019 conference
Learn the latest from this year's Black Hat conference, Aug. 3 to 8. Our team is in Las Vegas to report on what's new in information security risks, trends and defense tactics. Continue Reading
-
News
13 Aug 2019
Google wants Project Zero to be part of an open alliance
After five years of running Project Zero, Google wants to expand the scope to an open alliance of vulnerability researchers all working toward the same goal to 'make 0day hard.' Continue Reading
-
Tip
13 Aug 2019
Wireshark tutorial: How to use Wireshark to sniff network traffic
Learn how to use the Wireshark packet analyzer to monitor network traffic, as well as how to use the Wireshark packet sniffer for network traffic analysis and inspection. Continue Reading
-
News
12 Aug 2019
Why cyber insurance policies are so 'ridiculously cheap'
The cyber insurance market is growing rapidly and policies are incredibly inexpensive -- but experts at Black Hat 2019 had concerns about those low prices. Continue Reading
-
Feature
12 Aug 2019
Cybersecurity automation won't fix the skills gap alone
Joan Pepin, CISO and vice president of operations at Auth0, says cybersecurity automation makes her job possible, but it can't replace the human talent her industry badly needs. Continue Reading
-
News
12 Aug 2019
Black Hat 2019 brings out new security, protection offerings
The 22nd Black Hat conference in Las Vegas brought together a slew of vendors in network and data security with a variety of security offerings to pitch. Continue Reading
-
News
09 Aug 2019
Broadcom-Symantec deal troubles cybersecurity experts
Broadcom laid down a $10.7 billion bet in buying Symantec's enterprise security software. While some are optimistic, security experts predict another Intel-McAfee deal. Continue Reading
-
News
09 Aug 2019
ICS security threats rising, targeting oil and gas facilities
In its latest report on industrial control system threats, Dragos said it believes the first major 'destructive' ICS attack will likely occur at an oil and gas facility. Continue Reading
-
News
08 Aug 2019
Apple bug bounty expands to MacOS, offers $1 million iOS reward
Apple announced an expansion of its bug bounty program at Black Hat 2019, including rewards for MacOS vulnerabilities and a $1 million reward for a zero-click iOS exploit. Continue Reading
-
Feature
08 Aug 2019
CEO on collaboration tool security, insider threats, skills gap
Michael Coates, CEO and co-founder of cloud collaboration security platform Altitude Networks, speaks to industry trends and his transition from CISO to CEO. Continue Reading
-
Tip
08 Aug 2019
4 necessary steps to evaluate public cloud security
The Capital One hack raised questions about public cloud security. Take these four steps to ensure your data is protected. Continue Reading
-
News
08 Aug 2019
'Dupe' there it is: SAML authentication bypass threatens Microsoft
Micro Focus security researchers demonstrated a new technique, dubbed 'dupe key confusion,' which allows threat actors to bypass Microsoft's SAML token validation. Continue Reading
-
News
08 Aug 2019
Check Point finds RDP vulnerability jeopardizes Microsoft's Hyper-V
Check Point revealed research at Black Hat that showed a previously disclosed vulnerability in Microsoft's remote desktop protocol affects the company's virtualization platform. Continue Reading
-
News
07 Aug 2019
Black Hat 2019 keynote: Software teams must own security
In the keynote for Black Hat 2019, Square's Dino Dai Zovi emphasizes security as a collaborative effort by all software teams that relies on communication, automation and feedback. Continue Reading
-
News
06 Aug 2019
LogicHub introduces automation updates to its SOAR platform
Security vendor LogicHub introduced new features to its SOAR platform that intend to automate tedious threat detection and response processes and save security teams time. Continue Reading
-
News
05 Aug 2019
Capital One hack highlights SSRF concerns for AWS
Infosec pros warn of server-side request forgery vulnerabilities in AWS following the Capital One data breach, which may have revealed an issue regarding the AWS metadata service. Continue Reading
-
Tip
05 Aug 2019
How to start building a DevSecOps model
To help transition to a DevSecOps model to protect enterprises, security teams need to identify key stakeholders, provide examples of specific company security events and work toward creating crossover teams. Continue Reading
-
News
05 Aug 2019
BlackBerry Intelligent Security enables flexible security policy
BlackBerry launched a new unified endpoint management platform, BlackBerry Intelligent Security, which changes security policies by calculating user risk. Continue Reading
-
Feature
05 Aug 2019
5 email security appliance comparison criteria to consider
Identifying the best email security appliance on the market can be hard. This article discusses the criteria to consider when choosing one for your organization. Continue Reading
-
News
05 Aug 2019
New features added to Juniper Networks security platform
New features include containerized firewalls and the incorporation of SecIntel into MX Series routers as part of Juniper Networks' effort to provide security throughout a network. Continue Reading
-
Feature
02 Aug 2019
Why is third-party risk management essential to cybersecurity?
Attackers know third parties hold many of the keys to the enterprise network, so third-party risk management is crucial for security professionals. Continue Reading
-
Feature
02 Aug 2019
Lack of cybersecurity skills fuels workforce shortage
Cybersecurity researcher Bob Duhainy discusses the cybersecurity skills shortage and provides suggestions about how companies can close the gap to avoid future risk. Continue Reading
-
News
02 Aug 2019
Capital One breach suspect may have hit other companies
History from a Slack channel run by the Capital One data breach suspect points to data stolen from more organizations, but no evidence of other attacks has been found yet. Continue Reading
-
News
02 Aug 2019
CloudKnox Security adds privileged access features to platform
CloudKnox Security updated its Cloud Security Platform with features such as Privilege-on-Demand, Auto-Remediation for Machine Identities and Anomaly Detection. Continue Reading
-
Opinion
01 Aug 2019
The must-have skills for cybersecurity aren't what you think
The most critical skills that cybersecurity lacks -- like leadership buy-in, people skills and the ability to communicate -- are not the ones you hear about. That needs to change. Continue Reading
- 01 Aug 2019
-
Feature
01 Aug 2019
For board of directors, cybersecurity literacy is essential
For boards of directors to meet their business goals, CISOs need a seat at the table. Through her initiative BoardSuited, Joyce Brocaglia aims to pave the way. Continue Reading
- 01 Aug 2019
-
Feature
01 Aug 2019
Fitting cybersecurity frameworks into your security strategy
Whatever an organization's culture, effective use of a security framework requires understanding business goals and program metrics, and demands leadership communication. Continue Reading
- 01 Aug 2019