Data security and privacy

Secure data storage, data loss prevention and encryption are must-have components of any enterprise security strategy, especially as data threats and breaches become increasingly common. Get advice on these topics, along with the latest data security strategies, data backup and recovery info, and more.

Top Stories

Tip 11 Feb 2025
How to build an API security strategy

Lax API protections make it easier for threat actors to steal data, inject malware and perform account takeovers. An API security strategy helps combat this. Continue Reading
By
- Colin Domoney
News 07 Feb 2025
Ransomware hits healthcare, critical services in January

Ransomware attacks against healthcare organizations in January reflect an increasing need for threat actors to adapt and get aggressive as defenders improve. Continue Reading
By
- Alexander Culafi, Senior News Writer

Definition 11 Feb 2025
What is Blowfish?

Blowfish is a variable-length, symmetric, 64-bit block cipher. Continue Reading
By
- Rahul Awati
News 07 Feb 2025
Ransomware hits healthcare, critical services in January

Ransomware attacks against healthcare organizations in January reflect an increasing need for threat actors to adapt and get aggressive as defenders improve. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 07 Feb 2025
Chinese companies banned in the U.S.: Tech giants on the list

Several Chinese tech giants including Huawei, Tencent and CATL are now on the U.S. CMC list due to security concerns. Continue Reading
By
- Kinza Yasar, Technical Writer
Definition 07 Feb 2025
What is cyber insurance, and why is it important?

Cyber insurance, also called cyber liability insurance or cybersecurity insurance, is a contract a business or other organization can purchase to reduce the financial risks associated with doing business online. Continue Reading
By
- Cameron Hashemi-Pour, Former Site Editor
- Kinza Yasar, Technical Writer
News 05 Feb 2025
Chainalysis records 35% decrease in ransom payments in 2024

While the first half of 2024 was on pace to surpass 2023's record-setting numbers, Chainalysis found that the volume of ransom payments dropped in the second half of the year. Continue Reading
By
- Arielle Waldman, News Writer
News 04 Feb 2025
AMD, Google disclose Zen processor microcode vulnerability

AMD said CVE-2024-56161, which first leaked last month, requires an attacker to have local administrator privileges as well as developed and executed malicious microcode. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 31 Jan 2025
What is cryptology?

Cryptology is the mathematics, such as number theory and the application of formulas and algorithms, that underpin cryptography and cryptanalysis. Continue Reading
By
- Rahul Awati
Definition 31 Jan 2025
What is biometrics?

Biometrics is the measurement and statistical analysis of people's unique physical and behavioral characteristics. Continue Reading
By
- Cameron Hashemi-Pour, Former Site Editor
- Alexander S. Gillis, Technical Writer and Editor
- Peter Loshin, Former Senior Technology Editor
Podcast 30 Jan 2025
Risk & Repeat: DeepSeek security issues emerge

The introduction of DeepSeek's new generative AI models has been met with fervor, but security issues have created apparent challenges for the Chinese startup. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 30 Jan 2025
What is blockchain? Definition, examples and how it works

Blockchain is a distributed ledger technology (DLT) that's shared across a network of computers to keep a digital record of transactions. Continue Reading
By
- Kinza Yasar, Technical Writer
- Nick Barney, Technology Writer
- Mary K. Pratt
News 30 Jan 2025
Wiz reveals DeepSeek database exposed API keys, chat history

Wiz expressed concern about security shortcomings with AI tools and services amid the rapid adoption and rising popularity of offerings like DeepSeek-R1. Continue Reading
By
- Arielle Waldman, News Writer
News 30 Jan 2025
German police disrupt Cracked, Nulled cybercrime forums

Cracked and Nulled had a combined community of approximately 10 million users who used the sites to discuss cybercrime and sell malware and hacking tools. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 28 Jan 2025
What is a hardware security module?

A hardware security module (HSM) is a physical device that provides extra security for sensitive data. Continue Reading
By
- Rahul Awati
- Elizabeth Davies
- Cameron McKenzie, TechTarget
News 24 Jan 2025
DOJ indicts 5 individuals in North Korea IT worker scam

An unsealed indictment revealed threat actors working for North Korea tricked at least 64 U.S. businesses into hiring fake IT workers for financial and propriety data gains. Continue Reading
By
- Arielle Waldman, News Writer
Tip 24 Jan 2025
Data sovereignty compliance challenges and best practices

Organizations that use the cloud face stiff challenges in complying with data sovereignty laws and regulations. The first step: Understand which laws apply. Continue Reading
By
- Damon Garn, Cogspinner Coaction
Definition 24 Jan 2025
What is SAML (Security Assertion Markup Language)?

Security Assertion Markup Language (SAML) is an open standard for sharing security information about identity, authentication and authorization across different systems. Continue Reading
By
- Kinza Yasar, Technical Writer
- Peter Loshin, Former Senior Technology Editor
Definition 21 Jan 2025
What is a private key?

A private key, also known as a secret key, is a variable in cryptography used with an algorithm to encrypt or decrypt data. Continue Reading
By
- Rahul Awati
- Peter Loshin, Former Senior Technology Editor
- Michael Cobb
News 17 Jan 2025
Treasury Department sanctions company tied to Salt Typhoon

The sanctions were in response to significant cyberattacks by Chinese nation-state threat groups against the U.S. government and critical infrastructure in recent months. Continue Reading
By
- Arielle Waldman, News Writer
News 16 Jan 2025
Threat actor publishes data of 15K hacked FortiGate firewalls

Although the threat actor published the alleged stolen Fortinet FortiGate firewall data this week, the data is apparently tied to older zero-day exploitation from 2022. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 15 Jan 2025
FBI removes Chinese PlugX malware from 4,258 U.S. computers

The FBI did not inform individuals that it deleted PlugX malware from users' computers beforehand, citing the possibility of Chinese state-sponsored hackers making adjustments. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 14 Jan 2025
Symmetric key encryption algorithms and security: A guide

Scrambling plaintext into ciphertext is essential to ensure data cannot be read or used by the wrong people. Learn the basics of symmetric key encryption algorithms here. Continue Reading
By
- Sharon Shea, Executive Editor
- Pearson Education
News 09 Jan 2025
December ransomware attacks slam healthcare, public services

In December, one victim organization paid a $1.5 million ransom to restore services, while another continued to experience disruptions for more than one month following an attack. Continue Reading
By
- Arielle Waldman, News Writer
Tip 09 Jan 2025
Top 7 data loss prevention tools for 2025

Data loss prevention software is a necessity for most companies. Our guide gives you a quick overview of seven top DLP providers and tells you what works -- and what doesn't. Continue Reading
By
- Karen Scarfone, Scarfone Cybersecurity
Opinion 08 Jan 2025
Data security spending in 2025: Up and to the right

Cybersecurity investments are set to increase in 2025, according to Enterprise Strategy Group's annual spending survey, and data loss prevention is leading the priority pack. Continue Reading
By
- Todd Thiemann, Senior Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 07 Jan 2025
CISA: BeyondTrust breach affected Treasury Department only

The government cybersecurity agency says fallout from a breach against BeyondTrust last month has not affected other federal agencies, although the investigation is ongoing. Continue Reading
By
- Arielle Waldman, News Writer
News 02 Jan 2025
Dozens of Chrome extensions hacked in threat campaign

Although data security vendor Cyberhaven disclosed that its Chrome extension was compromised on Dec. 24, additional research suggests the broader campaign could be months older. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 31 Dec 2024
Treasury Department breached through BeyondTrust service

The Treasury Department said Chinese government hackers gained access to a key for BeyondTrust's Remote Support service and used it to breach the federal agency. Continue Reading
By
- Rob Wright, Senior News Director
News 30 Dec 2024
10 of the biggest ransomware attacks in 2024

Ransomware attacks against U.S. organizations in 2024 disrupted healthcare systems, supply chains and government services and led to tens of millions of dollars in ransom payments. Continue Reading
By
- Arielle Waldman, News Writer
Podcast 23 Dec 2024
Risk & Repeat: The state of ransomware in 2024

Ransomware made major headlines in 2024, from the massive Change Healthcare attack to the creative takedown of the notorious LockBit ransomware-as-a-service gang. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 23 Dec 2024
What is a public key and how does it work?

In cryptography, a public key is a large numerical value that is used to encrypt data. Continue Reading
By
- Rahul Awati
News 23 Dec 2024
10 of the biggest cybersecurity stories of 2024

Some of the biggest stories of the year include a massive IT outage, a record-setting ransom payment and devastating breaches at several U.S. telecommunications companies. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 19 Dec 2024
10 cybersecurity predictions for 2025

AI will still be a hot topic in 2025, but don't miss out on other trends, including initial access broker growth, the rise of vCISOs, tech rationalization and more. Continue Reading
By
- Kyle Johnson, Technology Editor
Answer 19 Dec 2024
How bad is generative AI data leakage and how can you stop it?

Mismanaged training data, weak models, prompt injection attacks can all lead to data leakage in GenAI, with serious costs for companies. The good news? Risks can be mitigated. Continue Reading
By
- Chris Tozzi
News 18 Dec 2024
CISA issues mobile security guidance following China hacks

Following the Salt Typhoon attacks, CISA offers advice to 'highly targeted' individuals, such as using end-to-end encryption and moving away from purely SMS-based MFA. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 17 Dec 2024
The pros and cons of biometric authentication

Biometric authentication can be a solid supplement to passwords when securing data and systems. But understanding potential drawbacks, and planning to minimize them, is essential. Continue Reading
By
- Char Sample, ICF International
Feature 17 Dec 2024
Cryptocurrency scams: Common types and prevention

Cryptocurrency scams are rising, and thieves are using new and old techniques to steal money. Some of the latest scams involve rug pull scams, Ponzi schemes and phishing scams. Continue Reading
By
- Amanda Hetler, Senior Editor
News 16 Dec 2024
Cleo zero-day vulnerability gets CVE as attacks continue

The new Cleo zero-day vulnerability, CVE-2024-55956, is separate from CVE-2024-50623 despite both vulnerabilities being used by threat actors to target the same endpoints. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 16 Dec 2024
ESET: RansomHub most active ransomware group in H2 2024

The antimalware vendor says law enforcement operations against the LockBit ransomware gang were successful, but a new prolific group has emerged in its place. Continue Reading
By
- Arielle Waldman, News Writer
Podcast 13 Dec 2024
Risk & Repeat: Attacks ramp up on Cleo MFT software

Earlier this week, threat actors began exploiting a zero-day vulnerability in Cleo's managed file transfer products, but the details of the flaw remain unclear. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 12 Dec 2024
Cleo patches file transfer zero-day flaw under attack

Cleo published a patch for its Harmony, VLTrader and LexiCom managed file transfer products, which addresses a 'critical vulnerability' that's separate from CVE-2024-50623. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 12 Dec 2024
Aqua Security warns of significant risks in Prometheus stack

The cloud security vendor called on Prometheus to provide users with additional safeguards to protect against misconfigurations discovered in the open source monitoring tool. Continue Reading
By
- Arielle Waldman, News Writer
News 10 Dec 2024
Microsoft enhanced Recall security, but will it be enough?

Microsoft's controversial Recall feature began rolling out to certain Windows Insiders with Copilot+ PCs in November, with more expected to participate this month. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 10 Dec 2024
What is a block cipher?

A block cipher is a method of encrypting data in blocks to produce ciphertext using a cryptographic key and algorithm. Continue Reading
By
- Rahul Awati
Definition 10 Dec 2024
What is a stream cipher?

A stream cipher is an encryption method in which data is encrypted one byte at a time. Continue Reading
By
- Rahul Awati
News 09 Dec 2024
Attackers exploit vulnerability in Cleo file transfer software

Cleo disclosed and patched the remote code execution vulnerability in late October, but managed file transfer products have proved to be popular targets for threat actors. Continue Reading
By
- Arielle Waldman, News Writer
Definition 09 Dec 2024
What is cipher block chaining (CBC)?

Cipher block chaining (CBC) is a mode of operation for a block cipher -- one in which a sequence of bits are encrypted as a single unit, or block, with a cipher key applied to the entire block. Continue Reading
By
- Rahul Awati
Opinion 05 Dec 2024
2025 identity security and data security predictions

From securing nonhuman identities to post-quantum cryptography to DSPM and DLP combining, here's what's in store for identity and data security in 2025. Continue Reading
By
- Todd Thiemann, Senior Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 05 Dec 2024
Police bust cybercrime marketplace, phishing network

As part of Europol's announcement of the cybercriminal marketplace's disruption, the agency included an image of a takedown notice referencing the 'Manson Market.' Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 04 Dec 2024
How to protect against malware as a service

Malware operators are further monetizing their malicious software by selling it to other attackers on a subscription basis. Learn how to detect and mitigate the threat. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
News 03 Dec 2024
Ransomware attacks on critical sectors ramped up in November

Supply chain software vendor Blue Yonder and energy management giant Schneider Electric SE experienced some of the most notable ransomware incidents in November. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 26 Nov 2024
New York fines Geico, Travelers $11.3M over data breaches

The two insurance giants were fined millions by New York state regulators and are required to enhance security protocols around authentication and penetration testing. Continue Reading
By
- Arielle Waldman, News Writer
Tip 25 Nov 2024
12 top contact center platforms of 2025

Which came first: the evolution of the contact center or the evolution of its supporting software? It's the old chicken-and-egg debate. Either way, AI is the catalyst. Continue Reading
By
- Chris Tozzi
Feature 21 Nov 2024
How to detect AI-generated content

AI- or human-generated? To test their reliability, six popular generative AI detectors were asked to judge three pieces of content. The one they got wrong may surprise you. Continue Reading
By
- Ron Karjian, Industry Editor
News 21 Nov 2024
DOJ charges 5 alleged Scattered Spider members

The defendants, charged for conducting alleged phishing scams across the U.S., are suspected members of a prolific threat group responsible for last year's casino attacks. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 21 Nov 2024
U.S. data privacy protection laws: 2025 guide

Growing concerns over the processing, storage and protection of personal data, plus the GenAI effect, are leading to the passage of new local and regional privacy regulations. Continue Reading
By
- Paul Kirvan
Podcast 20 Nov 2024
Risk & Repeat: China hacks major telecom companies

The FBI and CISA confirmed reports that Salt Typhoon breached several major telecom companies and accessed data related to law enforcement requests. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 19 Nov 2024
Biometric privacy and security challenges to know

Fingerprints and facial scans can make identity access more convenient than passwords, but biometric tools present significant ethical and legal challenges. Continue Reading
By
- Mary K. Pratt
News 15 Nov 2024
MFA required for AWS Organizations member accounts in 2025

AWS is one of several cloud providers that will implement MFA requirements over the next year, with other relevant names including Google Cloud and Microsoft Azure. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 14 Nov 2024
CISA, FBI confirm China breached telecommunication providers

The government agencies confirmed Wall Street Journal reports that China-backed threat actors breached telecommunication providers and access data for law enforcement requests. Continue Reading
By
- Arielle Waldman, News Writer
News 12 Nov 2024
Amazon employee data leaked from MoveIt Transfer attack

Although Amazon confirms that employee data was leaked, it stresses that data was stolen via a third-party vendor and that only contact information was obtained. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 12 Nov 2024
SIEM vs. SOAR vs. XDR: Evaluate the key differences

SIEM, SOAR and XDR each possess distinct capabilities and drawbacks. Learn the differences among the three, how they can work together and which your company needs. Continue Reading
By
- Paul Kirvan
Opinion 08 Nov 2024
Address skills shortages with third-party data discovery tools

Homegrown might be best in some scenarios, but resource-constrained security teams should consider third-party tools for data discovery and resilience. Continue Reading
By
- Todd Thiemann, Senior Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Tip 08 Nov 2024
3 key generative AI data privacy and security concerns

Those charged with protecting and ensuring the privacy of user data are facing new challenges in the age of generative AI. Continue Reading
By
- Mike Pedrick
News 07 Nov 2024
Ransomware attacks caused prolonged disruptions in October

The Ransomhub, Rhysdia and Interlock ransomware gangs claimed responsibility for attacks that knocked victims' services offline, sometimes for several weeks. Continue Reading
By
- Arielle Waldman, News Writer
Feature 07 Nov 2024
15 IAM interview questions to prep for your next career move

The job market for identity and access management positions is strong right now, but the competition could be tough. Use these 15 questions to guide your interview prep. Continue Reading
By
- Kathleen Richards
News 05 Nov 2024
Canadian authorities arrest alleged Snowflake hacker

Alexander Moucka was arrested last week and is expected to appear in court Tuesday for allegedly breaching dozens of Snowflake customers. Continue Reading
By
- Arielle Waldman, News Writer
News 05 Nov 2024
Google Cloud to roll out mandatory MFA for all users

Google's three-phase plan for mandatory MFA, which will culminate in late 2025, follows similar efforts from other cloud providers such as AWS and Microsoft. Continue Reading
By
- Arielle Waldman, News Writer
News 04 Nov 2024
CISA: U.S. election disinformation peddled at massive scale

CISA said the U.S. cybersecurity agency has seen small-scale election incidents 'resulting in no significant impacts to election infrastructure,' such as low-level DDoS attacks. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 04 Nov 2024
Privacy and security risks surrounding Microsoft Recall

Microsoft's Recall feature promises AI-powered convenience, but it raises significant security and privacy concerns that the company must address before a public release. Continue Reading
By
- Nihad Hassan
Tip 01 Nov 2024
API security testing checklist: 7 key steps

APIs are a common attack vector for malicious actors. Use our API security testing checklist and best practices to protect your organization and its data. Continue Reading
By
- Dave Shackleford, Voodoo Security
- Michael Cobb
News 31 Oct 2024
China-based APTs waged 5-year campaign on Sophos firewalls

For years, several advanced persistent threat groups tied to the Chinese government targeted Sophos firewall products with custom malware and zero-day exploits. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 31 Oct 2024
Lottie Player NPM package compromised in supply chain attack

Threat actors published compromised versions of the Lottie Player component on NPM, and the malicious code prompted users to access their cryptocurrency wallets. Continue Reading
By
- Arielle Waldman, News Writer
News 30 Oct 2024
Play ransomware attack tied to North Korean nation-state actor

A relationship between North Korean actor Jumpy Pisces and Play ransomware would be unprecedented, as the former has not collaborated with cybercrime gangs previously. Continue Reading
By
- Alexander Culafi, Senior News Writer
Podcast 29 Oct 2024
Risk & Repeat: SEC cracks down on cybersecurity disclosures

The SEC's charges against Unisys, Avaya, Check Point Software Technologies and Mimecast have raised questions about expectations for transparency in cybersecurity. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 28 Oct 2024
How to identify and prevent insecure output handling

Sanitation, validation and zero trust are essential ways to reduce the threat posed by large language models generating outputs that could cause harm to downstream systems and users. Continue Reading
By
- Matthew Smith, Seemless Transition LLC
Feature 28 Oct 2024
Types of cybersecurity controls and how to place them

A unilateral cybersecurity approach is ineffective in today's threat landscape. Learn why organizations should implement security controls based on the significance of each asset. Continue Reading
By
- Isabella Harford, TechTarget
- Packt Publishing
Tip 28 Oct 2024
How to achieve crypto-agility and future-proof security

Quantum computing will render current asymmetric encryption algorithms obsolete. Organizations need to deploy crypto-agile systems to remain protected. Continue Reading
By
- Amy Larsen DeCarlo, GlobalData
Tip 24 Oct 2024
EDR vs. EPP: How are they different and which is right for you?

Endpoint detection and response tools and endpoint protection platforms offer similar security features. Which is better for your organization: EDR, EPP or both? Continue Reading
By
- Paul Kirvan
News 22 Oct 2024
SEC charges 4 companies for downplaying SolarWinds attacks

The U.S. Securities and Exchange Commission fined the companies for misleading investors about intrusions stemming from the SolarWinds supply chain attack. Continue Reading
By
- Arielle Waldman, News Writer
News 21 Oct 2024
Cisco confirms attackers stole data from DevHub environment

While Cisco said its systems were not breached, the vendor did confirm that attackers stole sensitive information from the public-facing portal. Continue Reading
By
- Arielle Waldman, News Writer
News 21 Oct 2024
Study outlines 'severe' security issues in cloud providers

Possible security issues involving cloud systems should be taken seriously, as the paper noted the five vendors outlined are responsible for more than 22 million users. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 17 Oct 2024
September a quiet month for ransomware attacks

Notable ransomware attacks in September involved a Rhode Island public school district, a Texas hospital system, and Kawasaki Motors' European branch. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 16 Oct 2024
Microsoft sees drop in ransomware reaching encryption phase

In its Digital Defense Report 2024, Microsoft observed a significant increase in the number of human-operated ransomware attacks, which often originated from unmanaged devices. Continue Reading
By
- Arielle Waldman, News Writer
News 16 Oct 2024
Microsoft: Nation-state activity blurring with cybercrime

Microsoft's Digital Defense Report 2024 noted that Russia 'outsourced some cyberespionage operations' against Ukraine to otherwise independent cybercrime gangs. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 16 Oct 2024
Experts slam Chinese research on quantum encryption attack

Researchers at Shanghai University claim to have cracked RSA encryption using D-Wave quantum systems, but infosec experts say the claims are overblown. Continue Reading
By
- Rob Wright, Senior News Director
News 15 Oct 2024
FIDO unveils new specifications to transfer passkeys

The proposed FIDO Alliance specifications would enable users and organizations to securely transfer credentials from one identity provider to another. Continue Reading
By
- Arielle Waldman, News Writer
Tip 15 Oct 2024
7 common intrusion detection system evasion techniques

Malicious attackers use various evasion tactics to infiltrate networks without intrusion detection systems noticing. Learn what these techniques are and how to mitigate them. Continue Reading
By
- Ravi Das, ML Tech Inc.
News 11 Oct 2024
Zero-day flaw behind Rackspace breach still a mystery

More than two weeks after threat actors exploited a zero-day vulnerability in a third-party utility to breach Rackspace, the details about the flaw and the utility remain unknown. Continue Reading
By
- Arielle Waldman, News Writer
News 10 Oct 2024
FTC orders Marriott to pay $52M and enhance security practices

The Federal Trade Commission says an investigation revealed that poor security practices led to three data breaches at Marriott and Starwood hotels between 2014 and 2020. Continue Reading
By
- Arielle Waldman, News Writer
News 10 Oct 2024
OpenAI details how threat actors are abusing ChatGPT

While threat actors are using generative AI tools like ChatGPT to run election influence operations and develop malware, OpenAI says the efforts are rarely successful. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 10 Oct 2024
Coalition: Ransomware severity up 68% in first half of 2024

The cyber insurance carrier examined claims trends for the first half of 2024, which showed policyholders experienced disruptive and increasingly costly ransomware attacks. Continue Reading
By
- Arielle Waldman, News Writer
News 09 Oct 2024
Ivanti zero-day vulnerabilities exploited in chained attack

The new exploit chains targeting Ivanti Cloud Service Application customers are connected to a previously disclosed critical path traversal flaw, CVE-2024-8963. Continue Reading
By
- Alexander Culafi, Senior News Writer
Podcast 08 Oct 2024
Risk & Repeat: Is Microsoft security back on track?

Microsoft has made significant changes to its cybersecurity practices and policies under the Secure Future Initiative. Are they enough to right the ship? Continue Reading
By
- Alexander Culafi, Senior News Writer
News 07 Oct 2024
American Water discloses breach, utilities unaffected

American Water says in its 8-K filing that it disconnected and deactivated certain systems in its incident response, though the nature of the cyberattack is unknown. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 07 Oct 2024
Top 8 e-signature software providers for 2025

E-signature software can reduce paper costs and improve productivity across departments. Organizations can explore the following eight software options to fit their business needs. Continue Reading
By
- Christine Campbell, The Alpha Content Company
Tip 04 Oct 2024
Contact center fraud: How to detect and prevent it

Contact centers can be sitting ducks for fraudsters, but comprehensive agent training, authentication techniques and advanced technologies can protect businesses and customers. Continue Reading
By
- Kathleen Richards
- Andrew Froehlich, West Gate Networks
News 03 Oct 2024
Microsoft SFI progress report elicits cautious optimism

Infosec experts say the Secure Future Initiative progress report shows Microsoft has made important changes to its policies, practices and accountability structures. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 03 Oct 2024
'Defunct' DOJ ransomware task force raises questions, concerns

A report from the Office of the Inspector General reviewed the U.S. Department of Justice's efforts against ransomware and found its task force was largely ineffective. Continue Reading
By
- Arielle Waldman, News Writer
News 03 Oct 2024
Cryptomining perfctl malware swarms Linux machines

Aqua Security researchers believe that perfctl malware has infected thousands of Linux machines in the last three to four years and that countless more could be next. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 03 Oct 2024
Contact center monitoring: A step-by-step guide

A well-designed monitoring program identifies customer pain points and gathers valuable intelligence that can improve agent performance and CX, as well as products and services. Continue Reading
By
- Scott Sachs, SJS Solutions