Data security and privacy

Secure data storage, data loss prevention and encryption are must-have components of any enterprise security strategy, especially as data threats and breaches become increasingly common. Get advice on these topics, along with the latest data security strategies, data backup and recovery info, and more.

Top Stories

News 05 Feb 2025
Chainalysis records 35% decrease in ransom payments in 2024

While the first half of 2024 was on pace to surpass 2023's record-setting numbers, Chainalysis found that the volume of ransom payments dropped in the second half of the year. Continue Reading
By
- Arielle Waldman, News Writer
News 04 Feb 2025
AMD, Google disclose Zen processor microcode vulnerability

AMD said CVE-2024-56161, which first leaked last month, requires an attacker to have local administrator privileges as well as developed and executed malicious microcode. Continue Reading
By
- Alexander Culafi, Senior News Writer

Definition 03 Aug 2023
SOC 2 (System and Organization Controls 2)

SOC 2 (System and Organization Controls 2), pronounced "sock two," is a voluntary compliance standard for ensuring that service providers properly manage and protect the sensitive data in their care. Continue Reading
By
- Robert Sheldon
- Alex DelVecchio, Content Development Strategist
Feature 01 Aug 2023
Infosec experts divided on SEC four-day reporting rule

Professionals in the cybersecurity industry voiced concerns and praises of new incident disclosure rules that allow companies four days to report a "material" cyber attack. Continue Reading
By
- Arielle Waldman, News Writer
Tip 31 Jul 2023
6 ways to support business resilience at your organization

Without enough support, resilience initiatives are unlikely to succeed. Here are six ways individuals and departments can support business resilience. Continue Reading
By
- Paul Kirvan
News 31 Jul 2023
CISA details backdoor malware used in Barracuda ESG attacks

CISA said Friday that 'Submarine' is a novel persistent backdoor used in attacks against Barracuda Email Security Gateway appliances vulnerable to CVE-2023-2868. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 28 Jul 2023
national identity card

A national identity card is a portable document, typically a plasticized card with digitally embedded information, that is used to verify aspects of a person's identity. Continue Reading
By
- Katie Terrell Hanna
News 25 Jul 2023
Thoma Bravo sells Imperva to Thales Group for $3.6B

With the acquisition, Thales looks to expand its Digital Security and Identity business with an increased focus on protecting web applications and API. Continue Reading
By
- Arielle Waldman, News Writer
News 25 Jul 2023
Ivanti EPMM zero-day vulnerability exploited in wild

A zero-day authentication bypass vulnerability in Ivanti Endpoint Manager Mobile was exploited in a cyber attack against a Norwegian government agency. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 25 Jul 2023
5 steps to approach BYOD compliance policies

It can be difficult to ensure BYOD endpoints are compliant because IT can't configure them before they ship to users. Admins must enforce specific policies to make up for this. Continue Reading
By
- Will Kelly
- Mike Chapple, University of Notre Dame
News 24 Jul 2023
Coveware: Rate of victims paying ransom continues to plummet

Incident response firm Coveware said 34% of ransomware victims paid the ransom in Q2 2023, a sharp decline from last quarter and an enormous decline from 2020 and 2019. Continue Reading
By
- Alexander Culafi, Senior News Writer
Podcast 20 Jul 2023
Risk & Repeat: Are data extortion attacks ransomware?

Ransomware gangs are focusing more on data theft and extortion, while skipping the encryption of networks. But should these attacks still be considered ransomware? Continue Reading
By
- Alexander Culafi, Senior News Writer
News 20 Jul 2023
Cyber insurers adapting to data-centric ransomware threats

Cyber insurance carriers and infosec vendors weigh in on how the shift in ransomware tactics is affecting policies and coverage, presenting challenges for enterprises. Continue Reading
By
- Arielle Waldman, News Writer
Tip 19 Jul 2023
7 ways to collect customer data that keep you compliant

Organizations can collect customer data through cookies and sales transactions, but they must be transparent and ensure they follow government regulations for data privacy. Continue Reading
By
- Andrew Froehlich, West Gate Networks
Opinion 19 Jul 2023
Using defense in depth to secure cloud-stored data

To better secure cloud-resident data, organizations are deploying cloud-native tools from CSPs and third-party tools from MSPs to achieve a defense-in-depth strategy. Continue Reading
By
- Jack Poller
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 17 Jul 2023
JumpCloud breached by nation-state threat actor

JumpCloud's mandatory API key rotation earlier this month was triggered by a breach at the hands of a nation-state threat actor that gained access through spear phishing. Continue Reading
By
- Rob Wright, Senior News Director
Tip 13 Jul 2023
The role of Mac file and folder encryption for businesses

IT administrators can enable the Mac FileVault utility across business files and data to provide an extra layer of security and meet compliance standards. Continue Reading
By
- Robert Sheldon
News 12 Jul 2023
Chainalysis observes sharp rise in ransomware payments

The rise in total ransomware payments so far this year is a reversal of the decline Chainalysis saw in 2022, when payments fell sharply to $457 million from $766 million in 2021. Continue Reading
By
- Rob Wright, Senior News Director
Podcast 11 Jul 2023
Risk & Repeat: How bad is Clop's MoveIt Transfer campaign?

Clop's data theft and extortion campaign against MoveIt Transfer customers marks some of the most high-profile threat activity this year, but its success level remains unclear. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 11 Jul 2023
Clop's MoveIt Transfer attacks lead to mixed results

Clop's data theft extortion campaign against MoveIt Transfer customers has apparently compromised hundreds of organizations. But it's unclear how many victims have paid ransoms. Continue Reading
By
- Alexander Culafi, Senior News Writer
Opinion 11 Jul 2023
For stronger public cloud data security, use defense in depth

The amount of cloud-resident data is increasing -- and so are the number of challenges to sufficiently secure it, especially within multi-cloud environments. Continue Reading
By
- Jack Poller
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 06 Jul 2023
CISA: Truebot malware infecting networks in U.S., Canada

CISA warned of Truebot attacks in a joint advisory alongside the FBI, the Canadian Centre for Cyber Security and the Multi-State Information Sharing and Analysis Center. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 05 Jul 2023
June saw flurry of ransomware attacks on education sector

As the school year culminated, ransomware attacks surged across K-12 schools and universities, causing class disruptions and putting sensitive data at risk. Continue Reading
By
- Arielle Waldman, News Writer
News 30 Jun 2023
TSMC partner breached by LockBit ransomware gang

A cyber attack against Chinese systems integrator Kinmax led to the theft of TSMC proprietary data, which LockBit threatened to publish unless TSMC paid a $70 million ransom. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 22 Jun 2023
Apple patches zero days used in spyware attacks on Kaspersky

Two Apple zero days were used in the spyware campaign Kaspersky Lab named 'Operation Triangulation,' which was initially discovered on iOS devices of Kaspersky employees. Continue Reading
By
- Arielle Waldman, News Writer
News 21 Jun 2023
May ransomware activity rises behind 8base, LockBit gangs

LockBit was the most active group last month, but NCC Group researchers were surprised by 8base, which started listing victims from attacks that occurred beginning in April 2022. Continue Reading
By
- Arielle Waldman, News Writer
Podcast 20 Jun 2023
Risk & Repeat: More victims emerge from MoveIt Transfer flaw

CISA last week said several federal agencies suffered data breaches resulting from a MoveIt Transfer zero-day vulnerability, though it's unclear what type of data was stolen. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 20 Jun 2023
Implement zero trust to improve API security

Not all organizations have an API security strategy in place. Using zero trust in API security is one way to protect APIs and reduce their changes of being attacked. Continue Reading
By
- Ashwin Krishnan, StandOutin90Sec
Definition 19 Jun 2023
PCI compliance

PCI compliance is adherence to the set of policies and procedures developed to protect credit, debit and cash card transactions and prevent the misuse of cardholders' personal information. Continue Reading
By
- Nick Barney, Technology Writer
- Ben Cole, Executive Editor
News 16 Jun 2023
U.S. government agencies breached via MoveIt Transfer flaw

CISA Director Jen Easterly said 'several' U.S. agencies suffered intrusions via their MoveIt Transfer instances, but have not seen significant effects from the attacks. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 15 Jun 2023
Chinese nation-state actor behind Barracuda ESG attacks

Mandiant said the zero-day attacks on Barracuda Email Security Gateway appliances were part of a 'wide-ranging campaign in support of the People's Republic of China.' Continue Reading
By
- Arielle Waldman, News Writer
News 14 Jun 2023
State governments among victims of MoveIT Transfer breach

The Clop ransomware gang, which claimed responsibility for multiple data breaches tied to the MoveIT Transfer flaw, said it would delete data stolen from government agencies. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 12 Jun 2023
MoveIT Transfer attacks highlight SQL injection risks

Security vendors say SQL injection flaws, like the zero-day vulnerability recently disclosed by Progress Software, can be challenging for companies to identify and resolve. Continue Reading
By
- Arielle Waldman, News Writer
Tip 09 Jun 2023
Pros and cons of blockchain for ERP

ERP's longevity reaches back to the 1960s, but thanks to blockchain, an old dog may well learn some new business tricks in this ever-changing and modernizing world of technology. Continue Reading
By
- Christine Campbell, The Alpha Content Company
Podcast 08 Jun 2023
Risk & Repeat: Moveit Transfer flaw triggers data breaches

Several organizations, predominantly in the U.K., have confirmed data breaches that stemmed from exploitation of the critical Moveit Transfer zero-day vulnerability. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 08 Jun 2023
MoveIt Transfer flaw leads to wave of data breach disclosures

Organizations that have confirmed a data breach tied to the critical MoveIt flaw disclosed in May include the government of Nova Scotia, the BBC and HR software firm Zellis. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 08 Jun 2023
How to secure blockchain: 10 best practices

Blockchain has huge potential in the enterprise, but remember all emerging technologies come with their own risks. Consider these 10 best practices for securing blockchain. Continue Reading
By
- Jessica Groopman, Kaleido Insights
News 07 Jun 2023
What generative AI's rise means for the cybersecurity industry

ChatGPT's moment in cybersecurity is significant for both technological and marketing reasons. Security analysts and experts have their own reasons why. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 07 Jun 2023
Top blockchain attacks, hacks and security issues explained

Blockchain is an attractive target for malicious actors. From blockchain-specific attacks to human vulnerabilities to lack of regulations, these are the top blockchain issues. Continue Reading
By
- Jessica Groopman, Kaleido Insights
Definition 06 Jun 2023
digital ecosystem

A digital ecosystem is a group of interconnected information technology resources that can function as a unit. Continue Reading
By
- Kate Brush
Tip 06 Jun 2023
9 benefits of cryptocurrency in business

Businesses adopting cryptocurrency can potentially improve their financial liquidity, attract new customers, ensure transaction transparency, reduce fraud and align with Web 3.0. Continue Reading
By
- Sean Michael Kerner
News 06 Jun 2023
Ransomware takes down multiple municipalities in May

City and local governments experienced severe disruptions to public services due to ransomware attacks in May, particularly from the Royal ransomware group. Continue Reading
By
- Arielle Waldman, News Writer
News 06 Jun 2023
Verizon 2023 DBIR: Ransomware remains steady but complicated

Chris Novak, managing director of cybersecurity consulting at Verizon Business, said 2023 was a "retooling year" for ransomware threat actors adapted to improved defenses. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 05 Jun 2023
Attack surface reduction rules for Microsoft productivity apps

Attack surface reduction rules in Microsoft Defender for Endpoint help prevent apps from launching executable files and scripts, running suspicious scripts and more. Continue Reading
By
- Kyle Johnson, Technology Editor
- Packt Publishing
News 01 Jun 2023
Zero-day vulnerability in MoveIt Transfer under attack

Rapid7 observed exploitation of a SQL injection vulnerability in Progress Software's managed file transfer product, which was disclosed this week but has not been patched. Continue Reading
By
- Rob Wright, Senior News Director
Opinion 01 Jun 2023
6 ways Amazon Security Lake could boost security analytics

Amazon's new security-focused data lake holds promise -- including possibly changing the economics around secure data storage. Continue Reading
By
- Jon Oltsik, Analyst Emeritus
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
Definition 30 May 2023
eavesdropping

Eavesdropping is the act of listening to, recording or intercepting private communications. Continue Reading
By
- Robert Sheldon
- Gary Audin, Delphi Inc.
Podcast 25 May 2023
Risk & Repeat: A troubling trend of poor breach disclosures

This Risk & Repeat episode covers three data breach disclosures from Dish Network, Gentex Corporation and Clarke County Hospital and the troubling trends that connect all three. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 24 May 2023
Updated 'StopRansomware Guide' warns of shifting tactics

CISA's updates to the 'StopRansomware Guide' address shifts in the threat landscape as more threat actors skip the encryption step and focus on data theft and extortion. Continue Reading
By
- Arielle Waldman, News Writer
Tip 23 May 2023
How the 3-2-1-1-0 backup rule reflects modern needs

The 3-2-1-1-0 backup rule addresses modern data protection requirements, such as ransomware protection and cloud backup. Find out how it builds on the 3-2-1 rule in this tip. Continue Reading
By
- Brien Posey
News 22 May 2023
Iowa hospital discloses breach following Royal ransomware leak

Clarke County Hospital revealed that it took network services offline after an attack in April, but did not address the reported data leak by the Royal ransomware gang. Continue Reading
By
- Arielle Waldman, News Writer
News 19 May 2023
Dish 'received confirmation' ransomware gang deleted stolen data

A line in Dish Network's breach notification sent to affected employees this week suggested the satellite TV provider had paid a ransomware gang to delete stolen data. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 18 May 2023
Gentex confirms data breach by Dunghill ransomware actors

The Dunghill ransomware gang last month claimed responsibility for an attack against Gentex Corporation, which confirmed this week that it suffered a breach several months ago. Continue Reading
By
- Arielle Waldman, News Writer
News 17 May 2023
KeePass vulnerability enables master password theft

KeePass developer Dominik Reichl said the vulnerability should be fixed in KeePass version 2.54, which is expected to release in July along with other security updates. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 16 May 2023
Chinese APT exploits TP-Link router firmware via implant

Check Point Software Technologies said the malicious implant, which it attributed to Chinese APT "Camaro Dragon," was firmware agnostic and could be used against other vendors. Continue Reading
By
- Alexander Culafi, Senior News Writer
Opinion 16 May 2023
Protect against current and future threats with encryption

Current and future cyber threats, such as ransomware, generative AI, quantum computing and an increase in surveillance, are driving the need to secure all data with encryption. Continue Reading
By
- Jack Poller
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 12 May 2023
Bl00dy ransomware gang targets schools via PaperCut flaw

The Bl00dy ransomware gang is targeting schools via a critical remote code execution flaw present in unpatched instances of PaperCut MF and NG print management software. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 12 May 2023
Experts question San Bernardino's $1.1M ransom payment

While no public safety services were compromised in the ransomware attack on San Bernardino County's Sheriff's Department, the government opted to $1.1 million to threat actors. Continue Reading
By
- Alexis Zacharakos, Student Co-op
News 10 May 2023
CISOs face mounting pressures, expectations post-pandemic

Proofpoint's 2023 Voice of the CISO report shows deep concern among executives about impending data loss and exposure from negligent -- and malicious -- employees. Continue Reading
By
- Alexis Zacharakos, Student Co-op
News 10 May 2023
Dragos discloses blocked ransomware attack, extortion attempt

Dragos Inc. published a blog post that outlined a likely ransomware attack it stopped this week, though a threat actor obtained 'general use data' for new hires. Continue Reading
By
- Arielle Waldman, News Writer
Podcast 09 May 2023
Risk & Repeat: Ex-Uber CSO Joe Sullivan sentenced

This podcast episode covers the sentencing of former Uber CSO Joe Sullivan over the 2016 breach cover-up, and what it means for other security executives and the industry at large. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 09 May 2023
5 major data backup trends to watch

As IT becomes more sophisticated, data backup grows to incorporate, and protect against, the latest advances. Find out which five data backup trends are top of mind for IT teams. Continue Reading
By
- Brien Posey
News 08 May 2023
Intel BootGuard private keys leaked following MSI hack

Intel said it was "actively investigating" reports that OEM BootGuard keys were stolen and leaked by ransomware actors following a breach at motherboard maker MSI Continue Reading
By
- Alexander Culafi, Senior News Writer
News 08 May 2023
Western Digital confirms ransomware actors stole customer data

Western Digital issued an update late Friday that confirmed customer data was stolen in an attack for which Alphv ransomware actors claimed responsibility. Continue Reading
By
- Arielle Waldman, News Writer
News 05 May 2023
Former Uber CSO Joe Sullivan avoids jail for breach cover-up

A U.S. district judge sentenced former Uber security chief Joe Sullivan to three years of probation and 200 hours of community service for his role in the 2016 breach cover-up. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 04 May 2023
Ransomware attack disrupts Dallas police, city services

The city said less than 200 government devices were compromised by the Royal ransomware attack, though it's unclear if threat actors exfiltrated sensitive data. Continue Reading
By
- Alexis Zacharakos, Student Co-op
News 04 May 2023
Ransomware gangs display ruthless extortion tactics in April

Ransomware groups are pressuring enterprises into paying with harsher extortion tactics, contacting individual victims directly and leaking stolen photos and video footage. Continue Reading
By
- Arielle Waldman, News Writer
Definition 02 May 2023
Hash-based Message Authentication Code (HMAC)

Hash-based Message Authentication Code (HMAC) is a message encryption method that uses a cryptographic key in conjunction with a hash function. Continue Reading
By
- Rahul Awati
News 01 May 2023
1Password execs outline shift to passwordless authentication

1Password CEO Jeff Shiner and Anna Pobletts, head of passwordless, discuss the power of passkeys, the adoption challenges ahead, and the threat of generative AI attacks. Continue Reading
By
- Arielle Waldman, News Writer
Feature 28 Apr 2023
It's time to harden AI and ML for cybersecurity

An RSA Conference panel said that now is the time to become proactive against AI and ML adversarial attacks -- before they become more sophisticated. Continue Reading
By
- Kyle Johnson, Technology Editor
Definition 26 Apr 2023
TrickBot malware

TrickBot is sophisticated modular malware that started as a banking Trojan but has evolved to support many different types of attacks, including ransomware. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
News 20 Apr 2023
Fortra completes GoAnywhere MFT investigation

An investigation around the zero-day attack that affected a growing number of victims revealed that activity started earlier than Fortra initially reported. Continue Reading
By
- Arielle Waldman, News Writer
News 20 Apr 2023
DC Health Link breach caused by misconfigured server

Mila Kofman, executive director of the District of Columbia Health Benefit Exchange Authority, blames "human error" for the DC Health Link breach. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 19 Apr 2023
Point32Health confirms service disruption due to ransomware

A ransomware attack interrupted access to services provided by one of New England's largest healthcare insurers, though the scope of affected customers and data remains unknown. Continue Reading
By
- Arielle Waldman, News Writer
Guest Post 18 Apr 2023
Standardized data collection methods can help fight cybercrime

Implementing standards similar to NERC CIP for the entire cybersecurity industry could make it easier for law enforcement to investigate and prosecute cyber attackers. Continue Reading
By
- Juan Vargas
News 18 Apr 2023
Mandiant: 63% of breaches were discovered externally in 2022

Mandiant said the 2022 increase is most likely affected by the threat intelligence firm proactively investigating threat activity targeting Ukraine last year. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 17 Apr 2023
11 cybersecurity tips for business travelers

Don't put your sensitive information at risk when you travel. Learn how to take a few extra precautions with these cybersecurity tips. Continue Reading
By
- Amanda Hetler, Senior Editor
News 13 Apr 2023
Western Digital restores service; attack details remain unclear

While Western Digital confirmed that it suffered a data breach on March 26, the storage company has not offered details about the attack scope or whether ransomware was involved. Continue Reading
By
- Arielle Waldman, News Writer
Definition 13 Apr 2023
private CA (private PKI)

A private CA is an enterprise-specific certificate authority that functions like a publicly trusted CA. Continue Reading
By
- Jason Soroko, Sectigo
News 12 Apr 2023
Cisco provides extra-secure Webex for U.S. government

Cisco will provide a higher-security cloud-based unified communications platform for U.S. national security and defense personnel to monitor classified data, starting in 2024. Continue Reading
By
- Mary Reines, News Writer
Answer 12 Apr 2023
How to use a public key and private key in digital signatures

Ensuring authenticity of online communications is critical to conduct business. Learn how to use a public key and private key in digital signatures to manage electronic documents. Continue Reading
By
- Joel Dubin
- Katie Donegan, Social Media Manager
News 11 Apr 2023
FTX bankruptcy filing highlights security failures

Debtors claim that defunct cryptocurrency exchange FTX lacked any dedicated security personnel and failed to implement critical access controls for billions of dollars in assets. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 07 Apr 2023
5 ChatGPT security risks in the enterprise

Whether in the hands of cybercriminals or oblivious end users, ChatGPT introduces new security risks. Continue Reading
By
- Alissa Irei, Senior Site Editor
- Ashwin Krishnan, StandOutin90Sec
News 06 Apr 2023
119 arrested in Genesis Market takedown

The FBI and Dutch National Police led the takedown of Genesis Market alongside more than a dozen partners, including the U.K., Italy, Spain and Romania. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 05 Apr 2023
post-quantum cryptography

Post-quantum cryptography, also known as quantum encryption, is the development of cryptographic systems for classical computers that can prevent attacks launched by quantum computers. Continue Reading
By
- Rob Clyde, Isaca
- Alexander S. Gillis, Technical Writer and Editor
News 05 Apr 2023
42% of IT leaders told to maintain breach confidentiality

While transparency and prompt reporting are important steps following an attack, Bitdefender found that many IT professionals were told to maintain confidentiality after a breach. Continue Reading
By
- Arielle Waldman, News Writer
News 04 Apr 2023
March ransomware disclosures spike behind Clop attacks

The Clop ransomware gang claimed responsibility for several disclosed ransomware attacks on major enterprises, which stemmed from a zero-day flaw in Fortra's GoAnywhere software. Continue Reading
By
- Arielle Waldman, News Writer
Tip 30 Mar 2023
Use backup encryption to protect data from would-be thieves

Encryption is a powerful tool to keep sensitive data out of the wrong hands. To ensure recoverability after a disruption, data backup encryption is vital. Continue Reading
By
- David Weldon
Definition 30 Mar 2023
CSR (Certificate Signing Request)

A Certificate Signing Request (CSR) is a specially formatted encrypted message sent from a Secure Sockets Layer (SSL) digital certificate applicant to a certificate authority (CA). Continue Reading
By
- Sharon Shea, Executive Editor
Tip 29 Mar 2023
Vulnerability management vs. risk management, compared

Vulnerability management seeks out security weaknesses in an organization, while risk management involves looking holistically at how the company is running. Continue Reading
By
- Ravi Das, ML Tech Inc.
News 28 Mar 2023
Microsoft launches AI-powered Security Copilot

Microsoft Security Copilot is an AI assistant for infosec professionals that combines OpenAI's GPT-4 technology with the software giant's own cybersecurity-trained model. Continue Reading
By
- Rob Wright, Senior News Director
Definition 24 Mar 2023
three-factor authentication (3FA)

Three-factor authentication (3FA) is the use of identity-confirming credentials from three separate categories of authentication factors -- typically, the knowledge, possession and inherence categories. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
News 23 Mar 2023
More victims emerge from Fortra GoAnywhere zero-day attacks

Threat actors began exploiting a zero-day vulnerability in Fortra's GoAnywhere file sharing software in late January, victimizing several large enterprises. Continue Reading
By
- Arielle Waldman, News Writer
Definition 23 Mar 2023
forensic image

A forensic image (forensic copy) is a bit-by-bit, sector-by-sector direct copy of a physical storage device, including all files, folders and unallocated, free and slack space. Continue Reading
By
- Paul Kirvan
Podcast 22 Mar 2023
BreachForums taken down after arrest of alleged owner

This Risk & Repeat podcast episode covers the arrest of BreachForums' alleged owner and the site's subsequent closure, as well as possible connections to the DC Health Link breach. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 22 Mar 2023
Cyber insurance carriers expanding role in incident response

While cyber insurance has its benefits, infosec professionals expressed concern that carriers have too much influence over incident response decisions, especially with ransomware. Continue Reading
By
- Arielle Waldman, News Writer
News 20 Mar 2023
FBI arrests suspected BreachForums owner in New York

The BreachForums arrest occurred days after DC Health Link's data went up for sale on the dark web message board, though the affidavit did not cite the breach in the arrest. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 16 Mar 2023
How to approach data loss prevention in virtual servers

As security risks evolve, organizations are turning to data loss prevention tools and methods to combat external and internal risks. Learn how to get started with DLP. Continue Reading
By
- Brian Kirsch, Milwaukee Area Technical College
News 15 Mar 2023
Secureworks IR team saw BEC attacks double in 2022

Vendor and incident response firm Secureworks referred to business email compromise, or BEC attacks, as 'the largest monetary threat to organizations.' Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 15 Mar 2023
quantum supremacy

Quantum supremacy is the experimental demonstration of a quantum computer's dominance and advantage over classical computers by performing calculations previously impossible at unmatched speeds. Continue Reading
By
- Kate Brush
News 15 Mar 2023
Rubrik discloses data breach, blames Fortra zero-day

The cybersecurity vendor said it is investigating a data breach after attackers exploited a zero-day vulnerability in Fortra's GoAnywhere managed file transfer software. Continue Reading
By
- Arielle Waldman, News Writer
Definition 15 Mar 2023
antivirus software (antivirus program)

Antivirus software (antivirus program) is a security program designed to prevent, detect, search and remove viruses and other types of malware from computers, networks and other devices. Continue Reading
By
- Kinza Yasar, Technical Writer
- Linda Rosencrance