Manage

Manage

Learn to apply best practices and optimize your operations.

• Threat hunting techniques move beyond the SOC

  Tired of waiting for signs of an attack, companies are increasingly adding threat hunting capabilities to their playbooks to find likely ways their systems could be infiltrated. Continue Reading

• The threat hunting process is missing the human element

  Threat hunting hinges on an analyst's ability to create hypotheses and to look for indicators of compromise in your network. Do you have the resources to hunt? Continue Reading

• Allure of the threat hunter draws companies large and small

   Continue Reading

• Will cybersecurity safety ever equal air travel safety?

  Guaranteeing cybersecurity safety is one of the biggest challenges facing the tech industry, but using aviation safety as a model may help achieve that goal. Continue Reading

• Is network traffic monitoring still relevant today?

  An increase in DNS protocol variants has led to a higher demand for network traffic monitoring. The SANS Institute's Johannes Ullrich explains what this means for enterprises. Continue Reading

• How did the Emotet banking Trojan lead to a rise in attacks?

  A report on cybercrime shows a rise in banking Trojans, such as Emotet, targeting businesses over consumers. Malwarebytes' Adam Kujawa shares his thoughts on what's behind this shift.Continue Reading

• How was a MikroTik router hack used to hijack traffic?

  Qihoo 360 Netlab researchers found that TZSP traffic was being redirected from vulnerable routers. Learn what this type of traffic is and how this attack is possible.Continue Reading

• How was a black box attack used to exploit ATM vulnerabilities?

  Researchers from Positive Technologies found flaws affecting NCR ATMs. Discover how these ATM vulnerabilities work and how a patch can mitigate this attack.Continue Reading

• How container security tools affect overall system security

  Container security continues to be a pressing issue as containers and hosts are being used more frequently. Learn how to keep your enterprise safe with Matt Pascucci.Continue Reading

• How does a Bluetooth vulnerability enable validation attacks?

  Bluetooth devices might be at risk after a new Bluetooth vulnerability was found targeting firmware and operating system software drivers. Learn how it works and can be mitigated.Continue Reading

• How does Thanatos ransomware decryptor tool restore data?

  Cisco Talos' Thanatos ransomware decryptor can recover files affected by new ransomware that won't decrypt ransomed files even when a ransom has been paid.Continue Reading

• How to configure browsers to avoid web cache poisoning

  Web cache poisoning poses a serious threat to web browser security. Learn how hackers can exploit unkeyed inputs for malicious use with expert Michael Cobb.Continue Reading

• How is the Trezor cryptocurrency online wallet under attack?

  A phishing campaign targeting Trezor wallets may have poisoned DNS or hijacked BGP to gain access. Learn how the attack worked and how to mitigate it with expert Nick Lewis.Continue Reading

• How does the Mylobot botnet differ from a typical botnet?

  The new Mylobot botnet demonstrated new, complex tools and techniques that are modifying botnet attacks. Learn how this botnet differs from a typical botnet with Nick Lewis.Continue Reading

• Insider threat protection: Strategies for enterprises

  Insider threats pose a serious risk to enterprises. Peter Sullivan explains how enterprises can use background checks and risk assessments for insider threat protection.Continue Reading

• What is behind the growing trend of BEC attacks?

  BEC attacks cost over $676 million in 2017, according to the FBI's Internet Crime Report. Learn how to recognize possible BEC attacks from expert Michael Cobb.Continue Reading

• How does site isolation defend against Spectre vulnerabilities?

  Spectre exploits how processors manage performance-enhancing features. Expert Michael Cobb explains Google Chrome's initiative to use site isolation as a defense mechanism.Continue Reading

• How testing perspectives helps find application security flaws

  Application security testing requires users to test from all the right perspectives. Discover testing techniques that help find application security flaws with expert Kevin Beaver.Continue Reading

• How does the public Venmo API pose a threat for users?

  The public Venmo API setting puts users at risk by providing detailed insight into their transactions and personal lives. Expert Michael Cobb discusses the risks of public APIs.Continue Reading

• NIST incident response plan: 4 steps to better incident handling

  The NIST incident response plan involves four phases enterprises can take to improve security incident handling. Expert Mike O. Villegas reviews each step.Continue Reading

• Enterprises should reconsider SMS-based 2FA use after breach

  A Reddit breach was triggered by threat actors intercepting SMS messages used to authenticate employees to access sensitive data. Learn why enterprises should reconsider SMS for 2FA.Continue Reading

• Does pcAnywhere put election management systems at risk?

  ES&S admitted it installed the insecure remote access program pcAnywhere on election management systems. Learn what pcAnywhere is and what this risk means for election systems.Continue Reading

• What are DMARC records and can they improve email security?

  Last year, the U.S. federal government mandated that by October 2018, all agencies must have DMARC policies in place. Learn how complicated this requirement is with Judith Myerson.Continue Reading

• How does the resurgent VPNFilter botnet target victims?

  After a comeback of the Russian-built VPNFilter botnet, home network devices are at risk. Learn how this malware targets victims with expert Nick Lewis.Continue Reading

• The implications of the NetSpectre vulnerability

  The NetSpectre vulnerability could enable a slow leak of data remotely via side channels. Expert Michael Cobb explains why data on secure microprocessors is not actually safe.Continue Reading

• How to monitor AWS credentials with the new Trailblazer tool

  A security researcher introduced a tool called Trailblazer, which aims to simplify monitoring AWS credentials. Expert Dave Shackleford explains how it can bolster cloud security.Continue Reading

• How did the IcedID and TrickBot banking Trojans join forces?

  The TrickBot banking Trojan joined forces with IcedID to form a dual threat that targets victims for money. Discover how this union occurred and how it has changed their behaviors.Continue Reading

• How does the APT attack Double Kill work in Office documents?

  The Qihoo 360 Core Security team found a Microsoft vulnerability -- named Double Kill -- that affects applications via Office documents. Learn how this is possible with Nick Lewis.Continue Reading

• How does the MnuBot banking Trojan use unusual C&C servers?

  IBM X-Force found MnuBot -- a new banking Trojan -- manipulating C&C servers in an unusual way. Learn how this is possible and how this malware differs from those in the past.Continue Reading

• How can companies implement ITSM compliance standards?

  In this Ask the Expert, IT governance expert Jeffrey Ritter discusses his formula to successfully align new technology with ITSM compliance standards -- all while minimizing risk.Continue Reading

• How does Apple's Quick Look endanger user privacy?

  Apple's Quick Look feature previews thumbnails that are not encrypted. Learn how this poses a security threat to enterprises from expert Michael Cobb.Continue Reading

• How entropy sources interact with security and privacy plans

  NIST published a draft of its 'Risk Management Framework for Information Systems and Organizations.' Learn what this report entails, as well as how entropy source controls play a key role.Continue Reading

• Prepping your SIEM architecture for the future

  Is your SIEM ready to face the future? Or is it time for a major tune-up or at least some tweaks around the edges? Learn how to approach your SIEM assessment and updates.Continue Reading

• Picking the right focus for web application security testing

  Deciding which web applications on which to focus application security testing is a challenging task. Read this list of considerations to ensure you're addressing the right areas.Continue Reading

• How was Google Firebase security bypassed?

  Google Firebase's inadequate back-end development led to data leaks and vulnerabilities, including HospitalGown. Learn more about this security flaw from expert Michael Cobb.Continue Reading

• How does stegware malware exploit steganography techniques?

  Researchers at the 2018 RSA Conference discussed the increasing availability of malware that uses steganography, dubbed stegware. Discover how this works with expert Nick Lewis.Continue Reading

• User behavior analytics tackles cloud, hybrid environments

  Integration of user behavior analytics as a feature of other security technologies such as SIEM and data loss prevention shows no sign of slowing down. User behavior analytics tools develop baselines and then correlate threat events, user and entity...Continue Reading

• Beware of the gray hat hacker, survey warns

  Close to 40% of security professionals either know, or have known, a legitimate security practitioner who has participated at some point in black hat activities.Continue Reading

• Cloud-first? User and entity behavior analytics takes flight

  The power and cost savings associated with software as a service are tempting companies to consider applications for security analytics both on premises and in the public cloud.Continue Reading

• Industries seek to improve third-party security risk controls

  Healthcare security leaders are developing industry best practices for better third-party risk management using common assessment and certification standards.Continue Reading

• White hat Dave Kennedy on purple teaming, penetration testing

  Russia and other nation-states use application control bypass techniques because they don't "trigger any alarms," the chief hacking officer says.Continue Reading

• Kurt Huhn discusses the role of CISO in the Ocean State

  A strategy focused on widespread training and education leads to progress against one of the state's biggest threats, says the Rhode Island CISO.Continue Reading

• CISOs face third-party risk management challenges

  Security professionals understand all too well what's at stake, and that's why more companies look to tighten up security with third parties.Continue Reading

• How can GravityRAT check for antimalware sandboxes?

  A remote access Trojan -- dubbed GravityRAT -- was discovered checking for antimalware sandboxes by Cisco Talos. Learn how this technique works and how it can be mitigated.Continue Reading

• SamSam ransomware: How is this version different from others?

  Sophos recently discovered a SamSam extortion code that performs company-wide attacks using a range of vulnerability exploits. Discover how this version differs from past variants.Continue Reading

• How can live chat widgets leak personal employee data?

  Project Insecurity researchers found live chat software leaking personal employee data. Learn how attackers can use this leaked information and data to hurt organizations.Continue Reading

• BlackTDS: How can enterprise security teams avoid an attack?

  Proofpoint researchers found a bulletproof hosting evolution, BlackTDS, this is believed to be advertised on the dark web. Learn what security teams should know with Nick Lewis.Continue Reading

• Android Trojan: How is data being stolen from messaging apps?

  Trustlook Labs discovered an Android Trojan stealing data from messaging apps. Learn what mobile security pros should look for to detect this malware with expert Nick Lewis.Continue Reading

• Why a unified local government security program is crucial

  When considering a local government cybersecurity program, companies must understand the dangers of not having one. Matt Pascucci explains why a program designed to monitor the public sector is crucial.Continue Reading

• GoScanSSH: How does this malware work and differ from others?

  A group of malware was discovered targeting public SSH servers. However, it avoided certain IP addresses. Discover how this is possible and how the malware works with Nick Lewis.Continue Reading

• How can a compliance strategy improve customer trust?

  Privacy compliance strategy can help build consumer trust and improve security if companies stop looking at the regulations as an obstacle and more as a business opportunity.Continue Reading

• PulseNet: How do improper authentication flaws affect it?

  GE reported an improper authentication flaw in its PulseNet network management software for critical infrastructures. Discover how this flaw works with Judith Myerson.Continue Reading

• Secure encrypted virtualization: How is this technology exploited?

  Researchers claim to have found a new attack against VMs that affects SEV technology. Expert Judith Myerson explains what this attack is and how it can be exploited.Continue Reading

• WPA3 protocol: Should enterprises implement the changes?

  The Wi-Fi Alliance released the updated WPA3 protocol, adding security enhancements to the Wi-Fi access process. Learn why enterprises should update with Judith Myerson.Continue Reading

• What is VPNFilter malware and how can users protect themselves?

  A new threat named VPNFilter was discovered by cybersecurity researchers after home and office routers were compromised. Learn how this malware works with Judith Myerson.Continue Reading

• How does Telegram malware bypass end-to-end encryption?

  A Telegram malware called Telegrab targets Telegram's desktop instant messaging service to collect and exfiltrate cache data. Expert Michael Cobb explains how Telegrab works.Continue Reading

• How does Android Protected Confirmation provide security for users?

  Android P integrates Android Protected Confirmation, which provides sufficient trust in the authentication process. Learn more about this new feature with expert Michael Cobb.Continue Reading

• Security access controls over identities must be priority

  IT security pros must pay attention to securing identity and access, or their companies will pay the price. Make sure your policies are updated and the best tools are in place.Continue Reading

• What about enterprise identity management for 'non-users'?

  Identity and access management for service, machine and application accounts is as important as it is for individuals, so be sure your IAM strategy considers so-called non-users.Continue Reading

• How hardening options help handle unpatchable vulnerabilities

  Using multiple hardening options to endure unpatchable vulnerabilities is explored in a recent NIST report. Learn how entropy sources can be an additional option with Judith Myerson.Continue Reading

• How does the Android Rowhammer exploit affect users?

  Android Rowhammer is a hardware weakness in older devices that puts users at risk of remote exploits. Expert Michael Cobb explains why it's important to upgrade to newer devices.Continue Reading

• IonCube malware: Who do these malicious files put at risk?

  Malicious files posing as legitimate ionCube files were recently found by WordPress and Joomla admins. Learn how the ionCube malware works with expert Nick Lewis.Continue Reading

• How the STARTTLS Everywhere initiative will affect surveillance

  The EFF's STARTTLS Everywhere initiative encrypts email during delivery and aims to prevent mass email surveillance. Expert Michael Cobb explains how STARTTLS works.Continue Reading

• How Azure AD uses cloud access control to protect credentials

  Features such as Microsoft Azure AD Smart Lockout and Password Protection add security via trusted authentication. Learn more about cloud access control from expert Ed Moyle.Continue Reading

• How hard-coded credentials threaten ICS security

  Hard-coded credentials open industrial control systems up to unauthorized access by malicious actors and threaten ICS security. Expert Ernie Hayden explains the threat and what enterprises can do about it.Continue Reading

• Red team assessments and post-assessment posture improvement

  Testing an organization's security maturity is crucial for an organization to improve their post-assessment posture. Learn how red teaming can help this situation with Matt Pascucci.Continue Reading

• SamSam ransomware: How can enterprises prevent an attack?

  SamSam ransomware infected the Colorado DOT after hitting hospitals, city councils and companies. Learn how this version differs from those we've seen in the past.Continue Reading

• How does Google's new detection model find bad Android apps?

  Malicious apps have been a consistent problem for the Google Play Store, so a new detection model has been released to help clean it up. Learn how this system works with Nick Lewis.Continue Reading

• How can a 13-year-old configuration flaw affect SAP systems?

  Cybersecurity vendor Onapsis found a 13-year-old flaw that affects nine out of 10 SAP NetWeaver systems. Learn how the flaw affects SAP systems with expert Judith Myerson.Continue Reading

• Why container orchestration platforms risk data exposure

  Container orchestration platforms expose interfaces and create the risk of data exposure and unauthorized access. Expert Dave Shackleford explains why these risks exist in enterprises.Continue Reading

• My Cloud EX2: How can this device expose unauthorized data?

  SpiderLabs discovered My Cloud EX2 backup devices exposing unauthorized HTTP requests. Join Judith Myerson as she explains how this happens, as well as the impact on DLNA devices.Continue Reading

• How new cybersecurity problems emerge from fake news

  As fake news continues to emerge, new cybersecurity challenges for IT professionals arise. Learn why we should continue to care about cyber propaganda and what we can do.Continue Reading

• LG network: How can attackers use preauthenticated commands?

  A vulnerability was found in the LG network involving remote preauthenticated commands. Learn how researchers created a malicious password to show how it issue can be abused.Continue Reading

• How does an IMSI catcher exploit SS7 vulnerabilities?

  A warning was issued by the Department of Homeland Security regarding the exploitation of SS7 vulnerabilities by IMSI catchers. Learn how this puts mobile communication at risk.Continue Reading

• How is Oracle Micros POS affected by CVE 2018-2636?

  A security researcher found a security flaw dubbed CVE-2018-2636 that enables the installation of malware on Oracle Micros POS systems. Learn more about the vulnerability.Continue Reading

• OneLogin security chief delivers new security model

  How did cloud identity and access management vendor OneLogin rebuild its security after a breach? We ask OneLogin security chief Justin Calmus.Continue Reading

• How to mitigate the Efail flaws in OpenPGP and S/MIME

  Efail exploits vulnerabilities in the OpenPGP and S/MIME standards to reveal the plaintext in encrypted emails. Learn more about the Efail vulnerabilities from expert Michael Cobb.Continue Reading

• What is missing from the NIST/DHS botnet security report?

  The joint DHS and NIST report on botnet security offers goals and action items to counter distributed cyberthreats. Learn the report recommendations with expert Nick Lewis.Continue Reading

• Skygofree Trojan: What makes this spyware unique?

  Android malware was discovered by Kaspersky Labs and named Skygofree. This Trojan targets smartphones and tablets using spyware and gathers user information and app data.Continue Reading

• Ransomware recovery: How can enterprises operate post-attack?

  A report detailed how Maersk recovered its infrastructure from a NotPetya ransomware attack along with its chosen recovery option. Expert Nick Lewis explains how it worked.Continue Reading

• 10 unified access management questions for OneLogin CSO Justin Calmus

  Enterprise security veteran Justin Calmus, who describes himself as an avid hacker, joined OneLogin as the CSO earlier this year. After last year's breach, who would want this job?Continue Reading

• Okiru malware: How does this Mirai malware variant work?

  A Mirai variant has the ability to put billions of devices at risk of becoming part of a botnet. Discover how this works and what devices are at risk with expert Nick Lewis.Continue Reading

• How criticality analysis benefits from an entropy engineer

  NIST published 'Criticality Analysis Process Model: Prioritizing Systems and Components' to guide organizations when prioritizing systems. Discover the key processes with Judith Myerson.Continue Reading

• How online malware collection aids threat intelligence

  Threat intelligence can facilitate cloud-based malware collection, which has value for enterprise cybersecurity. Expert Frank Siemons discusses collecting and analyzing malware.Continue Reading

• How do SDKs for ad networks cause data leaks?

  SDKs made user data susceptible to security vulnerabilities in mobile apps. Expert Michael Cobb explains how this security vulnerability put user data at risk.Continue Reading

• What to do when IPv4 and IPv6 policies disagree

  Unfortunately for enterprises, IPv4 and IPv6 policies don't always agree. Fernando Gont examines the differences between these two security policies, as well as some filtering rules.Continue Reading

• Security data scientists on how to make your data useful

  Data science and machine learning can reveal valuable security information that would otherwise remain hidden in large data sets. Security data scientists can be hard to find and may be out of reach for most organizations. Even without these skill ...Continue Reading

• Tom Van Vleck on the Multics operating system, security decisions

  Time-sharing systems got a lot right from a security standpoint. "We aimed toward a completely lights-out, 'no chance for mistakes' interface," says the security researcher.Continue Reading

• Fannie Mae CISO calls for more data on security incidents

  Chris Porter's years as a lead analyst and author of Verizon's Data Breach Investigations Report helped prepare him for the chief of security role at the primary housing lender.Continue Reading

• Not enough information security analysts, despite higher wages

  Survey data on global skills shortages does not show significant changes, even as companies turn to strategies such as security automation to make security teams more efficient.Continue Reading

• Overwhelmed by security data? Science to the rescue

  Security teams increasingly use large data sets from their networks to find hidden threats. Why companies should embark on their own data science and machine learning initiatives.Continue Reading

• Why third-party access to data may come at a price

  Google and other platform companies dangled not only APIs but access to user data from unwitting customers to attract third-party developers and other partners.Continue Reading

• Citrix's Peter Lefkowitz on impact of GDPR privacy requirements

  New consumer privacy laws are changing the global privacy landscape. Citrix's Peter Lefkowitz explains how Citrix is approaching GDPR compliance and privacy issues in general.Continue Reading

• Powerhammering: Can a power cable be used in air-gapped attacks?

  Air-gapped computers subject to PowerHammer attack: Proof-of-concept attack enables data exfiltration through control of current flow over power cables.Continue Reading

• How to identify and protect high-value data in the enterprise

  Protecting data in the enterprise is a crucial but challenging task. Expert Charles Kao shares key steps and strategies to consider to identify and protect high-value data.Continue Reading

• Cisco's chief privacy officer on the future of data after GDPR

  Michelle Dennedy, vice president and chief privacy officer at Cisco, discusses her company's approach to meeting the requirements of the EU's General Data Protection Regulation.Continue Reading

• Bouncy Castle keystore: How are files vulnerable to brute force?

  BKS files are being exposed to hash collisions, enabling hackers to use brute force attacks against C# and Java applications. Learn how this occurs and possible solutions with Judith Myerson.Continue Reading

• How did a Navarino Infinity flaw expose unauthenticated scripts?

  Navarino Infinity, a satellite communication system, found and fixed a flaw that exposed an unauthenticated script. Discover what threats this flaw enabled with Judith Myerson.Continue Reading

• Trojan.AndroidOS.Loapi: What is this jack-of-all-trades malware?

  Kaspersky researchers found a new Android malware that can physically harm phones. Learn how this works and the steps to mitigate the attack with expert Nick Lewis.Continue Reading

• Zealot campaign: How is the Apache Struts vulnerability used?

  The Zealot campaign discovered by F5 Networks uses the same Apache Struts vulnerability exploited in the Equifax breach. Learn how else it performs cryptomining with Nick Lewis.Continue Reading