Simplifying Zero Trust Security in Healthcare Organizations

Healthcare organizations are increasingly looking at zero trust to help deter ransomware attacks, safeguard PHI, and prevent downtime.

Big Pharma Finds Patch Management a Bitter Pill

One-quarter of pharmaceutical manufacturers received a failing grade on patch management, which is a vital step in heading off ransomware attacks.

S3 Ep68: Bugs, scams, privacy …and fonts?! [Podcast + Transcript]

Latest episode - listen now!

Hackers Went Wild in 2021 — Every Company Should Do These 5 Things in 2022

Practical steps companies can take to defend their critical infrastructure and avoid the financial and reputational damage that could result from a breach.

If My Organization Is Mostly in the Cloud, Do I Need a Firewall?

A firewall is still a valuable part of the IT security stack, but businesses need to consider all of their attack surfaces.

Cato Networks Delivers Instant Visibility and Control of Cloud Application Data Risk

CASB Cato converges a full CASB into its global SASE platform to defend enterprises against data breach and cloud-delivered threats.

INKY Completes Email Security Offering With Launch of Outbound Mail Protection

INKY Outbound Mail Protection manages a multistep approval workflow providing enforcement within the email system itself.

WhiteSource Threat Report Reveals Massive Uptick In Cyberattacks Related To JavaScript npm

More than 1,300 malicious npm packages have been discovered for use in supply chain attacks, cryptojacking, data stealing, and more.

Why Security Pros Are Frustrated With Cloud Security

As companies shift more operations to the cloud, a shortfall in security talent and too much security data wastes more than half of the time spent on security issues, a survey finds.

Foresite Cybersecurity Acquires Cyber Lantern

Support for more than 160 important compliance standards have been integrated into SaaS solution for small and midsize enterprises.

Managing Detections Is Not the Same as Stopping Breaches

Enterprises interested in managed detection and response (MDR) services to monitor endpoints and workloads should make sure the providers have rock-solid expertise in detecting and responding to threats.

The Real-World Impact of the Global Cybersecurity Workforce Gap on Cyber Defenders

The effect is nuanced — and fundamental to cyber defense for organizations and nations.

Elementor WordPress plugin has a gaping security hole – update now

We shouldn't need to say, "Check your inputs!" these days, but we're saying it anyway.

Olympic Athletes Advised by FBI to Bring 'Burner' Phones to Beijing

No specific threats against the Olympics, according to the FBI, but instead it's about vigilance against potential ones.

8 Security Dinosaurs and What Filled Their Footprints

Security technology has to evolve as new threats emerge and defenses improve. Here is a look back at the old breeds that are dying out.

TikTok's Roland Cloutier: How CISOs Can Foster a Culture of Security & Transparency

The social media platform's global security chief boils it down to being consistent, keeping it fun, and demonstrating the impact of choices.

Tens of Thousands of Websites Vulnerable to RCE Flaw in WordPress Plug-in

Now-patched issue in Essential Addons for Elementor gives attackers a way to carry out local file inclusion attacks, researchers say.

Secure Web Browsers Tackle Ransomware, Insider Threat in Enterprises

Enterprise security teams can use secure Web browsers to apply controls and governance to cloud applications and customer data.

ThycoticCentrify Renamed Delinea

Privileged access management vendor rebrands.

Nucleus Security Forms Strategic Partnership with Mandiant

Intent is to enhance vulnerability management programs with operationalized threat intelligence.

Vectra Acquires Siriux Security Technologies to Extend Leadership in Identity and SaaS Threat Management

The acquisition positions Vectra to help customers securely configure and detect active threats in cloud identity and SaaS applications, including Microsoft Azure AD and Microsoft 365.

Forescout Acquires CyberMDX to Expand Healthcare Cybersecurity Focus

Acquisition adds Internet of Medical Things (IoMT) expertise to Forescout’s IT, IoT, and OT coverage.

Ping Identity Launches PingOne DaVinci

No-code identity orchestration service enables organizations to design better user experiences with drag-and-drop simplicity.

Digital Shadows Launches New Vulnerability Intelligence Module

New capability simplifies challenge of prioritizing CVEs for faster triage and remediation.

Disclosure, Panic, Patch: Can We Do Better?

Companies struggle to understand the extent to which they are affected by vulnerabilities in open source software, but security specialists and maintainers are striving to secure the ecosystem.

ShiftLeft CORE 'Velocity Update' Streamlines Triage, Automates Build Security Controls

New features empower developers and AppSec teams to streamline the triage process and automate security controls.

Linux kernel patches “performance can be harmful” bug in video driver

This bug is fiendishly hard to exploit - but if you patch, it won't be there to exploit at all.

7 Red Flags That Can Stop Your Company From Becoming a Unicorn

Investors and venture capitalists share the reasons that make them turn away from investing in your security tech.

Complexity vs. Capability: How to Bridge the Security Effectiveness Gap

Consolidation and automation are among the strategies for balancing security complexity and capability.

Qualys Adds Advanced Remediation Capabilities to Minimize Vulnerability Risk

Update to Qualys Cloud Platform enables organizations to fix asset misconfigurations in addition to patching to achieve comprehensive remediation.

Mastercard Launches Global Cybersecurity Alliance Program to Further Secure The Digital Ecosystem

New program helps partners accelerate growth and provide scaled delivery of critical cybersecurity and risk services.

Critical Log4j Vulnerabilities Are the Ultimate Gift for Cybercriminals

It's important to assume you have been vulnerable for months if not years, and to plan — and patch — accordingly.

NortonLifeLock Introduces Social Media Monitoring

New feature helps protect against social media account takeovers and cyberbullying.

Coalition Launches Executive Risks Products With Personalized Risk Assessment

Coalition now offering Directors & Officers (D&O) and Employment Practices Liability (EPL) with new tools and features to all broker partners.

Cymulate Launches Service to Augment In-House Security Teams

Amplify bolsters organizations with limited resources to optimize their security posture.

Security Service Edge Boosters Form New Forum to Encourage Adoption

IT leaders who formed the SSE Forum say the technology offers cloud-forward security for modern workplaces.

Mandiant: 1 in 7 Ransomware Extortion Attacks Exposes OT Data

Analysis of "shaming site" data dumps found sensitive documentation from OT organizations, including oil and gas.

BlackBerry Agrees to Sell Legacy Patents for $600M

It has entered into a patent sale agreement with Catapult IP Innovations.

Aggressive BlackCat Ransomware on the Rise

The cybercriminals behind the malware claim to have compromised more than a dozen companies; they have aggressively outed victims and purportedly paid a significant share of ransoms back to affiliates.

Website operator fined for using Google Fonts “the cloudy way”

Google Fonts are OK, it seems, but only if everyone keeps their own copy of the fonts they use.

7 Privacy Tips for Security Pros

How best to integrate privacy into your organization's security program.

The Zero-Trust Timer Is on for Federal Agencies — How Ready Are They?

A new study coincides with OMB’s finalization of its zero-trust strategy through 2024.

Crypto Agility: Solving for the Inevitable

The advent of viable quantum computers will threaten today’s encryption standards, which are the basis of Internet security. Cryptographic agility is the key to post-quantum computing security, although implementing it will be a formidable challenge.

The Looming CISO Mental Health Crisis — and What to Do About It, Part 2

Letting mental health issues fester may result in burnout and attrition, which affect both the company and the humans it employs.

Coronavirus SMS scam offers home PCR testing devices – don’t fall for it!

Free home PCR devices would be technological marvels, and really useful, too. But there aren't any...

Energy Sector Still Needs to Shut the Barn Door

One third of the companies studied haven't fixed their credential management — the same issue that led to the Colonial Pipeline hack last May.

The Looming CISO Mental Health Crisis — and What to Do About It, Part 1

The next big threat to corporate security may not be a new strain of malware or innovative attacker tactics, techniques, and processes. It may be our own mental health.

Happy Data Privacy Day – and we really do mean “happy” :-)

We give you some simple digital lifesytle tips that cost nothing.

More Security Flaws Found in Apple's OS Technologies

Apple's latest updates included fixes for two zero-day flaws, several code execution bugs, and vulnerabilities that allowed attackers to bypass its core security protections.

Navigating Nobelium: Lessons From Cloud Hopper & NotPetya

Nearly every organization should assume that it is at risk, but there are ways of countering the tactics used by advanced persistent threats.

Data Privacy Day 2022: How Can AI Help in the Fight Against Ransomware?

Fewer than one-quarter of organizations believe they are fully prepared for a ransomware attack, threatening data privacy

Phishing Simulation Study Shows Why These Attacks Remain Pervasive

Email purportedly from human resources convinced more than one-fifth of recipients to click, the majority of whom did so within an hour of receiving the fraudulent message.

Security Service Edge: 4 Core Tenets for Your SASE Journey

Historically we've held network conversations to address security problems, but that doesn't work in a cloud-based world.

Apple fixes Safari data leak (and patches a zero-day!) – update now

That infamous "supercookie" bug in Safari has now been fixed. Oh, and there was a zero-day kernel hole as well.

S3 Ep67: Tax scams, carder busts and crypto capers [Podcast + Transcript]

Latest episode - listen now!

IFSEC Seeks Security Pros for New Survey on Physical Access Control

Take part in an IFSEC Global survey to better understand the state of access control in 2022.

With Cloud the Norm, Insiders Are Everywhere — and Pose Greater Risk

After companies accelerated their adoption of cloud infrastructure, remote workers are now insiders and pose significant risks, and costs, to companies.

Barracuda Expands Email and Endpoint Protection Capabilities in MSP Security Offerings

Barracuda enhances SKOUT Managed XDR offering via new integration with Barracuda Email Protection and alliance with SentinelOne for endpoint protection.

Censys Completes $35 Million Series B Funding Round Led by Intel Capital

Also names Brad Brooks as new CEO.

Log4j Proved Public Disclosure Still Helps Attackers

Disclosure also puts organizations in the awkward position of trying to mitigate a vulnerability without something like a vendor patch to do the job.