Manage
Learn to apply best practices and optimize your operations.
Manage
Learn to apply best practices and optimize your operations.
IAM system strategy identifies metrics that work for business
Security professionals are using identity and access management systems to track metrics on password resets, onboarding and offboarding, and employee retention and customer service. Continue Reading
Still no answers to endpoint security protection, survey finds
The frequency of endpoint attacks is on the rise, with 76% of IT security professionals reporting that their organization was compromised by new or zero-day (unknown) exploits. Continue Reading
Threat hunting techniques move beyond the SOC
Tired of waiting for signs of an attack, companies are increasingly adding threat hunting capabilities to their playbooks to find likely ways their systems could be infiltrated. Continue Reading
-
The threat hunting process is missing the human element
Threat hunting hinges on an analyst's ability to create hypotheses and to look for indicators of compromise in your network. Do you have the resources to hunt? Continue Reading
Allure of the threat hunter draws companies large and small
Will cybersecurity safety ever equal air travel safety?
Guaranteeing cybersecurity safety is one of the biggest challenges facing the tech industry, but using aviation safety as a model may help achieve that goal.Continue Reading
Is network traffic monitoring still relevant today?
An increase in DNS protocol variants has led to a higher demand for network traffic monitoring. The SANS Institute's Johannes Ullrich explains what this means for enterprises.Continue Reading
How did the Emotet banking Trojan lead to a rise in attacks?
A report on cybercrime shows a rise in banking Trojans, such as Emotet, targeting businesses over consumers. Malwarebytes' Adam Kujawa shares his thoughts on what's behind this shift.Continue Reading
How was a MikroTik router hack used to hijack traffic?
Qihoo 360 Netlab researchers found that TZSP traffic was being redirected from vulnerable routers. Learn what this type of traffic is and how this attack is possible.Continue Reading
How was a black box attack used to exploit ATM vulnerabilities?
Researchers from Positive Technologies found flaws affecting NCR ATMs. Discover how these ATM vulnerabilities work and how a patch can mitigate this attack.Continue Reading
-
How container security tools affect overall system security
Container security continues to be a pressing issue as containers and hosts are being used more frequently. Learn how to keep your enterprise safe with Matt Pascucci.Continue Reading
How does a Bluetooth vulnerability enable validation attacks?
Bluetooth devices might be at risk after a new Bluetooth vulnerability was found targeting firmware and operating system software drivers. Learn how it works and can be mitigated.Continue Reading
How does Thanatos ransomware decryptor tool restore data?
Cisco Talos' Thanatos ransomware decryptor can recover files affected by new ransomware that won't decrypt ransomed files even when a ransom has been paid.Continue Reading
How to configure browsers to avoid web cache poisoning
Web cache poisoning poses a serious threat to web browser security. Learn how hackers can exploit unkeyed inputs for malicious use with expert Michael Cobb.Continue Reading
How is the Trezor cryptocurrency online wallet under attack?
A phishing campaign targeting Trezor wallets may have poisoned DNS or hijacked BGP to gain access. Learn how the attack worked and how to mitigate it with expert Nick Lewis.Continue Reading
How does the Mylobot botnet differ from a typical botnet?
The new Mylobot botnet demonstrated new, complex tools and techniques that are modifying botnet attacks. Learn how this botnet differs from a typical botnet with Nick Lewis.Continue Reading
Insider threat protection: Strategies for enterprises
Insider threats pose a serious risk to enterprises. Peter Sullivan explains how enterprises can use background checks and risk assessments for insider threat protection.Continue Reading
What is behind the growing trend of BEC attacks?
BEC attacks cost over $676 million in 2017, according to the FBI's Internet Crime Report. Learn how to recognize possible BEC attacks from expert Michael Cobb.Continue Reading
How does site isolation defend against Spectre vulnerabilities?
Spectre exploits how processors manage performance-enhancing features. Expert Michael Cobb explains Google Chrome's initiative to use site isolation as a defense mechanism.Continue Reading
How does the public Venmo API pose a threat for users?
The public Venmo API setting puts users at risk by providing detailed insight into their transactions and personal lives. Expert Michael Cobb discusses the risks of public APIs.Continue Reading
How testing perspectives helps find application security flaws
Application security testing requires users to test from all the right perspectives. Discover testing techniques that help find application security flaws with expert Kevin Beaver.Continue Reading
NIST incident response plan: 4 steps to better incident handling
The NIST incident response plan involves four phases enterprises can take to improve security incident handling. Expert Mike O. Villegas reviews each step.Continue Reading
Enterprises should reconsider SMS-based 2FA use after breach
A Reddit breach was triggered by threat actors intercepting SMS messages used to authenticate employees to access sensitive data. Learn why enterprises should reconsider SMS for 2FA.Continue Reading
Does pcAnywhere put election management systems at risk?
ES&S admitted it installed the insecure remote access program pcAnywhere on election management systems. Learn what pcAnywhere is and what this risk means for election systems.Continue Reading
What are DMARC records and can they improve email security?
Last year, the U.S. federal government mandated that by October 2018, all agencies must have DMARC policies in place. Learn how complicated this requirement is with Judith Myerson.Continue Reading
How does the resurgent VPNFilter botnet target victims?
After a comeback of the Russian-built VPNFilter botnet, home network devices are at risk. Learn how this malware targets victims with expert Nick Lewis.Continue Reading
The implications of the NetSpectre vulnerability
The NetSpectre vulnerability could enable a slow leak of data remotely via side channels. Expert Michael Cobb explains why data on secure microprocessors is not actually safe.Continue Reading
How to monitor AWS credentials with the new Trailblazer tool
A security researcher introduced a tool called Trailblazer, which aims to simplify monitoring AWS credentials. Expert Dave Shackleford explains how it can bolster cloud security.Continue Reading
How did the IcedID and TrickBot banking Trojans join forces?
The TrickBot banking Trojan joined forces with IcedID to form a dual threat that targets victims for money. Discover how this union occurred and how it has changed their behaviors.Continue Reading
How does the APT attack Double Kill work in Office documents?
The Qihoo 360 Core Security team found a Microsoft vulnerability -- named Double Kill -- that affects applications via Office documents. Learn how this is possible with Nick Lewis.Continue Reading
How does the MnuBot banking Trojan use unusual C&C servers?
IBM X-Force found MnuBot -- a new banking Trojan -- manipulating C&C servers in an unusual way. Learn how this is possible and how this malware differs from those in the past.Continue Reading
How can companies implement ITSM compliance standards?
In this Ask the Expert, IT governance expert Jeffrey Ritter discusses his formula to successfully align new technology with ITSM compliance standards -- all while minimizing risk.Continue Reading
How does Apple's Quick Look endanger user privacy?
Apple's Quick Look feature previews thumbnails that are not encrypted. Learn how this poses a security threat to enterprises from expert Michael Cobb.Continue Reading
How entropy sources interact with security and privacy plans
NIST published a draft of its 'Risk Management Framework for Information Systems and Organizations.' Learn what this report entails, as well as how entropy source controls play a key role.Continue Reading
Prepping your SIEM architecture for the future
Is your SIEM ready to face the future? Or is it time for a major tune-up or at least some tweaks around the edges? Learn how to approach your SIEM assessment and updates.Continue Reading
Picking the right focus for web application security testing
Deciding which web applications on which to focus application security testing is a challenging task. Read this list of considerations to ensure you're addressing the right areas.Continue Reading
How was Google Firebase security bypassed?
Google Firebase's inadequate back-end development led to data leaks and vulnerabilities, including HospitalGown. Learn more about this security flaw from expert Michael Cobb.Continue Reading
How does stegware malware exploit steganography techniques?
Researchers at the 2018 RSA Conference discussed the increasing availability of malware that uses steganography, dubbed stegware. Discover how this works with expert Nick Lewis.Continue Reading
User behavior analytics tackles cloud, hybrid environments
Integration of user behavior analytics as a feature of other security technologies such as SIEM and data loss prevention shows no sign of slowing down. User behavior analytics tools develop baselines and then correlate threat events, user and entity...Continue Reading
Beware of the gray hat hacker, survey warns
Close to 40% of security professionals either know, or have known, a legitimate security practitioner who has participated at some point in black hat activities.Continue Reading
Cloud-first? User and entity behavior analytics takes flight
The power and cost savings associated with software as a service are tempting companies to consider applications for security analytics both on premises and in the public cloud.Continue Reading
Industries seek to improve third-party security risk controls
Healthcare security leaders are developing industry best practices for better third-party risk management using common assessment and certification standards.Continue Reading
White hat Dave Kennedy on purple teaming, penetration testing
Russia and other nation-states use application control bypass techniques because they don't "trigger any alarms," the chief hacking officer says.Continue Reading
Kurt Huhn discusses the role of CISO in the Ocean State
A strategy focused on widespread training and education leads to progress against one of the state's biggest threats, says the Rhode Island CISO.Continue Reading
CISOs face third-party risk management challenges
Security professionals understand all too well what's at stake, and that's why more companies look to tighten up security with third parties.Continue Reading
How can GravityRAT check for antimalware sandboxes?
A remote access Trojan -- dubbed GravityRAT -- was discovered checking for antimalware sandboxes by Cisco Talos. Learn how this technique works and how it can be mitigated.Continue Reading
SamSam ransomware: How is this version different from others?
Sophos recently discovered a SamSam extortion code that performs company-wide attacks using a range of vulnerability exploits. Discover how this version differs from past variants.Continue Reading
How can live chat widgets leak personal employee data?
Project Insecurity researchers found live chat software leaking personal employee data. Learn how attackers can use this leaked information and data to hurt organizations.Continue Reading
BlackTDS: How can enterprise security teams avoid an attack?
Proofpoint researchers found a bulletproof hosting evolution, BlackTDS, this is believed to be advertised on the dark web. Learn what security teams should know with Nick Lewis.Continue Reading
Android Trojan: How is data being stolen from messaging apps?
Trustlook Labs discovered an Android Trojan stealing data from messaging apps. Learn what mobile security pros should look for to detect this malware with expert Nick Lewis.Continue Reading
Why a unified local government security program is crucial
When considering a local government cybersecurity program, companies must understand the dangers of not having one. Matt Pascucci explains why a program designed to monitor the public sector is crucial.Continue Reading
GoScanSSH: How does this malware work and differ from others?
A group of malware was discovered targeting public SSH servers. However, it avoided certain IP addresses. Discover how this is possible and how the malware works with Nick Lewis.Continue Reading
How can a compliance strategy improve customer trust?
Privacy compliance strategy can help build consumer trust and improve security if companies stop looking at the regulations as an obstacle and more as a business opportunity.Continue Reading
PulseNet: How do improper authentication flaws affect it?
GE reported an improper authentication flaw in its PulseNet network management software for critical infrastructures. Discover how this flaw works with Judith Myerson.Continue Reading
Secure encrypted virtualization: How is this technology exploited?
Researchers claim to have found a new attack against VMs that affects SEV technology. Expert Judith Myerson explains what this attack is and how it can be exploited.Continue Reading
WPA3 protocol: Should enterprises implement the changes?
The Wi-Fi Alliance released the updated WPA3 protocol, adding security enhancements to the Wi-Fi access process. Learn why enterprises should update with Judith Myerson.Continue Reading
What is VPNFilter malware and how can users protect themselves?
A new threat named VPNFilter was discovered by cybersecurity researchers after home and office routers were compromised. Learn how this malware works with Judith Myerson.Continue Reading
How does Telegram malware bypass end-to-end encryption?
A Telegram malware called Telegrab targets Telegram's desktop instant messaging service to collect and exfiltrate cache data. Expert Michael Cobb explains how Telegrab works.Continue Reading
How does Android Protected Confirmation provide security for users?
Android P integrates Android Protected Confirmation, which provides sufficient trust in the authentication process. Learn more about this new feature with expert Michael Cobb.Continue Reading
Security access controls over identities must be priority
IT security pros must pay attention to securing identity and access, or their companies will pay the price. Make sure your policies are updated and the best tools are in place.Continue Reading
What about enterprise identity management for 'non-users'?
Identity and access management for service, machine and application accounts is as important as it is for individuals, so be sure your IAM strategy considers so-called non-users.Continue Reading
How hardening options help handle unpatchable vulnerabilities
Using multiple hardening options to endure unpatchable vulnerabilities is explored in a recent NIST report. Learn how entropy sources can be an additional option with Judith Myerson.Continue Reading
How does the Android Rowhammer exploit affect users?
Android Rowhammer is a hardware weakness in older devices that puts users at risk of remote exploits. Expert Michael Cobb explains why it's important to upgrade to newer devices.Continue Reading
IonCube malware: Who do these malicious files put at risk?
Malicious files posing as legitimate ionCube files were recently found by WordPress and Joomla admins. Learn how the ionCube malware works with expert Nick Lewis.Continue Reading
How the STARTTLS Everywhere initiative will affect surveillance
The EFF's STARTTLS Everywhere initiative encrypts email during delivery and aims to prevent mass email surveillance. Expert Michael Cobb explains how STARTTLS works.Continue Reading
How Azure AD uses cloud access control to protect credentials
Features such as Microsoft Azure AD Smart Lockout and Password Protection add security via trusted authentication. Learn more about cloud access control from expert Ed Moyle.Continue Reading
How hard-coded credentials threaten ICS security
Hard-coded credentials open industrial control systems up to unauthorized access by malicious actors and threaten ICS security. Expert Ernie Hayden explains the threat and what enterprises can do about it.Continue Reading
Red team assessments and post-assessment posture improvement
Testing an organization's security maturity is crucial for an organization to improve their post-assessment posture. Learn how red teaming can help this situation with Matt Pascucci.Continue Reading
SamSam ransomware: How can enterprises prevent an attack?
SamSam ransomware infected the Colorado DOT after hitting hospitals, city councils and companies. Learn how this version differs from those we've seen in the past.Continue Reading
How does Google's new detection model find bad Android apps?
Malicious apps have been a consistent problem for the Google Play Store, so a new detection model has been released to help clean it up. Learn how this system works with Nick Lewis.Continue Reading
How can a 13-year-old configuration flaw affect SAP systems?
Cybersecurity vendor Onapsis found a 13-year-old flaw that affects nine out of 10 SAP NetWeaver systems. Learn how the flaw affects SAP systems with expert Judith Myerson.Continue Reading
Why container orchestration platforms risk data exposure
Container orchestration platforms expose interfaces and create the risk of data exposure and unauthorized access. Expert Dave Shackleford explains why these risks exist in enterprises.Continue Reading
My Cloud EX2: How can this device expose unauthorized data?
SpiderLabs discovered My Cloud EX2 backup devices exposing unauthorized HTTP requests. Join Judith Myerson as she explains how this happens, as well as the impact on DLNA devices.Continue Reading
How new cybersecurity problems emerge from fake news
As fake news continues to emerge, new cybersecurity challenges for IT professionals arise. Learn why we should continue to care about cyber propaganda and what we can do.Continue Reading
LG network: How can attackers use preauthenticated commands?
A vulnerability was found in the LG network involving remote preauthenticated commands. Learn how researchers created a malicious password to show how it issue can be abused.Continue Reading
How does an IMSI catcher exploit SS7 vulnerabilities?
A warning was issued by the Department of Homeland Security regarding the exploitation of SS7 vulnerabilities by IMSI catchers. Learn how this puts mobile communication at risk.Continue Reading
How is Oracle Micros POS affected by CVE 2018-2636?
A security researcher found a security flaw dubbed CVE-2018-2636 that enables the installation of malware on Oracle Micros POS systems. Learn more about the vulnerability.Continue Reading
OneLogin security chief delivers new security model
How did cloud identity and access management vendor OneLogin rebuild its security after a breach? We ask OneLogin security chief Justin Calmus.Continue Reading
What is missing from the NIST/DHS botnet security report?
The joint DHS and NIST report on botnet security offers goals and action items to counter distributed cyberthreats. Learn the report recommendations with expert Nick Lewis.Continue Reading
How to mitigate the Efail flaws in OpenPGP and S/MIME
Efail exploits vulnerabilities in the OpenPGP and S/MIME standards to reveal the plaintext in encrypted emails. Learn more about the Efail vulnerabilities from expert Michael Cobb.Continue Reading
Skygofree Trojan: What makes this spyware unique?
Android malware was discovered by Kaspersky Labs and named Skygofree. This Trojan targets smartphones and tablets using spyware and gathers user information and app data.Continue Reading
Ransomware recovery: How can enterprises operate post-attack?
A report detailed how Maersk recovered its infrastructure from a NotPetya ransomware attack along with its chosen recovery option. Expert Nick Lewis explains how it worked.Continue Reading
10 unified access management questions for OneLogin CSO Justin Calmus
Enterprise security veteran Justin Calmus, who describes himself as an avid hacker, joined OneLogin as the CSO earlier this year. After last year's breach, who would want this job?Continue Reading
Okiru malware: How does this Mirai malware variant work?
A Mirai variant has the ability to put billions of devices at risk of becoming part of a botnet. Discover how this works and what devices are at risk with expert Nick Lewis.Continue Reading
How criticality analysis benefits from an entropy engineer
NIST published 'Criticality Analysis Process Model: Prioritizing Systems and Components' to guide organizations when prioritizing systems. Discover the key processes with Judith Myerson.Continue Reading
How online malware collection aids threat intelligence
Threat intelligence can facilitate cloud-based malware collection, which has value for enterprise cybersecurity. Expert Frank Siemons discusses collecting and analyzing malware.Continue Reading
How do SDKs for ad networks cause data leaks?
SDKs made user data susceptible to security vulnerabilities in mobile apps. Expert Michael Cobb explains how this security vulnerability put user data at risk.Continue Reading
What to do when IPv4 and IPv6 policies disagree
Unfortunately for enterprises, IPv4 and IPv6 policies don't always agree. Fernando Gont examines the differences between these two security policies, as well as some filtering rules.Continue Reading
Security data scientists on how to make your data useful
Data science and machine learning can reveal valuable security information that would otherwise remain hidden in large data sets. Security data scientists can be hard to find and may be out of reach for most organizations. Even without these skill ...Continue Reading
Tom Van Vleck on the Multics operating system, security decisions
Time-sharing systems got a lot right from a security standpoint. "We aimed toward a completely lights-out, 'no chance for mistakes' interface," says the security researcher.Continue Reading
Fannie Mae CISO calls for more data on security incidents
Chris Porter's years as a lead analyst and author of Verizon's Data Breach Investigations Report helped prepare him for the chief of security role at the primary housing lender.Continue Reading
Not enough information security analysts, despite higher wages
Survey data on global skills shortages does not show significant changes, even as companies turn to strategies such as security automation to make security teams more efficient.Continue Reading
Overwhelmed by security data? Science to the rescue
Security teams increasingly use large data sets from their networks to find hidden threats. Why companies should embark on their own data science and machine learning initiatives.Continue Reading
Why third-party access to data may come at a price
Google and other platform companies dangled not only APIs but access to user data from unwitting customers to attract third-party developers and other partners.Continue Reading
Citrix's Peter Lefkowitz on impact of GDPR privacy requirements
New consumer privacy laws are changing the global privacy landscape. Citrix's Peter Lefkowitz explains how Citrix is approaching GDPR compliance and privacy issues in general.Continue Reading
Powerhammering: Can a power cable be used in air-gapped attacks?
Air-gapped computers subject to PowerHammer attack: Proof-of-concept attack enables data exfiltration through control of current flow over power cables.Continue Reading
How to identify and protect high-value data in the enterprise
Protecting data in the enterprise is a crucial but challenging task. Expert Charles Kao shares key steps and strategies to consider to identify and protect high-value data.Continue Reading
Cisco's chief privacy officer on the future of data after GDPR
Michelle Dennedy, vice president and chief privacy officer at Cisco, discusses her company's approach to meeting the requirements of the EU's General Data Protection Regulation.Continue Reading
Bouncy Castle keystore: How are files vulnerable to brute force?
BKS files are being exposed to hash collisions, enabling hackers to use brute force attacks against C# and Java applications. Learn how this occurs and possible solutions with Judith Myerson.Continue Reading
How did a Navarino Infinity flaw expose unauthenticated scripts?
Navarino Infinity, a satellite communication system, found and fixed a flaw that exposed an unauthenticated script. Discover what threats this flaw enabled with Judith Myerson.Continue Reading