Data security and privacy
Secure data storage, data loss prevention and encryption are must-have components of any enterprise security strategy, especially as data threats and breaches become increasingly common. Get advice on these topics, along with the latest data security strategies, data backup and recovery info, and more.
Top Stories
-
Opinion
05 Dec 2024
2025 identity security and data security predictions
From securing nonhuman identities to post-quantum cryptography to DSPM and DLP combining, here's what's in store for identity and data security in 2025. Continue Reading
By- Todd Thiemann, Senior Analyst
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
News
05 Dec 2024
Police bust cybercrime marketplace, phishing network
As part of Europol's announcement of the cybercriminal marketplace's disruption, the agency included an image of a takedown notice referencing the 'Manson Market.' Continue Reading
By- Alexander Culafi, Senior News Writer
-
Opinion
31 Oct 2023
Collaborate with third parties to ensure enterprise security
Third-party risk is a major threat today, as evidenced in numerous recent breaches. Organizations must work with partners to ensure their data is protected properly. Continue Reading
By- Jack Poller
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
News
31 Oct 2023
Dual ransomware attacks on the rise, but causes are unclear
While the FBI warned enterprises of an increase in dual ransomware attacks, infosec experts said there's insufficient data to consider the threat a trend. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
30 Oct 2023
ISO 27002 (International Organization for Standardization 27002)
The ISO 27002 standard is a collection of information security management guidelines that are intended to help an organization implement, maintain and improve its information security management. Continue Reading
By- Paul Kirvan
- Ben Cole, Executive Editor
-
Tip
30 Oct 2023
What an email security policy is and how to build one
Companies must have an effective security policy in place to protect email from cybercriminals and employee misuse. Learn how to build one for your company. Continue Reading
By- Andrew Froehlich, West Gate Networks
-
Tip
27 Oct 2023
How to create a cybersecurity awareness training program
Cybersecurity awareness training often misses the mark, leaving employees undereducated and organizations vulnerable to attack. Here's how to succeed where too many fail. Continue Reading
By- Alissa Irei, Senior Site Editor
- Mike Chapple, University of Notre Dame
-
Podcast
26 Oct 2023
Risk & Repeat: Okta under fire after support system breach
This podcast episode covers a security breach suffered by identity vendor Okta involving its customer support systems, which has sparked criticism from customers. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
26 Oct 2023
How to create a company password policy, with template
Use these guidelines and our free template to ensure your company's password policy sets the ground rules for strong and effective password creation and use. Continue Reading
By -
Tutorial
24 Oct 2023
How to use SDelete to ensure deleted data is gone for good
When data is deleted from a disk, is it gone? One way to make sure file info is permanently erased is to use SDelete, a utility specifically tailored to remove key data. Continue Reading
By- Damon Garn, Cogspinner Coaction
-
News
19 Oct 2023
CISA, NSA, FBI publish phishing guidance
In its guidance, CISA focused on two primary goals of phishing attacks: obtaining login credentials, often via social engineering, and installing malware on target systems. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
19 Oct 2023
How to build a content governance model
With a proper content governance model, organizations can improve their content marketing efforts, benefit their SEO rankings and reach larger audiences. Continue Reading
By- Laurence Hart, CGI Federal
-
Tip
18 Oct 2023
The data privacy risks of third-party enterprise AI services
Using off-the-shelf enterprise AI can both increase productivity and expose internal data to third parties. Learn best practices for assessing and mitigating data privacy risk. Continue Reading
By -
Tip
18 Oct 2023
Cybersecurity vs. cyber resilience: What's the difference?
Companies need cybersecurity and cyber-resilience strategies to protect against attacks and mitigate damage in the aftermath of a successful data breach. Continue Reading
By -
News
17 Oct 2023
Cisco IOS XE zero-day facing mass exploitation
VulnCheck said its public scanning for CVE-2023-20198 revealed that 'thousands' of internet-facing Cisco IOS XE systems have been compromised with malicious implants. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
17 Oct 2023
Allowlisting vs. blocklisting: Benefits and challenges
Allowlisting and blocklisting are key components of access control. Learn the benefits and challenges of each approach and why a combination of the two is often the best strategy. Continue Reading
By- Ashwin Krishnan, StandOutin90Sec
-
News
16 Oct 2023
Cisco working on fix for critical IOS XE zero-day
Cisco designated the bug, CVE-2023-20198, with a CVSS score of 10 and said it was working on a patch, but advised customers to apply mitigations in the meantime. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
13 Oct 2023
Ransomware gang targets critical Progress WS_FTP Server bug
The vulnerability used in the failed ransomware attack, CVE-2023-40044, is a .NET deserialization vulnerability in Progress Software's WS_FTP Server with a CVSS score of 10. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Answer
13 Oct 2023
What are the most important email security protocols?
Email was designed without security considerations. Email security protocols, including SMPTS, SPF and S/MIME, add mechanisms to keep messaging safe from threats. Continue Reading
By- Peter Loshin, Former Senior Technology Editor
-
Definition
12 Oct 2023
security awareness training
Security awareness training is a strategic approach IT and security professionals take to educate employees and stakeholders on the importance of cybersecurity and data privacy. Continue Reading
By- Kinza Yasar, Technical Writer
- Mary K. Pratt
-
Tip
12 Oct 2023
5 steps to achieve a risk-based security strategy
Learn about the five steps to implement a risk-based security strategy that helps naturally deliver compliance as a consequence of an improved security posture. Continue Reading
By -
Tip
11 Oct 2023
Top 6 password hygiene tips and best practices
Passwords enable users to access important accounts and data, making them attractive targets to attackers, too. Follow these password hygiene tips to keep your organization safe. Continue Reading
By- Diana Kelley, SecurityCurve
-
News
06 Oct 2023
MGM faces $100M loss from ransomware attack
MGM's 8-K filing revealed some personal customer data was stolen during the September attack and said the company expects cyber insurance to sufficiently cover the losses. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
05 Oct 2023
blockchain
Blockchain is a record-keeping technology designed to make it impossible to hack the system or forge the data stored on it, thereby making it secure and immutable. Continue Reading
By- Nick Barney, Technology Writer
- Mary K. Pratt
- Alexander S. Gillis, Technical Writer and Editor
-
Definition
04 Oct 2023
What is ransomware? How it works and how to remove it
Ransomware is a type of malware that locks and encrypts a victim's data, files, devices or systems, rendering them inaccessible and unusable until the attacker receives a ransom payment. Continue Reading
By- Sharon Shea, Executive Editor
- Alissa Irei, Senior Site Editor
-
Definition
04 Oct 2023
compliance as a service (CaaS)
Compliance as a service (CaaS) is a cloud service that specifies how a managed service provider (MSP) helps an organization meet its regulatory compliance mandates. Continue Reading
By- Ben Lutkevich, Site Editor
-
News
03 Oct 2023
Ransomware disrupts hospitality, healthcare in September
Ransomware disclosures and reports last month were headlined by attacks on MGM Resorts and Caesars Entertainment, which proved costly to the Las Vegas hospitality giants. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
02 Oct 2023
multifactor authentication
Multifactor authentication (MFA) is an account login process that requires multiple methods of authentication from independent categories of credentials to verify a user's identity for a login or other transaction. Continue Reading
By- Kinza Yasar, Technical Writer
- Mary E. Shacklett, Transworld Data
-
Definition
29 Sep 2023
cyber insurance
Cyber insurance, also called cyber liability insurance or cybersecurity insurance, is a contract an entity can purchase to help reduce the financial risks associated with doing business online. Continue Reading
By- Kinza Yasar, Technical Writer
-
Tip
29 Sep 2023
5 common browser attacks and how to prevent them
Browsers are critical components of any organization, especially with the rise of web apps. Security teams and users must, therefore, know how to avoid common browser attacks. Continue Reading
By- Ravi Das, ML Tech Inc.
-
News
26 Sep 2023
Clop MoveIt Transfer attacks affect over 2,000 organizations
According to research by security vendor Emsisoft, 2,095 organizations and 62,054,613 individuals have been affected by the Clop gang's attacks on MoveIt Transfer customers. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Feature
26 Sep 2023
How SSD encryption can protect enterprise data
It's easy for an SSD to fall into the wrong hands. Encryption, which is common in SSDs, is a powerful tool to protect mission-critical and personal data. Continue Reading
By- Jim Handy, Objective Analysis
-
Tip
25 Sep 2023
Are iPhones more secure than Android devices?
Apple has built a reputation for strong device security, but reputation alone can't protect corporate data. While iOS and Android differ, mobile security comes down to management. Continue Reading
By- Michael Goad, CDW
-
News
22 Sep 2023
Apple issues emergency patches for 3 zero-day bugs
Apple said CVE-2023-41992, CVE-2023-41991 and CVE-2023-41993 -- all reported by Citizen Lab and Google researchers -- might have been exploited against versions of iOS before 16.7. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Feature
21 Sep 2023
Palm scanning tech explained: Everything you need to know
Just like fingerprints, your vein patterns are unique. Now, palm scanning technology is using your veins as a new form of identification that's more secure than other biometrics. Continue Reading
By- Amanda Hetler, Senior Editor
-
News
20 Sep 2023
Okta: Caesars, MGM hacked in social engineering campaign
Identity management vendor Okta had previously disclosed that four unnamed customers had fallen victim to a social engineering campaign that affected victims' MFA protections. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Podcast
19 Sep 2023
Risk & Repeat: MGM, Caesars casino hacks disrupt Las Vegas
This podcast episode compares the cyber attacks suffered by casino giants MGM Resorts and Caesars Entertainment in recent weeks and the fallout from them. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
19 Sep 2023
bitcoin mining
Bitcoin mining is a type of cryptomining in which new bitcoin are entered into circulation and bitcoin transactions are verified and added to the blockchain. Continue Reading
By- Nick Barney, Technology Writer
- Alexander S. Gillis, Technical Writer and Editor
-
News
18 Sep 2023
Microsoft AI researchers mistakenly expose 38 TB of data
Microsoft said no customer data was affected by the Azure Storage exposure and 'no other internal services were put at risk because of this issue,' which has been mitigated. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
18 Sep 2023
steganography
Steganography is the technique of hiding data within an ordinary, nonsecret file or message to avoid detection; the hidden data is then extracted at its destination. Continue Reading
By- Margie Semilof, TechTarget
- Casey Clark, TechTarget
-
Tip
14 Sep 2023
How CIOs can build cybersecurity teamwork across leadership
Cross-departmental relationships are key to long-term business success. Discover why CIOs must focus on teamwork with these three C-suite roles for highly effective cybersecurity. Continue Reading
By- Kevin Beaver, Principle Logic, LLC
-
News
14 Sep 2023
Caesars Entertainment breached in social engineering attack
Caesars said it took steps after the breach to "ensure that the stolen data is deleted by the unauthorized actor," suggesting it paid a ransom to the attackers. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
13 Sep 2023
triple extortion ransomware
Triple extortion ransomware is a type of ransomware attack where a cybercriminal extorts their victim multiple times, namely by encrypting data, exfiltrating data to expose and threatening a third attack vector. Continue Reading
-
Tip
11 Sep 2023
How to develop a cloud backup ransomware protection strategy
Deploying cloud backups for ransomware protection has become a common security strategy. Here's how to properly vet cloud storage vendors to ensure backups stay secure. Continue Reading
By- Dave Shackleford, Voodoo Security
-
News
05 Sep 2023
Ransomware attacks on education sector spike in August
While data breach notifications for MoveIt Transfer customers continued to rise, August also saw ransomware ramp up against schools and universities as classes resumed. Continue Reading
By- Arielle Waldman, News Writer
-
Definition
05 Sep 2023
email security
Email security is the process of ensuring the availability, integrity and authenticity of email communications by protecting against unauthorized access and email threats. Continue Reading
By- Kinza Yasar, Technical Writer
- Sean Michael Kerner
-
Tip
31 Aug 2023
How to recover from a ransomware attack
With a ransomware recovery plan, organizations can act quickly to prevent data loss without descending into chaos. Learn the six steps to incorporate into your plan. Continue Reading
By- John Burke, Nemertes Research
-
News
29 Aug 2023
Cisco VPNs under attack via Akira, LockBit ransomware
Cisco and Rapid7 say ransomware actors LockBit and Akira have apparently been targeting Cisco VPNs not configured for multifactor authentication. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Feature
28 Aug 2023
3 ransomware detection techniques to catch an attack
While prevention is key, it's not enough to protect a company's system from ransomware. Reduce damage from attacks with these three ransomware detection methods. Continue Reading
By- Kyle Johnson, Technology Editor
-
Tip
28 Aug 2023
Should companies make ransomware payments?
Once infected with ransomware, organizations face a major question: to pay or not to pay? Law enforcement recommends against it, but that doesn't stop all companies from paying. Continue Reading
By- Kyle Johnson, Technology Editor
-
News
25 Aug 2023
CloudNordic loses most customer data after ransomware attack
The Danish cloud host said the ransomware attack it suffered last week 'has paralyzed CloudNordic completely' and that 'it has proved impossible' to recover more customer data. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
21 Aug 2023
risk analysis
Risk analysis is the process of identifying and analyzing potential issues that could negatively impact key business initiatives or projects. Continue Reading
By- Kinza Yasar, Technical Writer
- Linda Rosencrance
-
Tip
18 Aug 2023
Comparing iPhone vs. Android privacy for employee devices
Employee privacy is a crucial factor in mobile device management, and IT should know how device type plays into this. Learn how the privacy features of iOS and Android differ. Continue Reading
By- Michael Goad, CDW
-
Podcast
17 Aug 2023
Risk & Repeat: Highlights from Black Hat USA 2023
Black Hat USA 2023 in Las Vegas covered several trends, such as generative AI and cloud security issues, as well as new vulnerabilities, including the Downfall flaw in Intel chips. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Feature
16 Aug 2023
Adopt embedded penetration testing to keep IoT devices secure
Regular embedded penetration testing can help discover vulnerabilities before attackers do. The author of 'Practical Hardware Pentesting' explains. Continue Reading
By- Kyle Johnson, Technology Editor
-
Tip
15 Aug 2023
Top 4 information security strategy essentials CIOs need
Right now, hackers are targeting your organization. Fight back by learning how CIOs can create a resilient and strong information security foundation. Continue Reading
By- Kevin Beaver, Principle Logic, LLC
-
Tip
14 Aug 2023
5 digital forensics tools experts use in 2023
A data breach prompts law enforcement and affected organizations to investigate. These five digital forensics tools help with evidence collection and incident response. Continue Reading
By -
Feature
10 Aug 2023
Why using ransomware negotiation services is worth a try
If stakeholders decide to pay ransom demands, using a ransomware negotiation service could improve the situation's outcome and lower the payout. Continue Reading
By- Kyle Johnson, Technology Editor
-
News
08 Aug 2023
Google unveils 'Downfall' attacks, vulnerability in Intel chips
Google researcher Daniel Moghimi first reported CVE-2022-40982 and the resulting data leak attacks to Intel in August 2022, but it's taken nearly 12 months to disclose the flaw. Continue Reading
By- Rob Wright, Senior News Director
-
Tip
08 Aug 2023
5 steps to ensure HIPAA compliance on mobile devices
IT must implement several measures to comply with HIPAA, and mobile devices can add further complexity to this process. Follow these important steps for mobile HIPAA compliance. Continue Reading
By- Michael Goad, CDW
-
Definition
07 Aug 2023
cryptosystem
A cryptosystem is a structure or scheme consisting of a set of algorithms that converts plaintext to ciphertext to encode or decode messages securely. Continue Reading
-
News
03 Aug 2023
MoveIt Transfer attacks dominate July ransomware disclosures
Traditional ransomware attacks took a back seat last month, as Clop operators continued to claim victims from the zero-day attacks on MoveIt Transfer customers. Continue Reading
By- Arielle Waldman, News Writer
-
Podcast
03 Aug 2023
Risk & Repeat: Microsoft takes heat over Storm-0558 attacks
The Storm-0558 attacks have raised questions about Microsoft's response to a cloud flaw and a stolen MSA key that was used to compromise customer email accounts. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
03 Aug 2023
SOC 2 (System and Organization Controls 2)
SOC 2 (System and Organization Controls 2), pronounced "sock two," is a voluntary compliance standard for ensuring that service providers properly manage and protect the sensitive data in their care. Continue Reading
By- Robert Sheldon
- Alex DelVecchio, Content Development Strategist
-
Feature
01 Aug 2023
Infosec experts divided on SEC four-day reporting rule
Professionals in the cybersecurity industry voiced concerns and praises of new incident disclosure rules that allow companies four days to report a "material" cyber attack. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
31 Jul 2023
6 ways to support business resilience at your organization
Without enough support, resilience initiatives are unlikely to succeed. Here are six ways individuals and departments can support business resilience. Continue Reading
By -
News
31 Jul 2023
CISA details backdoor malware used in Barracuda ESG attacks
CISA said Friday that 'Submarine' is a novel persistent backdoor used in attacks against Barracuda Email Security Gateway appliances vulnerable to CVE-2023-2868. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Definition
28 Jul 2023
national identity card
A national identity card is a portable document, typically a plasticized card with digitally embedded information, that is used to verify aspects of a person's identity. Continue Reading
-
News
25 Jul 2023
Thoma Bravo sells Imperva to Thales Group for $3.6B
With the acquisition, Thales looks to expand its Digital Security and Identity business with an increased focus on protecting web applications and API. Continue Reading
By- Arielle Waldman, News Writer
-
News
25 Jul 2023
Ivanti EPMM zero-day vulnerability exploited in wild
A zero-day authentication bypass vulnerability in Ivanti Endpoint Manager Mobile was exploited in a cyber attack against a Norwegian government agency. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
25 Jul 2023
5 steps to approach BYOD compliance policies
It can be difficult to ensure BYOD endpoints are compliant because IT can't configure them before they ship to users. Admins must enforce specific policies to make up for this. Continue Reading
By- Will Kelly
- Mike Chapple, University of Notre Dame
-
News
24 Jul 2023
Coveware: Rate of victims paying ransom continues to plummet
Incident response firm Coveware said 34% of ransomware victims paid the ransom in Q2 2023, a sharp decline from last quarter and an enormous decline from 2020 and 2019. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Podcast
20 Jul 2023
Risk & Repeat: Are data extortion attacks ransomware?
Ransomware gangs are focusing more on data theft and extortion, while skipping the encryption of networks. But should these attacks still be considered ransomware? Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
20 Jul 2023
Cyber insurers adapting to data-centric ransomware threats
Cyber insurance carriers and infosec vendors weigh in on how the shift in ransomware tactics is affecting policies and coverage, presenting challenges for enterprises. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
19 Jul 2023
7 ways to collect customer data that keep you compliant
Organizations can collect customer data through cookies and sales transactions, but they must be transparent and ensure they follow government regulations for data privacy. Continue Reading
By- Andrew Froehlich, West Gate Networks
-
Opinion
19 Jul 2023
Using defense in depth to secure cloud-stored data
To better secure cloud-resident data, organizations are deploying cloud-native tools from CSPs and third-party tools from MSPs to achieve a defense-in-depth strategy. Continue Reading
By- Jack Poller
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
News
17 Jul 2023
JumpCloud breached by nation-state threat actor
JumpCloud's mandatory API key rotation earlier this month was triggered by a breach at the hands of a nation-state threat actor that gained access through spear phishing. Continue Reading
By- Rob Wright, Senior News Director
-
Tip
13 Jul 2023
The role of Mac file and folder encryption for businesses
IT administrators can enable the Mac FileVault utility across business files and data to provide an extra layer of security and meet compliance standards. Continue Reading
-
News
12 Jul 2023
Chainalysis observes sharp rise in ransomware payments
The rise in total ransomware payments so far this year is a reversal of the decline Chainalysis saw in 2022, when payments fell sharply to $457 million from $766 million in 2021. Continue Reading
By- Rob Wright, Senior News Director
-
Podcast
11 Jul 2023
Risk & Repeat: How bad is Clop's MoveIt Transfer campaign?
Clop's data theft and extortion campaign against MoveIt Transfer customers marks some of the most high-profile threat activity this year, but its success level remains unclear. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
11 Jul 2023
Clop's MoveIt Transfer attacks lead to mixed results
Clop's data theft extortion campaign against MoveIt Transfer customers has apparently compromised hundreds of organizations. But it's unclear how many victims have paid ransoms. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Opinion
11 Jul 2023
For stronger public cloud data security, use defense in depth
The amount of cloud-resident data is increasing -- and so are the number of challenges to sufficiently secure it, especially within multi-cloud environments. Continue Reading
By- Jack Poller
-
Enterprise Strategy Group
We provide market insights, research and advisory, and technical validations for tech buyers.
-
News
06 Jul 2023
CISA: Truebot malware infecting networks in U.S., Canada
CISA warned of Truebot attacks in a joint advisory alongside the FBI, the Canadian Centre for Cyber Security and the Multi-State Information Sharing and Analysis Center. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
05 Jul 2023
June saw flurry of ransomware attacks on education sector
As the school year culminated, ransomware attacks surged across K-12 schools and universities, causing class disruptions and putting sensitive data at risk. Continue Reading
By- Arielle Waldman, News Writer
-
News
30 Jun 2023
TSMC partner breached by LockBit ransomware gang
A cyber attack against Chinese systems integrator Kinmax led to the theft of TSMC proprietary data, which LockBit threatened to publish unless TSMC paid a $70 million ransom. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
22 Jun 2023
Apple patches zero days used in spyware attacks on Kaspersky
Two Apple zero days were used in the spyware campaign Kaspersky Lab named 'Operation Triangulation,' which was initially discovered on iOS devices of Kaspersky employees. Continue Reading
By- Arielle Waldman, News Writer
-
News
21 Jun 2023
May ransomware activity rises behind 8base, LockBit gangs
LockBit was the most active group last month, but NCC Group researchers were surprised by 8base, which started listing victims from attacks that occurred beginning in April 2022. Continue Reading
By- Arielle Waldman, News Writer
-
Podcast
20 Jun 2023
Risk & Repeat: More victims emerge from MoveIt Transfer flaw
CISA last week said several federal agencies suffered data breaches resulting from a MoveIt Transfer zero-day vulnerability, though it's unclear what type of data was stolen. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
20 Jun 2023
Implement zero trust to improve API security
Not all organizations have an API security strategy in place. Using zero trust in API security is one way to protect APIs and reduce their changes of being attacked. Continue Reading
By- Ashwin Krishnan, StandOutin90Sec
-
Definition
19 Jun 2023
PCI compliance
PCI compliance is adherence to the set of policies and procedures developed to protect credit, debit and cash card transactions and prevent the misuse of cardholders' personal information. Continue Reading
By- Nick Barney, Technology Writer
- Ben Cole, Executive Editor
-
News
16 Jun 2023
U.S. government agencies breached via MoveIt Transfer flaw
CISA Director Jen Easterly said 'several' U.S. agencies suffered intrusions via their MoveIt Transfer instances, but have not seen significant effects from the attacks. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
15 Jun 2023
Chinese nation-state actor behind Barracuda ESG attacks
Mandiant said the zero-day attacks on Barracuda Email Security Gateway appliances were part of a 'wide-ranging campaign in support of the People's Republic of China.' Continue Reading
By- Arielle Waldman, News Writer
-
News
14 Jun 2023
State governments among victims of MoveIT Transfer breach
The Clop ransomware gang, which claimed responsibility for multiple data breaches tied to the MoveIT Transfer flaw, said it would delete data stolen from government agencies. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
12 Jun 2023
MoveIT Transfer attacks highlight SQL injection risks
Security vendors say SQL injection flaws, like the zero-day vulnerability recently disclosed by Progress Software, can be challenging for companies to identify and resolve. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
09 Jun 2023
Pros and cons of blockchain for ERP
ERP's longevity reaches back to the 1960s, but thanks to blockchain, an old dog may well learn some new business tricks in this ever-changing and modernizing world of technology. Continue Reading
By- Christine Campbell, The Alpha Content Company
-
Podcast
08 Jun 2023
Risk & Repeat: Moveit Transfer flaw triggers data breaches
Several organizations, predominantly in the U.K., have confirmed data breaches that stemmed from exploitation of the critical Moveit Transfer zero-day vulnerability. Continue Reading
By- Alexander Culafi, Senior News Writer
-
News
08 Jun 2023
MoveIt Transfer flaw leads to wave of data breach disclosures
Organizations that have confirmed a data breach tied to the critical MoveIt flaw disclosed in May include the government of Nova Scotia, the BBC and HR software firm Zellis. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
08 Jun 2023
How to secure blockchain: 10 best practices
Blockchain has huge potential in the enterprise, but remember all emerging technologies come with their own risks. Consider these 10 best practices for securing blockchain. Continue Reading
By- Jessica Groopman, Kaleido Insights
-
News
07 Jun 2023
What generative AI's rise means for the cybersecurity industry
ChatGPT's moment in cybersecurity is significant for both technological and marketing reasons. Security analysts and experts have their own reasons why. Continue Reading
By- Alexander Culafi, Senior News Writer
-
Tip
07 Jun 2023
Top blockchain attacks, hacks and security issues explained
Blockchain is an attractive target for malicious actors. From blockchain-specific attacks to human vulnerabilities to lack of regulations, these are the top blockchain issues. Continue Reading
By- Jessica Groopman, Kaleido Insights
-
Definition
06 Jun 2023
digital ecosystem
A digital ecosystem is a group of interconnected information technology resources that can function as a unit. Continue Reading
By -
Tip
06 Jun 2023
9 benefits of cryptocurrency in business
Businesses adopting cryptocurrency can potentially improve their financial liquidity, attract new customers, ensure transaction transparency, reduce fraud and align with Web 3.0. Continue Reading