Do Standards Exist That Certify Secure IoT Systems?

The IoT industry remains fragmented with a lot of players, big and small, churning out a lot of products.

NSA Reveals the Top 25 Vulnerabilities Exploited by Chinese Nation-State Hackers

Officials urge organizations to patch the vulnerabilities most commonly scanned for, and exploited by, Chinese attackers.

The Cybersecurity Maturity Model Certification: Are You in Compliance?

Not only can this framework help companies remain solvent, but it will also protect critical information from getting into the wrong hands.

Farsight Labs Launched as Security Collaboration Platform

Farsight Security's platform will offer no-cost access to certain tools and services.

Businesses Rethink Endpoint Security for 2021

The mass movement to remote work has forced organizations to rethink their long-term plans for endpoint security. How will things look different next year?

Building the Human Firewall

Cybersecurity was a challenge before COVID-19 sent millions of employees home to work from their own devices and networks. Now what?

Trickbot Tenacity Shows Infrastructure Resistant to Takedowns

Both the US Cyber Command and a Microsoft-led private-industry group have attacked the infrastructure used by attackers to manage Trickbot -- but with only a short-term impact.

NSS Labs Shuttered

The testing firm's website says it has "ceased operations" as of Oct. 15.

Russian Military Officers Unmasked, Indicted for High-Profile Cyberattack Campaigns

US Department of Justice charges members of Sandworm/APT28 for BlackEnergy, NotPetya, Olympic Destroyer, and other major attacks.

GravityRAT Spyware Targets Android & MacOS in India

The Trojan once used in attacks against Windows systems has been transformed into a multiplatform tool targeting macOS and Android.

IoT Vulnerability Disclosure Platform Launched

VulnerableThings.com is intended to help vendors meet the terms of a host of new international IoT security laws and regulations.

Microsoft Tops Q3 List of Most-Impersonated Brands

The technology sector was also the most likely targeted industry for brand phishing attacks, according to Check Point's latest report on brand phishing.

Trickbot, Phishing, Ransomware & Elections

The botnet has taken some hits lately, but that doesn't mean the threat is over. Here are some steps you can take to keep it from your door.

7 Tips for Choosing Security Metrics That Matter

Experts weigh in on picking metrics that demonstrate how the security team is handling operational efficiency and reducing risk.

Chart: The Pandemic Reprioritizes Security Projects

Responses among IT and security pros reflect concern over vulnerabilities incurred by workers accessing the enterprise network from poorly protected home networks.

A Swift Reminder About Cybersecurity

The hackers gonna crack, crack, crack, crack, crack ...

Expert Tips to Keep WordPress Safe

The most widely used content management system on the Web relies heavily on plug-ins and add-on software -- and that requires rigorous security measures at every level.

A New Risk Vector: The Enterprise of Things

Billions of devices -- including security cameras, smart TVs, and manufacturing equipment -- are largely unmanaged and increase an organization's risk.

Massive New Phishing Campaigns Target Microsoft, Google Cloud Users

At least three campaigns are now underway.

US Counterintelligence Director & Fmr. Europol Leader Talk Election Security

The US counterintelligence lead joins a former Europol cyber chief to discuss modern election threats and the benefits of public-private collaboration.

An Uncommon 20 Years of Commonly Enumerating Vulns

Larry Cashdollar, a researcher with more than 300 CVEs to his credit, looks back at his favorite vulnerabilities (and being the only individual CNA on Mitre's list).

Academia Adopts Mitre ATT&CK Framework

Security pros and academic researchers discuss the best ways to use MITRE's framework to inform cybersecurity efforts, analyze threats, and teach future workers.

Cybercrime Losses Up 50%, Exceeding $1.8B

Fewer companies are being hit by cyber incidents, but those that do get hit are hit harder and more often.

Prolific Cybercrime Group Now Focused on Ransomware

Cybercriminal team previously associated with point-of-sale malware and data theft has now moved almost completely into the more lucrative crimes of ransomware and extortion.

US Indicts Members of Transnational Money-Laundering Organization

Members of the QQAAZZ group helped cybercriminals conceal origins of stolen funds, DoJ alleges.

Twitter Hack Analysis Drives Calls for Greater Security Regulation

New York's Department of Financial Services calls for more cybersecurity regulation at social media firms following the "jarringly easy" Twitter breach.

Barnes & Noble Warns Customers About Data Breach

Famed bookseller says non-financial data was exposed in a new attack.

Overcoming the Challenge of Shorter Certificate Lifespans

We could be in the middle of a major transition to shorter and shorter certificate life spans, which has significant implications for how IT organizations manage certificates across the enterprise.

The Ruthless Cyber Chaos of Business Recovery

Critical technology initiatives leveraging the best of technology solutions are the only way through the cyber chaos of 2020.

Microsoft Office 365 Accounts a Big Target for Attackers

Just as they did with PowerShell for Windows, threat actors are abusing native O365 capabilities for lateral movement, command-and-control communication, and other malicious activity.

Zoom Announces Rollout of End-to-End Encryption

Phase 1 removes Zoom servers from the key generation and distribution processes.

London Borough of Hackney Investigates 'Serious' Cyberattack

London's Hackney Council says some services may be slow or unavailable as it looks into a cyberattack affecting services and IT systems.

What's Really Happening in Infosec Hiring Now?

As the pandemic continues, security teams still need help they can't get. But the "skills shortage" is only part of the story.

Assuring Business Continuity by Reducing Malware Dwell Time

Here's how CISOs and IT security operations teams can best address key challenges to network monitoring that could increase malware dwell time.

Intel's Ice Lake Beefs Up CPU Security for Cloud Workloads

The third-generation Xeon processors build in hardware security features to provide extra protection to data in transit, at rest, and in use.

NIST Quantum Cryptography Program Nears Completion

The National Institute of Standards and Technology's first post-quantum cryptography standard will address key issues, approaches, an arms race, and the technology's uncertain future.

Microsoft Fixes Critical Windows TCP/IP Flaw in Patch Rollout

The October 2020 Patch Tuesday fixed 87 vulnerabilities, including 21 remote code execution flaws, in Microsoft products and services.

Coalition Pokes Five Eyes on Call for Backdoors

The Five Eyes international law enforcement group had called for implementing backdoors for law enforcement in all encryption implementations.

Phishing in Troubled Waters: 3 Ways Email Attacks May Impact Elections

The state of email defenses has a role to play in the US presidential election.

Treasury Dept. Advisory Shines Spotlight on Ransomware Negotiators

With attacks showing no signs of abating, some companies have begun offering services to help reduce ransom demands, buy more time, and arrange payments.

25% of BEC Cybercriminals Based in the US

While the US is known to be a prime target for BEC attacks, just how many perpetrators are based there came as a surprise to researchers.

Where are the 'Great Exits' in the Data Security Market?

If data security were a student, its report card would read "Not performing to potential." Here's why.

Trickbot Botnet Response Highlights Partnerships Preventing US Election Interference

Recent efforts by USCYBERCOM and Microsoft to disrupt the Trickbot botnet highlight the importance of partnerships in successful malware botnet disruption.

Security Officers, Are Your Employees Practicing Good Habits from Home?

Even if you can't see your employees in the office, they still need to be reminded that criminals are always trying to spot a weak link in the chain.

Online Voting Is Coming, but How Secure Will It Be?

It's time for state governments to act as leaders, adopt digital ID standards, enable new online voting systems, and provide broad-based access to all communities for the benefit of all.

Software AG Continues Efforts Against $20M Ransomware Attack

The attack, which now includes extortion components, has moved into its second week.

Security Firms & Financial Group Team Up to Take Down Trickbot

Microsoft and security firms ESET, Black Lotus Labs, and Symantec collaborated with the financial services industry to cut off the ransomware operation's C2 infrastructure.

What Is End-to-End Encryption?

Many services advertise E2EE, but not all of them actually offer it.

Security Officers, Are Your Employers Practicing Good Habits from Home?

Even if you can't see your employees in the office, they still need to be reminded that criminals are always trying to spot a weak link in the chain.

A 7-Step Cybersecurity Plan for Healthcare Organizations

With National Cybersecurity Awareness Month shining a spotlight on the healthcare industry, security pros share best practices for those charged with protecting these essential organizations.

How to Pinpoint Rogue IoT Devices on Your Network

Researchers explain how security practitioners can recognize when a seemingly benign device could be malicious.

Security and DevOps

Latest Version of MalLocker Android Ransomware Packs New Tricks

Like most such mobile malware, the new one doesn't encrypt data but attempts to make an infected system impossible to use, Microsoft says.

Apple Pays Bug Bounty to Enterprise Network Researchers

So far, the company has doled out $288,000 to five researchers who, in three months, found 55 vulnerabilities in its corporate infrastructure.

Critical Zerologon Flaw Exploited in TA505 Attacks

Microsoft reports a new campaign leveraging the critical Zerologon vulnerability just days after nation-state group Mercury was seen using the flaw.

CISOs Planning on Bigger Budgets: Report

Budgets are on the rise, even in a time of revenue worries across the industry.

Why MSPs Are Hacker Targets, and What To Do About It

Managed service providers are increasingly becoming the launching pad of choice for ransomware and other online malfeasance.

Emotet 101: How the Ransomware Works -- and Why It's So Darn Effective

In recent weeks, Emotet has emerged as the most common form of ransomware. Managing the risk involves starts with understanding the way it works.

Cyberattacks Up, But Companies (Mostly) Succeed in Securing Remote Workforce

Despite fears that the burgeoning population of remote workers would lead to breaches, companies have held their own, a survey of threat analysts finds.

Scale Up Threat Hunting to Skill Up Analysts

Security operation centers need to move beyond the simplicity of good and bad software to having levels of "badness," as well as better defining what is good. Here's why.