IM Security Issues, Risks and Tools
-
News
11 May 2020
Volunteers join forces to tackle COVID-19 security threats
The COVID-19 Cyber Threat Coalition has amassed approximately 4,000 volunteers from the infosec community to monitor, analyze and block pandemic-themed threats across the globe. Continue Reading
-
Feature
08 May 2020
Compare the top cloud-based IoT security platforms to protect devices
IoT security tools can protect widely used computing devices that pose cybersecurity risks in the current remote work era. Explore the leading cloud-based options here. Continue Reading
-
Feature
08 May 2020
How a security researcher spots a phishing email attempt
When security expert Steven Murdoch spotted a phishing email in his inbox, the researcher in him decided to investigate. Here's what he learned about criminal phishing tactics. Continue Reading
-
Tip
08 May 2020
How to protect the network from ransomware in 5 steps
Stronger network security could be the key to preventing a ransomware infection. Follow these five steps to protect your network from ransomware. Continue Reading
-
News
07 May 2020
Advanced Computer Software leak exposes nearly 200 law firms
Researchers at cybersecurity vendor TurgenSec discovered an exposed database owned by Advanced Computer Software that contained legal documents with data from 190 law firms. Continue Reading
-
Tip
07 May 2020
Prevent spyware through user awareness and technical controls
Find out how to protect devices from spyware and educate users to avoid the most common traps from which spyware infections might come, including phishing attacks and rogue apps. Continue Reading
-
News
06 May 2020
GitHub security features tackle data exposures, vulnerabilities
In in effort to curb accidental data exposures in repositories, GitHub unveiled a new 'secret' scanning tool that examines public and private code repositories for sensitive data. Continue Reading
-
News
06 May 2020
Healthcare organizations sitting on 'unexploded' ransomware
While threat reports show ransomware attacks against healthcare organizations are down, experts say threat actors may be lurking in networks and waiting to strike at a later date. Continue Reading
-
Quiz
06 May 2020
Test your cyber-smarts with this network security quiz
Show what you know about the topics covered in the May 2020 issue of Information Security magazine. If you get nine of 10 answers right, you'll also receive CPE credit! Continue Reading
-
Answer
06 May 2020
The risks and effects of spyware
Spyware can steal mundane information, track a user's every move and everything in between. Read up on the types of spyware and how to best fix infected devices. Continue Reading
-
Tip
05 May 2020
How data loss prevention strategies benefit from UBA
Data loss prevention strategies require unique insight into user activity. Can user behavior analytics capabilities benefit threat management and breach detection? Continue Reading
-
Tip
05 May 2020
Identifying common Microsoft 365 security misconfigurations
Microsoft 365 security problems can double the time it takes to contain a breach, according to a new survey. Check out best practices and operational strategies to fix them. Continue Reading
-
Tip
05 May 2020
How can security benefit from cyberthreat intelligence?
Cyberthreat intelligence is essential to understand common external-facing risks. Learn how to find the right threat intelligence feed and how the data can benefit cybersecurity. Continue Reading
-
Feature
05 May 2020
The what, why and how of the Spring Security architecture
Like any framework, Spring Security requires writing less code to implement the desired functionality. Learn how to implement the Spring Security architecture in this book excerpt. Continue Reading
-
News
05 May 2020
Research finds ransomware payments, demands increasing
Research from incident response vendor Coveware and national law firm BakerHostetler show massive increases in both ransomware demands and payments from victims. Continue Reading
-
Feature
05 May 2020
Why developers need to know the Spring Security framework
The Spring Security framework is a reliable way for Java developers to secure applications. However, proper implementation is critical to prevent the most common vulnerabilities. Continue Reading
-
News
05 May 2020
Critical SaltStack vulnerabilities exploited in several data breaches
SaltStack patched two critical vulnerabilities in its software last week, but hackers used the flaws over the weekend to breach several unpatched networks and systems. Continue Reading
-
Opinion
01 May 2020
Why nation-state cyberattacks must be top of mind for CISOs
Even though organizations face threats coming from many sources, one type of cyberattack should be top of mind for CISOs: those backed by nation-states. Here's why. Continue Reading
- 01 May 2020
-
Feature
01 May 2020
One security framework may be key to cyber effectiveness
The Mitre ATT&CK security framework could best enable effective cybersecurity, according to The Chertoff Group, as could joining information sharing and analysis organizations. Continue Reading
- 01 May 2020
-
Feature
01 May 2020
CISO stress and burnout cause high churn rate
The nature of the CISO role can take a toll, say industry vets, with frustration and stress contributing to high turnover rates and burnout. Learn how to make it work. Continue Reading
-
Infographic
01 May 2020
The state of cybersecurity risk: Detection and mitigation
Hackers will always try to creep in, and many will succeed. That's why effective detection and mitigation are essential. How are enterprises faring? Continue Reading
-
Podcast
01 May 2020
Risk & Repeat: RDP security under fire amid COVID-19
This week's Risk & Repeat podcast looks at how Microsoft's Remote Desktop Protocol, already a popular vector with hackers, has received even more attention during the pandemic. Continue Reading
-
Feature
01 May 2020
AI-powered cyberattacks force change to network security
Companies now face sophisticated enemies using AI and machine learning tools for their attacks. It's a world of new dangers for those defending network systems and data. Continue Reading
- 01 May 2020
-
Opinion
01 May 2020
Plan now for the future of network security
How to battle well-funded, technologically sophisticated threats and ensure high-quality network performance? CISOs need a plan to meet network challenges now and in the future. Continue Reading
- 01 May 2020
- E-Zine 01 May 2020
-
News
01 May 2020
Shade ransomware decryptor released with 750,000 keys
Kaspersky Lab released a decryptor tool after operators behind the ransomware variant announced a shutdown of operations and issued an apology for any harm caused. Continue Reading
-
Video
30 Apr 2020
Telework security requires meticulous caution, communication
Organizations that are proactive about telework security may enjoy a more resilient network environment. Follow five steps in this webinar to ensure secure remote work. Continue Reading
-
Feature
30 Apr 2020
Words to go: Types of phishing scams
IT teams must take proactive measures to address security awareness when it comes to email. Learn about the types of phishing scams to mitigate risk. Continue Reading
-
Tip
29 Apr 2020
SSL certificate best practices for 2020 and beyond
SSL/TLS security is continuously improving, and there are steps site owners should take to ensure the safety of their SSL certificates, websites and users. Read on to learn more. Continue Reading
-
Feature
29 Apr 2020
Mitigating ransomware and phishing attacks during a pandemic
Where most see crisis, cybercriminals see opportunity. Learn how security leaders can meet the challenges of mitigating ransomware threats and phishing attacks during a pandemic. Continue Reading
-
News
28 Apr 2020
Bugcrowd launches 'classic' penetration testing service
The crowdsourcing security company launched the Bugcrowd Classic Pen Test service to offer enterprises a more cost-effective and efficient way to test their cybersecurity posture. Continue Reading
-
Feature
28 Apr 2020
Utilize SMB security tools to work from home safely
With the global pandemic forcing enterprise workers home, SMB security tools can provide necessary protection for newly built home offices in order to keep business moving. Continue Reading
-
Feature
28 Apr 2020
Cybersecurity impact analysis template for pandemic planning
This template from IANS Research can help IT and security professionals document and prioritize essential processes, staffing and systems when faced with a pandemic event. Continue Reading
-
Answer
28 Apr 2020
Comparing policies, standards, procedures and technical controls
Infosec pros may have -- incorrectly -- heard the terms standard and policy used interchangeably. Examine the differences among a policy, standard, procedure and technical control. Continue Reading
-
News
27 Apr 2020
Zero-day flaw in Sophos XG Firewall exploited in attacks
Sophos released an emergency patch over the weekend for its XG firewalls after threat actors exploited a zero-day SQL vulnerability in the products to steal customer data. Continue Reading
-
Feature
27 Apr 2020
Securing a remote workforce amplifies common cybersecurity risks
Securing a remote workforce during the pandemic has not only created unforeseen cybersecurity risks, but also magnified old ones with more employees using home networks. Continue Reading
-
Podcast
24 Apr 2020
Risk & Repeat: Are ransomware attacks up or down?
This week's Risk & Repeat podcast looks at the latest research and analysis around ransomware to see what effect the COVID-19 pandemic has had on the threat landscape. Continue Reading
-
Feature
24 Apr 2020
Coronavirus phishing threats force heightened user awareness
As coronavirus phishing threats ramp up, organizations must turn to user education, in addition to traditional network security, as their best defense. Continue Reading
-
News
24 Apr 2020
Emsisoft: U.S. ransomware attacks declined during pandemic
In the first quarter of 2020, the number of successful ransomware attacks on government and healthcare organizations in the U.S. decreased to a level unseen in years, Emsisoft said. Continue Reading
-
News
23 Apr 2020
COVID-19 strains critical certificate authority processes
Border crossings. Police checkpoints. Security cages. Secret safes. These are just some of the hurdles certificate authorities face as they strive to maintain security during COVID-19. Continue Reading
-
Answer
23 Apr 2020
The differences between web roles and worker roles in Azure
What sets web roles and worker roles apart in Microsoft's Azure Cloud Services? Here's a look at how they are different. Continue Reading
-
News
22 Apr 2020
New spear phishing campaign targets oil and gas industry
Bitdefender researchers identified new spear phishing campaigns against the oil and gas industry that include emails with no typos and perfect usage of industry terminology. Continue Reading
-
Tip
22 Apr 2020
How to prepare for ransomware and phishing attacks
Follow these best practices to properly prepare for ransomware and phishing attacks, as well as further steps to stay secure in the face of a pandemic or widespread health event. Continue Reading
-
News
22 Apr 2020
Ransomware, cloud attacks more than doubled in 2019
New research by Trustwave shows 2019 saw huge increases in ransomware and cloud services attacks, as well as a big shift from spam toward business email compromise. Continue Reading
-
News
20 Apr 2020
Cognizant discloses Maze ransomware attack
Cognizant was attacked by the Maze ransomware gang, the company confirmed Saturday. It's unclear whether Cognizant clients were also breached or infected with ransomware. Continue Reading
-
News
20 Apr 2020
Google unveils BeyondCorp Remote Access as VPN alternative
Google unveiled a new iteration of its zero-trust network offering with BeyondCorp Remote Access, which is designed to help remote workers securely connect to critical web apps. Continue Reading
-
Feature
20 Apr 2020
Zero-trust management challenges outweighed by benefits
The zero-trust model's adoption, deployment and management challenges are easily outweighed by its ability to offset modern threats, IEEE senior member Jack Burbank advises. Continue Reading
-
News
17 Apr 2020
Ransomware attacks see 148% surge amid COVID-19
VMware Carbon Black saw a 148% increase in ransomware attacks in March over baseline levels in February, plus a massive spike in attacks on financial institutions. Continue Reading
-
Feature
17 Apr 2020
With US ban, Huawei products put CISOs on notice
The U.S. federal government has enacted bans on equipment it deems a national security risk. The move should make CISOs wary of what products they bring into their organizations. Continue Reading
-
Feature
17 Apr 2020
Phishing protection: Keep employees from getting hooked
Share this list of phishing techniques and detection tips to help employees avoid phishing schemes. Plus, review technologies to protect your enterprise from phishing attacks. Continue Reading
-
News
16 Apr 2020
TPG Capital combines 3 vendors to form Digital.ai
Private equity firm TPG Capital combined three acquisitions -- CollabNet VersionOne, XebiaLabs and Arxan Technologies -- to create the new DevSecOps-focused vendor. Continue Reading
-
News
16 Apr 2020
Hackers embrace cryptocurrency laundering to evade the law
Cybercriminals are turning to cryptocurrency laundering methods to hide illicit proceeds as law enforcement agencies find success in tracing bitcoin transactions. Continue Reading
-
News
15 Apr 2020
Malware found on 45 percent of home office networks
New research by BitSight compared malware infections on home office networks versus corporate networks, and the results were unsettling for remote enterprise users. Continue Reading
-
Opinion
14 Apr 2020
Bot management drives ethical data use, curbs image scraping
Bot management tools can help enterprises combat bad bots, prevent web and image scraping, and ensure ethical data use -- all while maintaining a positive end-user experience. Continue Reading
-
Tip
14 Apr 2020
Use an IoT security architecture to protect networks end to end
Organizations can reap benefits from IoT technology but only if it is properly secured. Learn the components of IoT network architecture and the unique security considerations of each. Continue Reading
-
News
14 Apr 2020
Russian threat group suspected of hacking SFO
San Francisco International Airport disclosed a data breach affected employees and third-party contractors, and ESET researchers said a Russian APT was likely behind the attack. Continue Reading
-
Tip
13 Apr 2020
Building security, privacy and trust in IoT deployments
The T in IoT doesn't stand for trust, but it's a critical component of any IoT deployment. Follow the AEIOU vowel framework for an actionable blueprint of building trust in IoT. Continue Reading
-
News
09 Apr 2020
APTs infiltrated Linux servers undetected for nearly 10 years
New BlackBerry research shows how five APT groups operating on behalf of the Chinese government infiltrated enterprise Linux environments undetected for nearly a decade. Continue Reading
-
Podcast
09 Apr 2020
Risk & Repeat: Are Zoom security fears overblown?
This week's Risk & Repeat podcast looks at the backlash against Zoom over security and privacy concerns and asks whether there's been an overreaction. Continue Reading
-
News
08 Apr 2020
Researchers beat fingerprint authentication with 3D printing scheme
New research by Cisco Talos shows popular fingerprint scanning technology can be defeated by lifting actual fingerprints and reproducing them through 3D printers. Continue Reading
-
Feature
07 Apr 2020
Skill building is key to furthering gender diversity in tech
Gender disparities imperil the threat intelligence community. Shannon Lietz, leader and director of DevSecOps at Intuit, discusses current efforts to attract female talent. Continue Reading
-
Tip
07 Apr 2020
AI pen testing promises, delivers both speed and accuracy
AI is making many essential cybersecurity tasks more effective and efficient. AI-enabled penetration testing, or BAS, technologies are a case in point. Continue Reading
-
News
06 Apr 2020
Zoom takes new security measures to counter 'Zoombombing'
Zoom has implemented two key security and privacy measures in order to counter 'Zoombombing.' One enables passwords in meetings by default, while the second creates waiting rooms. Continue Reading
-
Tip
06 Apr 2020
SASE identity policies enhance security and access control
Will the Secure Access Service Edge model be the next big thing in network security? Learn how SASE's expanded definition of identity is fundamental to this emerging access model. Continue Reading
-
Tip
06 Apr 2020
Using AIOps for cybersecurity and better threat response
AIOps platforms, when properly tuned, can benefit all of IT in important ways. Learn how these advanced security tools improve threat detection and response in myriad ways. Continue Reading
-
News
03 Apr 2020
Microsoft warns hospitals of impending ransomware attacks
Microsoft warned "dozens" of hospitals with vulnerable gateway and VPN software that an infamous ransomware group known as REvil is scanning the internet for such flaws. Continue Reading
-
Tip
03 Apr 2020
Comparing SASE vs. traditional network security architectures
Today's dispersed environments need stronger networking and security architectures. Enter cloud-based Secure Access Service Edge -- a new model for secure network access. Continue Reading
-
Feature
03 Apr 2020
4 essential AI-enabled security concerns for buyers and vendors
Experts offer four concerns for enterprises and vendors to discuss in order to deploy and run AI-based cybersecurity tools. Continue Reading
-
Podcast
02 Apr 2020
Risk & Repeat: Zoom security comes under fire
This week's Risk & Repeat podcast looks at several security issues Zoom faced over the last week, which led to questions about the company's privacy and security practices. Continue Reading
-
News
02 Apr 2020
Zoom zero-day vulnerabilities patched a day after disclosure
An ex-NSA hacker reported two zero-day vulnerabilities on his blog Wednesday. One of them can give an attacker control of a user's webcam and microphone. Zoom fixed both flaws quickly. Continue Reading
-
News
02 Apr 2020
Beazley: Ransomware attacks on clients 'skyrocketed' in 2019
The 2020 Beazley Breach Briefing reported a 131% increase in reported attacks against clients last year, and the insurance giant isn't expecting the trend to slow down. Continue Reading
-
Answer
02 Apr 2020
Considering the differences in LAN vs. WAN security
Given the differences in the security of LAN and WAN, enterprises need to guard against insider threats, secure against unauthorized access and potentially secure the edge, too. Continue Reading
-
News
01 Apr 2020
Voatz disputes claims it was 'kicked off' HackerOne
HackerOne has cut ties with Voatz, but the mobile voting vendor disputed reports that it was kicked off the bug bounty platform following controversy with security researchers. Continue Reading
-
News
31 Mar 2020
FTC calls out VoIP providers over coronavirus robocalls
The U.S. Federal Trade Commission warned nine voice over IP companies that 'assisting and facilitating' illegal robocalls related to COVID-19 is against the law. Continue Reading
-
Feature
31 Mar 2020
Will nonprofit's evolution of zero trust secure consumer data?
An Australian nonprofit aims to deliver an improved security protocol through what it calls a 'true zero-trust custody layer.' Will the protocol improve consumer data protection? Continue Reading
-
News
30 Mar 2020
Coronavirus phishing lures continue to dominate threat landscape
Overall cybercrime activity isn't necessarily going up amid COVID-19, experts say. However, coronavirus-themed emails are becoming the dominant form of phishing attacks. Continue Reading
-
Tip
30 Mar 2020
Best practices for threat modeling service mesh, microservices
In microservices and service mesh environments, communications don't follow static paths. As such, security teams must update their application threat modeling methods. Continue Reading
-
News
27 Mar 2020
Cyberinsurance carrier Chubb investigating possible data breach
Insurance giant Chubb confirmed it is investigating an incident that may involve the Maze ransomware group, which claims to have stolen sensitive data from the company. Continue Reading
-
Feature
27 Mar 2020
AI Security Alliance urges clarity for buying AI security tools
Vendors and customers must be aware of potential gaps between expectations and reality in the sale or purchase of AI cybersecurity products, an AI security expert advises. Continue Reading
-
Podcast
27 Mar 2020
Risk & Repeat: COVID-19 boosting social engineering attacks
This episode of the Risk & Repeat podcast looks at how social engineering attacks have become more successful by taking advantage of the coronavirus pandemic. Continue Reading
-
Feature
26 Mar 2020
CISA exam preparation requires learning ethics, standards, new vocab
The CISA certification is proof of an auditor's knowledge and skills. However, the exam isn't easy and requires some heavy learning -- especially when it comes to vocabulary. Continue Reading
-
Quiz
26 Mar 2020
CISA practice questions to prep for the exam
Ready to take the Certified Information Systems Auditor exam? Use these CISA practice questions to test your knowledge of the audit process job practice domain. Continue Reading
-
Feature
26 Mar 2020
Explore 7 data loss prevention tools for utmost security
Explore how DLP products secure enterprise data and these seven specialized vendors that provide protection through varying installation, platforms and features. Continue Reading
-
Feature
26 Mar 2020
Coronavirus phishing scams increase amid pandemic's spread
Organizations must account for a sharp uptick of coronavirus phishing scams in their pandemic and business continuity plans. Learn about the trend here, with steps for mitigation. Continue Reading
-
News
25 Mar 2020
China's APT41 attacks Citrix ADC flaws in cyberespionage campaign
A dual cyberespionage and cybercrime group known as APT41 exploited vulnerabilities in Citrix NetScaler/ADC and other products in an extensive, global threat campaign. Continue Reading
-
Tip
25 Mar 2020
Answering the top IoT risk management questions
Vulnerable IoT devices are commonly installed on enterprise networks, putting IT on the lookout for security issues. Here are answers to the biggest IoT risk management questions. Continue Reading
-
Tip
25 Mar 2020
How to prevent buffer overflow attacks
Read up on types of buffer overflow attacks, and learn secure coding best practices that prevent such vulnerabilities, as well as post-deployment steps to keep apps and websites safe. Continue Reading
-
News
24 Mar 2020
Canon breach exposes General Electric employee data
Canon Business Process Services was breached last month, according to an announcement by General Electric, which used Canon for employee document processing. Continue Reading
-
News
24 Mar 2020
Cisco security GM discusses plan for infosec domination
At RSA Conference 2020, Gee Rittenhouse, senior vice president and general manager of Cisco's security group, talks about the company's strategy to reshape the infosec industry. Continue Reading
-
Feature
24 Mar 2020
Experts say CIA security triad needs a DIE model upgrade
Using a distributed, immutable, ephemeral strategy instead of the traditional CIA triad could enable enterprises to encourage security by design and minimize risk, two experts say. Continue Reading
-
News
20 Mar 2020
Emsisoft, Coveware offer free ransomware services to hospitals
As they grapple with the COVID-19 pandemic, healthcare providers will have free access to a range of ransomware-related services from security vendors Emsisoft and Coveware. Continue Reading
-
News
19 Mar 2020
Deepfakes: Security experts undecided on the threat level
Deepfakes may seem like a scary new threat in today's world, but should the world be worried? SearchSecurity asked numerous experts to weigh in at RSA Conference 2020. Continue Reading
-
News
19 Mar 2020
Maze ransomware gang pledges to stop attacking hospitals
The infamous Maze gang announced it has stopped ransomware attacks on healthcare and medical facilities because of the seriousness of the coronavirus pandemic. Continue Reading
-
Podcast
19 Mar 2020
Risk & Repeat: Coronavirus-themed threats on the rise
This week's Risk & Repeat podcast looks at the disruption caused by COVID-19, as well as the sharp increase in cyberthreats designed to exploit the pandemic. Continue Reading
-
News
17 Mar 2020
Ransomware attacks poised to disrupt coronavirus response efforts
Experts fear that coronavirus-themed threats will escalate to ransomware attacks, and such attacks will disrupt response efforts at hospitals and city, state and local governments. Continue Reading
-
Tip
17 Mar 2020
4 tips to ensure secure remote working during COVID-19 pandemic
Don't let teleworkers compromise your enterprise's security. Follow these tips to ensure secure remote working in the event of a teleworker boom during a pandemic. Continue Reading