Data security and privacy

Secure data storage, data loss prevention and encryption are must-have components of any enterprise security strategy, especially as data threats and breaches become increasingly common. Get advice on these topics, along with the latest data security strategies, data backup and recovery info, and more.

Top Stories

Feature 06 Mar 2025
How to create a data security policy, with template

When it comes to data security, the devil is in the details. One critical detail organizations shouldn't overlook is a succinct yet detailed data security policy. Continue Reading
By
- Paul Kirvan
Tutorial 06 Mar 2025
Using shred and dd commands in Linux to securely wipe data

When it's time to get rid of old systems or when moving one system from one location to another, it's a good idea to use Linux utilities to securely delete existing data. Continue Reading
By
- Damon Garn, Cogspinner Coaction

Feature 17 Apr 2023
11 cybersecurity tips for business travelers

Don't put your sensitive information at risk when you travel. Learn how to take a few extra precautions with these cybersecurity tips. Continue Reading
By
- Amanda Hetler, Senior Editor
News 13 Apr 2023
Western Digital restores service; attack details remain unclear

While Western Digital confirmed that it suffered a data breach on March 26, the storage company has not offered details about the attack scope or whether ransomware was involved. Continue Reading
By
- Arielle Waldman, News Writer
Definition 13 Apr 2023
private CA (private PKI)

A private CA is an enterprise-specific certificate authority that functions like a publicly trusted CA. Continue Reading
By
- Jason Soroko, Sectigo
News 12 Apr 2023
Cisco provides extra-secure Webex for U.S. government

Cisco will provide a higher-security cloud-based unified communications platform for U.S. national security and defense personnel to monitor classified data, starting in 2024. Continue Reading
By
- Mary Reines, News Writer
Answer 12 Apr 2023
How to use a public key and private key in digital signatures

Ensuring authenticity of online communications is critical to conduct business. Learn how to use a public key and private key in digital signatures to manage electronic documents. Continue Reading
By
- Joel Dubin
- Katie Donegan, Social Media Manager
News 11 Apr 2023
FTX bankruptcy filing highlights security failures

Debtors claim that defunct cryptocurrency exchange FTX lacked any dedicated security personnel and failed to implement critical access controls for billions of dollars in assets. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 07 Apr 2023
5 ChatGPT security risks in the enterprise

Whether in the hands of cybercriminals or oblivious end users, ChatGPT introduces new security risks. Continue Reading
By
- Alissa Irei, Senior Site Editor
- Ashwin Krishnan, StandOutin90Sec
News 06 Apr 2023
119 arrested in Genesis Market takedown

The FBI and Dutch National Police led the takedown of Genesis Market alongside more than a dozen partners, including the U.K., Italy, Spain and Romania. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 05 Apr 2023
post-quantum cryptography

Post-quantum cryptography, also known as quantum encryption, is the development of cryptographic systems for classical computers that can prevent attacks launched by quantum computers. Continue Reading
By
- Rob Clyde, Isaca
- Alexander S. Gillis, Technical Writer and Editor
News 05 Apr 2023
42% of IT leaders told to maintain breach confidentiality

While transparency and prompt reporting are important steps following an attack, Bitdefender found that many IT professionals were told to maintain confidentiality after a breach. Continue Reading
By
- Arielle Waldman, News Writer
News 04 Apr 2023
March ransomware disclosures spike behind Clop attacks

The Clop ransomware gang claimed responsibility for several disclosed ransomware attacks on major enterprises, which stemmed from a zero-day flaw in Fortra's GoAnywhere software. Continue Reading
By
- Arielle Waldman, News Writer
Tip 30 Mar 2023
Use backup encryption to protect data from would-be thieves

Encryption is a powerful tool to keep sensitive data out of the wrong hands. To ensure recoverability after a disruption, data backup encryption is vital. Continue Reading
By
- David Weldon
Definition 30 Mar 2023
CSR (Certificate Signing Request)

A Certificate Signing Request (CSR) is a specially formatted encrypted message sent from a Secure Sockets Layer (SSL) digital certificate applicant to a certificate authority (CA). Continue Reading
By
- Sharon Shea, Executive Editor
Tip 29 Mar 2023
Vulnerability management vs. risk management, compared

Vulnerability management seeks out security weaknesses in an organization, while risk management involves looking holistically at how the company is running. Continue Reading
By
- Ravi Das, ML Tech Inc.
News 28 Mar 2023
Microsoft launches AI-powered Security Copilot

Microsoft Security Copilot is an AI assistant for infosec professionals that combines OpenAI's GPT-4 technology with the software giant's own cybersecurity-trained model. Continue Reading
By
- Rob Wright, Senior News Director
Definition 24 Mar 2023
three-factor authentication (3FA)

Three-factor authentication (3FA) is the use of identity-confirming credentials from three separate categories of authentication factors -- typically, the knowledge, possession and inherence categories. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
News 23 Mar 2023
More victims emerge from Fortra GoAnywhere zero-day attacks

Threat actors began exploiting a zero-day vulnerability in Fortra's GoAnywhere file sharing software in late January, victimizing several large enterprises. Continue Reading
By
- Arielle Waldman, News Writer
Definition 23 Mar 2023
forensic image

A forensic image (forensic copy) is a bit-by-bit, sector-by-sector direct copy of a physical storage device, including all files, folders and unallocated, free and slack space. Continue Reading
By
- Paul Kirvan
Podcast 22 Mar 2023
BreachForums taken down after arrest of alleged owner

This Risk & Repeat podcast episode covers the arrest of BreachForums' alleged owner and the site's subsequent closure, as well as possible connections to the DC Health Link breach. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 22 Mar 2023
Cyber insurance carriers expanding role in incident response

While cyber insurance has its benefits, infosec professionals expressed concern that carriers have too much influence over incident response decisions, especially with ransomware. Continue Reading
By
- Arielle Waldman, News Writer
News 20 Mar 2023
FBI arrests suspected BreachForums owner in New York

The BreachForums arrest occurred days after DC Health Link's data went up for sale on the dark web message board, though the affidavit did not cite the breach in the arrest. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 16 Mar 2023
How to approach data loss prevention in virtual servers

As security risks evolve, organizations are turning to data loss prevention tools and methods to combat external and internal risks. Learn how to get started with DLP. Continue Reading
By
- Brian Kirsch, Milwaukee Area Technical College
News 15 Mar 2023
Secureworks IR team saw BEC attacks double in 2022

Vendor and incident response firm Secureworks referred to business email compromise, or BEC attacks, as 'the largest monetary threat to organizations.' Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 15 Mar 2023
quantum supremacy

Quantum supremacy is the experimental demonstration of a quantum computer's dominance and advantage over classical computers by performing calculations previously impossible at unmatched speeds. Continue Reading
By
- Kate Brush
News 15 Mar 2023
Rubrik discloses data breach, blames Fortra zero-day

The cybersecurity vendor said it is investigating a data breach after attackers exploited a zero-day vulnerability in Fortra's GoAnywhere managed file transfer software. Continue Reading
By
- Arielle Waldman, News Writer
Definition 15 Mar 2023
antivirus software (antivirus program)

Antivirus software (antivirus program) is a security program designed to prevent, detect, search and remove viruses and other types of malware from computers, networks and other devices. Continue Reading
By
- Kinza Yasar, Technical Writer
- Linda Rosencrance
Podcast 15 Mar 2023
Hacker claims exposed database led to DC Health Link breach

This Risk & Repeat podcast episode covers the breach of health insurance exchange DC Health Link, as well as a hacker's claim that the breach was caused by an exposed database. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 14 Mar 2023
information security (infosec)

Information security (infosec) is a set of policies, procedures and principles for safeguarding digital data and other kinds of information. Continue Reading
By
- Kinza Yasar, Technical Writer
- Gavin Wright
- Taina Teravainen
News 13 Mar 2023
DC Health Link confirms breach, but questions remain

While DC Health Link confirmed the breach, it is unknown how threat actors obtained the personal health data of more than 56,000 customers, including members of Congress. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 09 Mar 2023
Is ransomware declining? Not so fast, experts say

While some 2022 ransomware statistics indicate a possible 'decline' in activity, threat researchers warn there's more to the picture than the numbers suggest. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 02 Mar 2023
New National Cybersecurity Strategy takes aim at ransomware

The Biden-Harris administration's 39-page National Cybersecurity Strategy covers multiple areas, including disrupting ransomware operations and addressing vulnerable software. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 02 Mar 2023
Ransomware attacks ravaged big names in February

While ransomware incidents appear to be decreasing, several high-profile organizations, including Dole, Dish Network and the U.S. Marshals Service, suffered notable attacks. Continue Reading
By
- Arielle Waldman, News Writer
Opinion 02 Mar 2023
Accurately assessing the success of zero-trust initiatives

Zero-trust preparation can be difficult. Measuring how well the model provides security and business benefits after implementation is even more difficult. Continue Reading
By
- John Grady, Principal Analyst
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 28 Feb 2023
LastPass breach tied to hack of engineer's home computer

LastPass said a threat actor hacked an employee's home computer to access a corporate password vault and steal decryption keys for its product backups and cloud storage resources. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 28 Feb 2023
Bitdefender releases decryptor for MortalKombat ransomware

MortalKombat ransomware was first spotted in January, but Bitdefender has already cracked the new variant and released a free decryptor to help victims recover data. Continue Reading
By
- Rob Wright, Senior News Director
News 28 Feb 2023
U.S. Marshals Service suffers ransomware attack, data breach

Ransomware actors breached the U.S. Marshals Service earlier this month and stole sensitive information pertaining to agency investigations, though many questions remain. Continue Reading
By
- Arielle Waldman, News Writer
News 28 Feb 2023
CrowdStrike: Threat actors shifting away from ransomware

CrowdStrike's '2023 Global Threat Report' showed a 20% increase in the number of threat actors using data theft and extortion tactics without deploying actual ransomware. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 22 Feb 2023
IBM: Ransomware defenders showing signs of improvement

According to IBM X-Force's Threat Intelligence Index report, a smaller percentage of threat actors executed a ransomware attack after gaining access in 2022 than in 2021. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 21 Feb 2023
GoDaddy's response to 'multi-year' breach criticized

GoDaddy took nearly three months to disclose that attackers breached the company in a multi-year campaign, and customers are still in the dark about the details of the attack. Continue Reading
By
- Arielle Waldman, News Writer
News 16 Feb 2023
Google: Russia continues to set cyber sights on NATO nations

A new report from Google's Threat Analysis Group shed light on Russia's efforts to conduct malicious cyber campaigns not only against Ukraine but also NATO nations too. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 16 Feb 2023
E-Sign Act (Electronic Signatures in Global and National Commerce Act)

The E-Sign Act (Electronic Signatures in Global and National Commerce Act) is a U.S. federal law that specifies that, in the United States, the use of an electronic signature (e-signature) is as legally valid as a traditional signature written in ink on paper. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
News 16 Feb 2023
Ransomware actors increasingly weaponizing old vulnerabilities

A new report from Cyber Security Works shows that 76% of all ransomware-associated vulnerabilities tracked in 2022 were old flaws initially discovered between 2010 and 2019. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 16 Feb 2023
No relief in sight for ransomware attacks on hospitals

Despite being off limits for some hackers, hospitals continue to be lucrative targets for ransomware groups because of their valuable data and higher rate of paying ransoms. Continue Reading
By
- Alexis Zacharakos, Student Co-op
Podcast 15 Feb 2023
ESXiArgs attack vector unclear as infections continue

This Risk & Repeat podcast episode discusses the recent developments involving ESXiArgs, the ransomware variant that has been infecting vulnerable VMware ESXi servers this month. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 14 Feb 2023
Veeam launches Data Platform, ransomware warranty

Veeam Data Platform features Backup & Replication v12 and other management capabilities. In addition, Object First released its appliance focused on storage for Veeam users. Continue Reading
By
- Paul Crocetti, Executive Editor
News 14 Feb 2023
Dragos: ICS/OT ransomware attacks up 87%

Ransomware attacks against industrial organizations remains a growing problem, according to ICS/OT vendor Dragos' new 'Year in Review 2022' report. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 10 Feb 2023
New ESXi ransomware strain spreads, foils decryption tools

Since the onset of the widespread attacks last week, the ESXiArgs ransomware strain appears to have undergone updates that make it harder for enterprises to recover data. Continue Reading
By
- Arielle Waldman, News Writer
News 09 Feb 2023
Thousands of victims apparently hit by ESXiArgs ransomware

A joint security advisory from CISA and the FBI said the ESXiArgs ransomware campaign has claimed over 3,800 servers globally since attacks first emerged last week. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 08 Feb 2023
CISA battles ESXiArgs ransomware campaign with recovery tool

The U.S. Cybersecurity and Infrastructure Security Agency published a decryptor script intended to assist VMware customers affected by ESXiArgs ransomware. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 08 Feb 2023
reverse brute-force attack

A reverse brute-force attack is a type of brute-force attack in which an attacker uses a common password against multiple usernames in an attempt to gain access to a network. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
Definition 08 Feb 2023
SOC 3 (System and Organization Controls 3)

A System and Organization Controls 3 (SOC 3) report outlines information related to a service organization's internal controls for security, availability, processing integrity, confidentiality and privacy. Continue Reading
By
- Nick Barney, Technology Writer
News 06 Feb 2023
Vastaamo hacking suspect arrested in France

The suspect in the infamous cyber attack, Julius Kivimäki, is a 25-year-old Finnish man who was arrested after being remanded in absentia in October 2022. Continue Reading
By
- Alexander Culafi, Senior News Writer
Opinion 06 Feb 2023
6 data security predictions for 2023

New tools are proliferating to secure data wherever it lives. Six data security trends -- ranging from AI washing to new data security platforms -- are in the forefront for 2023. Continue Reading
By
- Jack Poller
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 06 Feb 2023
Widespread ransomware campaign targets VMware ESXi servers

The attacks exploited a two-year-old heap overflow vulnerability in VMware ESXi. Many questions remain about the scope of the campaign and the threat actor behind it. Continue Reading
By
- Arielle Waldman, News Writer
Opinion 02 Feb 2023
Understanding the importance of data encryption

Encryption is a foundational element of cybersecurity. Organizations should implement encryption to counter the ever-growing threat of data breaches. Continue Reading
By
- Jack Poller
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 02 Feb 2023
HeadCrab malware targets Redis to mine cryptocurrency

Aqua Security said the HeadCrab botnet has taken control of at least 1,200 servers via internet-facing instances of the opensource DBMS Redis and is using them for cryptomining. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 02 Feb 2023
Ransomware attacks on public sector persist in January

Many of the attacks disclosed or reported in January occurred against the public sector, including multiple school districts that were hit within days of one another. Continue Reading
By
- Arielle Waldman, News Writer
Podcast 31 Jan 2023
Risk & Repeat: The FBI's Hive ransomware takedown

This podcast episode discusses the law enforcement operation that led to the infiltration and takedown of the Hive network and what it could mean for other ransomware gangs. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 31 Jan 2023
Horizon3.ai releases POC exploit for VMware vulnerabilities

Penetration testing vendor Horizon3.ai published technical details and exploit code for three new CVEs in VMware vRealize Log Insight that can be chained for remote code execution. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 30 Jan 2023
Schools don't pay, but ransomware attacks still increasing

Ransomware gangs have increasingly focused their attacks on the K-12 education sector, even though most school districts do not pay the ransom. But how long will that last? Continue Reading
By
- Alexis Zacharakos, Student Co-op
News 26 Jan 2023
FBI hacked into Hive ransomware gang, disrupted operations

The FBI infiltrated Hive's network in July 2022 and obtained decryption keys, which it distributed to victims to prevent $130 million in ransom payments, according to the DOJ. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 25 Jan 2023
Contractor error led to Baltimore schools ransomware attack

A security contractor for Baltimore County Public Schools mistakenly opened a suspicious phishing email attachment in an unsecure environment, leading to the ransomware attack. Continue Reading
By
- Alexander Culafi, Senior News Writer
Feature 25 Jan 2023
10 best cybersecurity podcasts to check out

Cybersecurity podcasts are an excellent way to raise cybersecurity awareness. Discover the top 10 cybersecurity podcasts and learn how to select the best ones for your playlist. Continue Reading
By
- Kinza Yasar, Technical Writer
Podcast 24 Jan 2023
Risk & Repeat: Another T-Mobile data breach disclosed

This podcast episode discusses the latest T-Mobile breach -- the third in less than three years -- in which a threat actor stole personal data from 37 million customer accounts. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 24 Jan 2023
Customer data, encryption key stolen in GoTo breach

GoTo's breach update follows the recent disclosure made by GoTo subsidiary LastPass, which similarly lost significant sensitive customer data in a breach last year. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 23 Jan 2023
Experts applaud expansion of Apple's E2E encryption

Amidst growing privacy concerns and data breach threats, Apple launched Advanced Data Protection for U.S. customers last month to secure almost all data stored in iCloud. Continue Reading
By
- Arielle Waldman, News Writer
Opinion 20 Jan 2023
6 cybersecurity buzzwords to know in 2023

Enterprise Strategy Group research indicates many organizations will increase cybersecurity spending in 2023, and with that comes an evolving set of vendor buzzwords to sort out. Continue Reading
By
- Jon Oltsik, Analyst Emeritus
- Enterprise Strategy Group
  We provide market insights, research and advisory, and technical validations for tech buyers.
News 20 Jan 2023
T-Mobile data breach affects 37M customers

T-Mobile said a threat actor first began using an API in November to obtain the personal data of 37 million customer accounts, though no financial data was affected. Continue Reading
By
- Rob Wright, Senior News Director
Podcast 20 Jan 2023
Risk & Repeat: Breaking down the LastPass breach

This podcast episode discusses the fallout of the recent LastPass breach, in which a threat actor stole encrypted logins and unencrypted website URLs from the password manager. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 19 Jan 2023
Chainalysis: Ransomware payments down, fewer victims paying

Ransomware payments dropped significantly this past year, falling more than 40% from 2021, according to new research from blockchain analysis firm Chainalysis. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 18 Jan 2023
LastPass faces mounting criticism over recent breach

LastPass disclosed a breach last month in which a threat actor stole personal customer information, including billing addresses and encrypted website login details. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 10 Jan 2023
How to prevent and detect lateral movement attacks

Reduce the success of lateral movement attacks by performing these eight key cybersecurity activities at strategic, operational and proactive levels. Continue Reading
By
- Charles Kolodgy, Security Mindsets
Tip 09 Jan 2023
What is Triple DES and why is it being disallowed?

Triple DES no longer provides the encryption strength it once did. Prepare now to transition away from its use to a more security alternative. Continue Reading
By
- Michael Cobb
Feature 05 Jan 2023
How to configure Windows privacy settings with Intune

To personalize UX, Windows devices aren't shy about collecting user data. This isn't ideal for enterprise security. Discover how to lock down privacy settings with Intune. Continue Reading
By
- Kyle Johnson, Technology Editor
- Packt Publishing
Feature 05 Jan 2023
Windows security tips for the enterprise

Securing a Windows environment is no easy feat. Read up on low-hanging fruit to quickly address, as well as top tips from two security practitioners to get started. Continue Reading
By
- Kyle Johnson, Technology Editor
Definition 05 Jan 2023
Google Chrome browser

Google Chrome browser is a free web browser used for accessing the internet and running web-based applications. Continue Reading
By
- Nick Barney, Technology Writer
News 04 Jan 2023
December ransomware disclosures reveal high-profile victims

Cloud provider Rackspace was just one of several major enterprises to suffer a ransomware attack, according to public disclosures and reports in December. Continue Reading
By
- Arielle Waldman, News Writer
Definition 29 Dec 2022
credential theft

Credential theft is a type of cybercrime that involves stealing a victim's proof of identity. Continue Reading
By
- Corinne Bernstein
Tip 27 Dec 2022
How to prevent and mitigate process injection

Process injection is a defense evasion technique that helps attackers hide from enterprise security systems. Learn how it works and how to mitigate it. Continue Reading
By
- Rob Shapland
Definition 22 Dec 2022
Firefox

Firefox is a free, open source web browser developed by the Mozilla Foundation and Mozilla Corporation in 2004. Continue Reading
By
- Nick Barney, Technology Writer
Definition 20 Dec 2022
surveillance capitalism

Surveillance capitalism is an economic theory proposed by Harvard Business School Professor Emerita Shoshana Zuboff in 2014 that describes the modern, mass monetization of individuals' raw personal data in order to predict and modify their behavior. Continue Reading
By
- Nick Barney, Technology Writer
- Ivy Wigmore
Tip 20 Dec 2022
What enumeration attacks are and how to prevent them

Web applications may be vulnerable to user enumeration attacks. Learn how these brute-forcing attacks work and how to prevent them. Continue Reading
By
- Ravi Das, ML Tech Inc.
Definition 19 Dec 2022
cyberbullying

Cyberbullying is a type of bullying in which one or more individuals use digital technologies to intentionally and repeatedly cause harm to another person. Continue Reading
By
- Robert Sheldon
Feature 19 Dec 2022
11 cybersecurity predictions for 2023

Analysts and experts have looked into their crystal balls and made their cybersecurity predictions for 2023. Is your organization prepared if these predictions come true? Continue Reading
By
- Kyle Johnson, Technology Editor
Feature 16 Dec 2022
Explore 5 secure data storage best practices

From access control to air gapping and beyond, IT administrators should employ several technologies and procedures to help ensure they have secure data storage. Continue Reading
By
- Paul Crocetti, Executive Editor
Definition 14 Dec 2022
default

In computer technology, a default is a pre-designed value or setting that is used by a computer program when a value or setting is not specified by the program user. Continue Reading
By
- Katie Terrell Hanna
Podcast 08 Dec 2022
Risk & Repeat: Breaking down Rackspace ransomware attack

This Risk & Repeat podcast episode discusses the recent ransomware attack against cloud provider Rackspace, as well as the major service outage affecting its customers. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 07 Dec 2022
Vice Society ransomware 'persistent threat' to education sector

New research from Palo Alto Networks supports recent government warnings that Vice Society poses an increased risk to K-12 schools and higher education. Continue Reading
By
- Arielle Waldman, News Writer
News 06 Dec 2022
Rackspace confirms ransomware attack after Exchange outages

The cloud service provider said that because the investigation of the ransomware attack is in the early stages, it is unknown what, if any, customer data was stolen. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 02 Dec 2022
Trojan horse

In computing, a Trojan horse is a program downloaded and installed on a computer that appears harmless, but is, in fact, malicious. Continue Reading
By
- Casey Clark, TechTarget
- Michael Cobb
News 01 Dec 2022
Mozilla, Microsoft drop Trustcor as root certificate authority

Mozilla and Microsoft removed support for TrustCor certificates after a Washington Post report revealed the company's ties to government contractors specializing in spyware. Continue Reading
By
- Rob Wright, Senior News Director
News 01 Dec 2022
LastPass warns some customer data accessed in new breach

LastPass disclosed a new breach, related to the previously disclosed attack in August, that resulted in a threat actor obtaining access to some customer data. Continue Reading
By
- Arielle Waldman, News Writer
News 30 Nov 2022
Lockbit 3.0 has BlackMatter ransomware code, wormable traits

LockBit 3.0 or 'LockBit Black' includes anti-debugging capabilities, the ability to delete Volume Shadow Copy files and the potential ability to self-spread via legitimate tools. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 30 Nov 2022
quantum key distribution (QKD)

Quantum key distribution (QKD) is a secure communication method for exchanging encryption keys only known between shared parties. Continue Reading
By
- Alexander S. Gillis, Technical Writer and Editor
Podcast 30 Nov 2022
Risk & Repeat: Twitter, Elon Musk and security concerns

This podcast episode discusses Twitter's security concerns following Elon Musk's acquisition last month, as well as a possible data breach from 2021 that came to light recently. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 28 Nov 2022
Infosec researcher reports possible 'massive' Twitter breach

The alleged Twitter breach involves a data set from late 2021 and includes the phone numbers and personal information of millions of users in the U.S. and Europe. Continue Reading
By
- Alexander Culafi, Senior News Writer
Definition 23 Nov 2022
Bitly

Bitly is a URL shortener service that enables users to truncate webpage links. Continue Reading
By
- Katie Terrell Hanna
- Karolina Kiwak
Guest Post 18 Nov 2022
Track evolution in storage security standards, technologies

It's going to take a layered approach to handle all the security threats that storage administrators face. Strategies such as zero-trust architecture and encryption can help. Continue Reading
By
- Eric Hibbard and Thomas Rivera
Definition 18 Nov 2022
pen testing (penetration testing)

A penetration test, also called a pen test or ethical hacking, is a cybersecurity technique that organizations use to identify, test and highlight vulnerabilities in their security posture. Continue Reading
By
- Kinza Yasar, Technical Writer
- Puneet Mehta, SDG
Guest Post 17 Nov 2022
Do companies need cyber insurance?

As cyber insurance costs rise, companies must determine whether they truly need cyber insurance to tackle their increased risk of cyber attacks. Continue Reading
By
- Mark Brown