Data security and privacy

Secure data storage, data loss prevention and encryption are must-have components of any enterprise security strategy, especially as data threats and breaches become increasingly common. Get advice on these topics, along with the latest data security strategies, data backup and recovery info, and more.

Top Stories

News 01 Dec 2022
Mozilla, Microsoft drop Trustcor as root certificate authority

Mozilla and Microsoft removed support for TrustCor certificates after a Washington Post report revealed the company's ties to government contractors specializing in spyware. Continue Reading
News 01 Dec 2022
LastPass warns some customer data accessed in new breach

LastPass disclosed a new breach, related to the previously disclosed attack in August, that resulted in a threat actor obtaining access to some customer data. Continue Reading

News 30 Nov 2022

Lockbit 3.0 has BlackMatter ransomware code, wormable traits

LockBit 3.0 or 'LockBit Black' includes anti-debugging capabilities, the ability to delete Volume Shadow Copy files and the potential ability to self-spread via legitimate tools. Continue Reading
Podcast 30 Nov 2022

Risk & Repeat: Twitter, Elon Musk and security concerns

This podcast episode discusses Twitter's security concerns following Elon Musk's acquisition last month, as well as a possible data breach from 2021 that came to light recently. Continue Reading
News 28 Nov 2022

Infosec researcher reports possible 'massive' Twitter breach

The alleged Twitter breach involves a data set from late 2021 and includes the phone numbers and personal information of millions of users in the U.S. and Europe. Continue Reading
Tip 18 Nov 2022

Top metaverse cybersecurity challenges: How to address them

As the metaverse takes shape, companies must consider a slew of new cybersecurity challenges and how to deal with them. Continue Reading
Guest Post 17 Nov 2022

Do companies need cyber insurance?

As cyber insurance costs rise, companies must determine whether they truly need cyber insurance to tackle their increased risk of cyber attacks. Continue Reading
News 14 Nov 2022

Moreno Valley school system shores up ransomware defenses

Moreno Valley Unified School District officials discuss the steps they've taken to better protect sensitive data and critical applications against the growing threat of ransomware. Continue Reading
News 10 Nov 2022

TrustCor under fire over certificate authority concerns

TrustCor Systems, a certificate authority registered in Panama, is in hot water after a Washington Post report raised questions about its apparent connections to a spyware vendor. Continue Reading
Tip 10 Nov 2022

Common lateral movement techniques and how to prevent them

Lateral movement techniques enable attackers to dig deeper into compromised environments. Discover what lateral movement attacks are and four attack techniques. Continue Reading
Feature 08 Nov 2022

5 ways to overcome multifactor authentication vulnerabilities

Improve the resiliency of multifactor authentication by giving users more information, making default settings more secure, hiding secrets and more. Continue Reading
Feature 08 Nov 2022

How to build a shadow IT policy to reduce risks, with template

With a shadow IT policy in place, organizations reduce security risks from unapproved applications and services that employees introduce independently. Continue Reading
News 04 Nov 2022

Yanluowang ransomware gang goes dark after leaks

The Yanluowang ransomware operation appears to have shut down for the time being after an anonymous individual published a series of internal code and chat leaks. Continue Reading
News 03 Nov 2022

Ransomware on the rise, hitting schools and healthcare

October ransomware disclosures and public reports tracked by TechTarget Editorial increased from previous months, with notable attacks on education and healthcare organizations. Continue Reading
Podcast 28 Oct 2022

Risk & Repeat: Microsoft, SOCRadar spar over data leak

This podcast episode discusses threat intelligence vendor SOCRadar's disclosure of a large Microsoft data leak and the contentious exchange between the two companies that followed. Continue Reading
Opinion 27 Oct 2022

How Sheltered Harbor helps banks navigate cyber-recovery

Banks must be able to recover quickly from a cyber attack -- a difficult task, given the volume and sophistication of attacks. The not-for-profit Sheltered Harbor aims to help. Continue Reading
News 25 Oct 2022

Apple patches actively exploited zero-day iOS bug

The iOS zero-day was joined by a slew of other vulnerabilities in Apple's Oct. 24 security update. The iOS 16 update contained patches for 13 arbitrary code execution flaws. Continue Reading
News 21 Oct 2022

BlackByte ransomware using custom data exfiltration tool

Symantec researchers say BlackByte ransomware may be poised to move into the elite ransomware ranks, as the group has begun developing its own custom malware tools. Continue Reading
News 20 Oct 2022

Brazil arrests alleged Lapsus$ hacker

Federal police in Brazil arrested a person accused of being a key member of the Lapsus$ hacking group on charges related to the takedown of government websites. Continue Reading
News 20 Oct 2022

Microsoft confirms data leak caused by misconfiguration

Microsoft criticized SOCRadar's reporting of the data leak, saying the threat intelligence vendor "greatly exaggerated" its claim that 65,000-plus entities had data exposed. Continue Reading
Tip 19 Oct 2022

How to manage and reduce secret sprawl

Secret sprawl plagues companies, making them vulnerable to data breaches. Discover what causes secret sprawl and how to better protect secrets. Continue Reading
Feature 19 Oct 2022

Top 10 pen testing interview questions with answers

Are you pursuing a career in pen testing? Prepare with this list of 10 pen testing interview questions and answers created by three security experts. Continue Reading
Feature 19 Oct 2022

Top IT security manager interview questions

Are you looking for a leadership role in cybersecurity? Three security experts offer their advice on how to answer the most common IT security manager interview questions. Continue Reading
Guest Post 19 Oct 2022

3 cloud security posture questions CISOs should answer

As cloud adoption continues to accelerate, CISOs must help IT and cybersecurity teams keep pace with evolving cloud markets, especially when it comes to cloud security posture. Continue Reading
Podcast 14 Oct 2022

Risk & Repeat: Breaking down the Joe Sullivan conviction

This podcast episode discusses conviction of former Uber CSO Joe Sullivan, who was found guilty last week of covering up the company's 2016 data breach. Continue Reading
Guest Post 14 Oct 2022

The role of transparency in digital trust

To retain digital trust, organizations must be transparent in the aftermath of cybersecurity attacks and data breaches. Learn more about the roles of transparency in trust. Continue Reading
News 13 Oct 2022

NPM API flaw exposes secret packages

A flaw in the API for NPM could potentially allow a threat actor to see the internal packages for corporate users -- a possible first step for a supply chain attack. Continue Reading
Feature 12 Oct 2022

7 steps for implementing zero trust, with real-life examples

More than a decade since the term's inception, zero-trust security is still much easier said than done. Here's how to get started. Continue Reading
News 11 Oct 2022

NPM malware attack goes unnoticed for a year

A cybercriminal crew known as "LofyGang" poisoned software supply chains with bad NPM packages for more than a year, according to Checkmarx researchers. Continue Reading
Feature 11 Oct 2022

LinkedIn scams, fake Instagram accounts hit businesses, execs

Even the most secure business and executive social media accounts that have strong passwords and multifactor authentication are vulnerable to cloning schemes. Continue Reading
Tip 11 Oct 2022

Top 6 challenges of a zero-trust security model

Zero trust has a number of challenges, but because the model is highly beneficial, it's important for organizations to learn how to overcome them. Continue Reading
Tip 07 Oct 2022

Perimeter security vs. zero trust: It's time to make the move

Perimeter security requires a border to protect enterprise data. With more and more users working outside that border, zero trust promises a better security option for the future. Continue Reading
News 06 Oct 2022

Former Uber CSO Joe Sullivan found guilty in breach cover-up

Sullivan was convicted of obstruction of proceedings of the Federal Trade Commission and misprision of felony in connection with the cover-up of Uber's 2016 data breach. Continue Reading
News 05 Oct 2022

Ransomware attacks ravage schools, municipal governments

Attacks disclosed in September revealed that K-12 schools, universities and local governments continued to suffer at the hands of gangs such as Vice Society and BlackCat/Alphv. Continue Reading
Feature 05 Oct 2022

Top zero-trust certifications and training courses

Most organizations are expected to implement zero trust in the next few years. Learn about zero-trust certifications and trainings that can help prepare your security team. Continue Reading
Tip 04 Oct 2022

Top zero-trust use cases in the enterprise

Still hesitating to adopt zero trust? Learn about the main zero-trust use cases, as well as its benefits, myths and trends that are beginning to emerge. Continue Reading
News 03 Oct 2022

Intermittent encryption attacks: Who's at risk?

Threat analysts have observed some ransomware gangs using a new technique that only partially encrypts victims' files, which could evade some ransomware defenses. Continue Reading
Answer 28 Sep 2022

Compare zero trust vs. the principle of least privilege

Zero trust and the principle of least privilege may appear to solve the same issue, but they have their differences. Read up on the two methodologies. Continue Reading
Answer 28 Sep 2022

Zero trust vs. defense in depth: What are the differences?

Security administrators don't have to choose between zero-trust and defense-in-depth cybersecurity methodologies. Learn how the two frameworks complement each other. Continue Reading
Tip 27 Sep 2022

10 PCI DSS best practices to weigh as new standard rolls out

PCI's Security Standards Council revamped the requirements governing how organizations store payment card information. Companies need to act fast to ensure they are in compliance. Continue Reading
Tip 26 Sep 2022

Does AI-powered malware exist in the wild? Not yet

AI sending out malware attacks may invoke images of movielike, futuristic technology, but it may not be too far from reality. Read up on the future of AI-powered malware. Continue Reading
Podcast 23 Sep 2022

Risk & Repeat: Uber and Rockstar Games hacked

This podcast episode discusses recent hacks against Uber and Rockstar Games, the techniques of the attackers and the possible connection to the Lapsus$ cybercrime group. Continue Reading
Tip 22 Sep 2022

10 security-by-design principles to include in the SDLC

Security is rarely a priority in the SDLC, but it should be. Adhere to these security-by-design principles for secure software and learn the importance of threat modeling. Continue Reading
News 21 Sep 2022

Cybercriminals launching more MFA bypass attacks

New research from Okta shows that cybercrime groups have stepped up their attacks on multifactor authentication systems in an effort to thwart account security measures. Continue Reading
News 19 Sep 2022

Uber says Lapsus$ hackers behind network breach

Uber said a hacker from the Lapsus$ group used stolen credentials from a contractor to gain access to several important silos within its internal network. Continue Reading
News 19 Sep 2022

Rockstar Games confirms hack after 'Grand Theft Auto' leak

A threat actor this weekend published in-development footage from a forthcoming 'Grand Theft Auto' video game and claimed to have breached its publisher, Rockstar Games. Continue Reading
News 16 Sep 2022

DOJ drops report on cryptocurrency crime efforts

The U.S. Department of Justice issued a report to President Biden on its various enforcement efforts around cybercrime and digital currency, as well as looming challenges. Continue Reading
Guest Post 16 Sep 2022

How SOCs can identify the threat actors behind the threats

Learn how SOC teams can track threat actors by understanding the factors that influence an attack, such as the type of infrastructure used or commonly targeted victims. Continue Reading
News 16 Sep 2022

Uber responds to possible breach following hacker taunts

Security researchers spotted suspicious activity on Uber's HackerOne page when the alleged hacker posted messages claiming they had compromised the ride-share company's network. Continue Reading
News 15 Sep 2022

Transparency, disclosure key to fighting ransomware

Current and former CISA members say the best methods for curbing ransomware attacks are organizations reporting attacks and assisting in investigations. Continue Reading
News 15 Sep 2022

Webworm retools old RATs for new cyberespionage threat

Symantec's Threat Hunter Team uncovered a new cyberespionage campaign run by a threat group named Webworm, which uses customized versions of old remote access Trojans. Continue Reading
News 13 Sep 2022

CrowdStrike threat report: Intrusions up, breakout time down

According to a new report by CrowdStrike's threat hunting team, Falcon OverWatch, attempted intrusions against the healthcare sector doubled year over year. Continue Reading
Opinion 12 Sep 2022

How data security posture management complements CSPM

Data security posture management can provide comprehensive defense-in-depth security for cloud data. Find out more about how DSPM policies move with the data. Continue Reading
Feature 12 Sep 2022

How to prepare for post-quantum computing security

One of the biggest fears about quantum computing is its ability to break encryption algorithms more easily. Learn why and how to start making quantum security preparations now. Continue Reading
News 08 Sep 2022

LockBit gang leads the way for ransomware

New research from Malwarebytes shows LockBit is far and away the most prolific ransomware gang, with hundreds of confirmed attacks across the globe in recent months. Continue Reading
News 07 Sep 2022

Google: Former Conti ransomware members attacking Ukraine

Google said former members of the Conti ransomware gang are operating as part of threat group UAC-0098, which is conducting attacks of both political and financial nature. Continue Reading
News 06 Sep 2022

Healthcare and education remain common ransomware targets

August disclosures showed ransomware attacks against education and healthcare entities resulted in slow recovery times and the potential loss of highly sensitive information. Continue Reading
News 06 Sep 2022

Ransomware hits Los Angeles Unified School District

The second-largest public school system in the U.S. confirmed a ransomware attack caused districtwide disruption to various services over the holiday weekend. Continue Reading
News 01 Sep 2022

Researcher unveils smart lock hack for fingerprint theft

An academic researcher demonstrated how IoT smart locks could become tools for attackers to covertly steal fingerprints and potentially access more sensitive personal data. Continue Reading
Tip 01 Sep 2022

Cybersecurity budget breakdown and best practices

Once budget is secured, CISOs must figure out where it should be allocated -- as well as how to justify the costs. Get the lowdown on a cybersecurity budget breakdown here. Continue Reading
News 26 Aug 2022

LastPass discloses data breach

LastPass CEO Karim Toubba said no customer data or password details were compromised, and the company does not recommend an immediate course of action to users. Continue Reading
News 25 Aug 2022

Twitter whistleblower report holds security lessons

The whistleblower report from Twitter's former security lead should provide companies and boards with lessons on how not to handle internal security concerns. Continue Reading
Tip 25 Aug 2022

15 benefits of outsourcing your cybersecurity operations

For companies battling increasing security breaches and cyber attacks, MSSPs can offer reliability, continuity, nonstop coverage, broader experience and better access to talent. Continue Reading
Podcast 24 Aug 2022

Risk & Repeat: Whistleblower spells trouble for Twitter

A new whistleblower report unveiled troubling accusations against Twitter from the social media company's former head of security, Peiter 'Mudge' Zatko. Continue Reading
News 22 Aug 2022

CEO of spyware vendor NSO Group steps down

Current NSO Group COO Yaron Shohat will replace outgoing CEO Shalev Hulio as part of a reorganization for the vendor, which has come under fire from the U.S. government. Continue Reading
Tip 19 Aug 2022

8 secure file transfer services for the enterprise

With a plethora of options, finding the best secure file transfer service for your business can pose a challenge. Learn how to make an informed decision. Continue Reading
Tip 19 Aug 2022

7 key cybersecurity metrics for the board and how to present them

Learn how to present important cybersecurity metrics for the board to ensure that business leaders understand that money allocated to security is money well spent. Continue Reading
News 18 Aug 2022

Shunned researcher Hadnagy sues DEF CON over ban

Researcher Christopher Hadnagy is seeking damages from DEF CON and founder Jeff Moss over their decision to ban him citing multiple claims of conduct violations. Continue Reading
Tip 18 Aug 2022

What is identity sprawl and how can it be managed?

With identity-based attacks on the rise, organizations need to prioritize identity management. Learn about identity sprawl, why it's a risk and how it can be managed. Continue Reading
Opinion 17 Aug 2022

Data security as a layer in defense in depth against ransomware

Having data security as part of a defense-in-depth strategy can reduce the likelihood of a successful ransomware attack. Continue Reading
Podcast 17 Aug 2022

Risk & Repeat: Black Hat 2022 recap

This Risk & Repeat podcast episode discusses the Black Hat 2022 conference in Las Vegas and the notable sessions, major themes and hot topics from the show. Continue Reading
News 16 Aug 2022

Mailchimp suffers second breach in 4 months

While the source of the breach has not been confirmed, an attacker got into Mailchimp and gained access to the customer account of cloud hosting provider DigitalOcean. Continue Reading
Tip 15 Aug 2022

Cybersecurity skills gap: Why it exists and how to address it

The cybersecurity skills shortage is putting enterprises at risk. Worse, it shows no sign of abating. Here is why it's happening and what employers can do to mitigate the problem. Continue Reading
News 11 Aug 2022

Cisco hacked by access broker with Lapsus$ ties

No Cisco employee or customer personal information was stolen in the hack, though some data did make it onto the dark web. Continue Reading
Opinion 11 Aug 2022

Why 2023 is the year of passwordless authentication

Passwords may soon be relegated to the past thanks to IAM vendors' efforts to create passwordless login options. Here's why 2023 should be the year of passwordless authentication. Continue Reading
News 11 Aug 2022

Google researchers dissect Android spyware, zero days

Researchers with Google's Threat Analysis Group say the ecosystem of surveillance vendors is far larger than just NSO Group, and some vendors are sharing or trading exploits. Continue Reading
Feature 11 Aug 2022

What is data security? The ultimate guide

Dig into the essentials of data security, from must-have tools, technologies and processes to best practices for keeping data safe. Continue Reading
News 10 Aug 2022

Chris Krebs: It's still too hard to work with the government

Former CISA Director Chris Krebs offered multiple areas of improvement to the U.S. government's cyber readiness during a Black Hat 2022 keynote. Continue Reading
Tip 05 Aug 2022

5 data security challenges enterprises face today

Data empowers enterprises to succeed. But with great power comes great responsibility -- to keep that data secure. Here are five challenges today's businesses must meet. Continue Reading
Feature 05 Aug 2022

Importance of enterprise endpoint security during a pandemic

Enterprises often focus greatly on communications security and less on endpoint security. Review the importance of enterprise endpoint security and best practices to implement it. Continue Reading
Feature 05 Aug 2022

Cybersecurity lessons learned from COVID-19 pandemic

Cybersecurity lessons companies learn from the COVID-19 pandemic include having work-from-home preparations and developing disaster recovery and business continuity plans. Continue Reading
News 02 Aug 2022

July another down month in ransomware attack disclosures

July saw a similar number of ransomware attack disclosures as June, previously the sparsest month for disclosures this year, according to SearchSecurity's data. Continue Reading
Tip 02 Aug 2022

Data masking vs. data encryption: How do they differ?

Discover how the data security techniques of data masking and data encryption compare, while also learning about different types of both and their use cases. Continue Reading
Feature 02 Aug 2022

The importance of data security in the enterprise

Three industry experts discuss the criticality of data security in the enterprise, including the significance of data breaches and compliance regulations. Continue Reading
Tip 02 Aug 2022

10 enterprise database security best practices

Beyond protecting enterprise databases from vulnerabilities, it is critical to improve and review their security on a regular basis. Learn more with these database security best practices. Continue Reading
Tip 01 Aug 2022

Top 10 UEBA enterprise use cases

The top user and entity behavior analytics use cases fall in cybersecurity, network and data center operations, management and business operations. Check out the risks. Continue Reading
Feature 29 Jul 2022

10 biggest data breaches in history, and how to prevent them

Did you know the biggest data breach in history exposed a whopping 3 billion records? Learn more about the largest data breaches and get advice on how to prevent similar attacks. Continue Reading
Tip 28 Jul 2022

How to perform a data risk assessment, step by step

Organizations need confidence that they are properly identifying and protecting sensitive data. Follow these five steps to create a data risk assessment. Continue Reading
News 28 Jul 2022

Microsoft: Austrian company DSIRF selling Subzero malware

Microsoft said Austrian penetration testing firm DSIRF exploited multiple zero-day vulnerabilities, including the recently patched CVE-2022-22047. Continue Reading
Tip 28 Jul 2022

How to prevent a data breach: 10 best practices and tactics

When it comes to data breach prevention, the stakes are high. While it's impossible to eliminate the risk, organizations can minimize it by following these best practices. Continue Reading
Feature 28 Jul 2022

How to develop a data breach response plan: 5 steps

A data breach response plan outlines how a business will react to a breach. Follow these five steps, and use our free template to develop your organization's plan. Continue Reading
News 28 Jul 2022

AWS adds anti-malware and PII visibility to storage

New tools unveiled by AWS at re:Inforce 2022 add new anti-malware capabilities to AWS block storage and a way to find personally identifiable information with S3 object storage. Continue Reading
Feature 28 Jul 2022

How to secure data at rest, in use and in motion

With internal and external cyber threats on the rise, check out these tips to best protect and secure data at rest, in use and in motion. Continue Reading
Tip 27 Jul 2022

Top 7 data loss prevention tools for 2022

Data loss prevention software is a necessity for most companies. Our guide gives you a quick overview of seven top DLP providers and tells you what works -- and what doesn't. Continue Reading
Tip 22 Jul 2022

Top 10 enterprise data security best practices

To protect your organization's data and prevent its misuse, incorporate these 10 data security best practices into your enterprise data security strategy. Continue Reading
Answer 22 Jul 2022

Symmetric vs. asymmetric encryption: What's the difference?

Explore the differences between symmetric vs. asymmetric encryption, including how they work and common algorithms, as well as their pros and cons. Continue Reading
Feature 21 Jul 2022

How to create a data security policy, with template

Are you looking to create or update your organization's data security policy? Learn about the key elements of a data security policy, and use our free template to get started. Continue Reading
Tip 18 Jul 2022

Key factors to achieve data security in cloud computing

Enterprises face a variety of data security concerns when deploying assets to the cloud. But there are some guidelines you can follow to make sure your assets are protected. Continue Reading
News 15 Jul 2022

Cryptocurrency mixer activity reaches new heights in 2022

Chainalysis observed a stark uptick in April that led to a steady decline in May and June, but illicit addresses and DeFi platforms have kept mixers busy so far this year. Continue Reading
Podcast 15 Jul 2022

Risk & Repeat: Ransomware in 2022 so far

This podcast episode discusses ransomware in 2022, including an apparent decrease in attacks, the evolution of cybercrime operations and the lack of visibility into the threat. Continue Reading
News 14 Jul 2022

Cryptocurrency crash triggers crisis for dark web exchanges

Cybersixgill says dark web exchanges that help cybercriminals launder their funds are facing a crisis as users are cashing out amid a cryptocurrency price crash. Continue Reading
Tip 14 Jul 2022

SecOps vs. CloudSecOps: What does a CloudSecOps team do?

Now, more than ever, organizations need to build controls, monitor and enact security response activities for the cloud. This is where the CloudSecOps team comes into play. Continue Reading

1
2
3
4
5
6
7

Networking

5 most valuable wireless network certifications
Wireless networking skills are in high demand. Having a top-notch wireless network certification can help networking newbies and ...
A history of wireless for business and a look forward
This history of enterprise wireless takes you from WLAN development inside the enterprise to cellular data services outside the ...
Evaluate various SASE approaches for deployment
Enterprises must choose between single- or multivendor SASE approaches, as well as DIY or managed service options. Experts ...

CIO

Federal, private work spurs Earth observation advancements
Earth observation is a primary driver of the global space economy and something federal agencies are partnering with commercial ...
Top 9 blockchain platforms to consider in 2023
Get the lowdown on the major features, differentiators, strengths and weaknesses of the blockchain platforms getting the most ...
A rising space industry will create new jobs and products
A growing space industry is creating business opportunities in space, ranging from Earth observation and communications to space ...

Enterprise Desktop

How to monitor Windows files and which tools to use
Monitoring files on Windows systems is critical to detect suspicious activities, but there are so many files and folders to keep ...
How will Microsoft Loop affect the Microsoft 365 service
While Microsoft Loop is not yet generally available, Microsoft has released details about how Loop can connect users and projects...
Latest Windows 11 update adds tabbed File Explorer
The latest Windows 11 update offers a tabbed File Explorer for rearranging files and switching between folders. The OS also ...

Cloud Computing

A conference guide to AWS re:Invent 2022
Explore the latest news, product releases and technology updates, as well as analysis and expert advice from AWS re:Invent 2022 ...
Rise in Nutanix revenue driven by subscription renewals
Nutanix revenues jumped 15% thanks to more users renewing their subscriptions. The company also reported positive quarterly ...
Compare Azure Key Vault vs. Kubernetes Secrets
Secrets require a certain level of upkeep such as storage, delivery and management. Compare services in these criteria and learn ...

ComputerWeekly.com

Civil servants want more digital skills training, survey finds
Civil servants are keen to learn more about how to use technology, including artificial intelligence (AI) to improve public ...
Post Office boosted its ‘coffers’ as Horizon system threw up unexplained shortfalls, inquiry told
The Post Office was ‘keen’ to make subpostmasters cover unexplained accounting shortfall as its business struggled, public ...
Twitter ‘replacement’ Hive shuts off service in privacy alert
Hive, a recently established social media network, has temporarily closed its servers to address deep structural privacy issues ...

Close