Disclosure, Panic, Patch: Can We Do Better?

Companies struggle to understand the extent to which they are affected by vulnerabilities in open source software, but security specialists and maintainers are striving to secure the ecosystem.

ShiftLeft CORE 'Velocity Update' Streamlines Triage, Automates Build Security Controls

New features empower developers and AppSec teams to streamline the triage process and automate security controls.

7 Red Flags That Can Stop Your Company From Becoming a Unicorn

Investors and venture capitalists share the reasons that make them turn away from investing in your security tech.

Complexity vs. Capability: How to Bridge the Security Effectiveness Gap

Consolidation and automation are among the strategies for balancing security complexity and capability.

Qualys Adds Advanced Remediation Capabilities to Minimize Vulnerability Risk

Update to Qualys Cloud Platform enables organizations to fix asset misconfigurations in addition to patching to achieve comprehensive remediation.

Mastercard Launches Global Cybersecurity Alliance Program to Further Secure The Digital Ecosystem

New program helps partners accelerate growth and provide scaled delivery of critical cybersecurity and risk services.

Critical Log4j Vulnerabilities Are the Ultimate Gift for Cybercriminals

It's important to assume you have been vulnerable for months if not years, and to plan — and patch — accordingly.

NortonLifeLock Introduces Social Media Monitoring

New feature helps protect against social media account takeovers and cyberbullying.

Coalition Launches Executive Risks Products With Personalized Risk Assessment

Coalition now offering Directors & Officers (D&O) and Employment Practices Liability (EPL) with new tools and features to all broker partners.

Cymulate Launches Service to Augment In-House Security Teams

Amplify bolsters organizations with limited resources to optimize their security posture.

Security Service Edge Boosters Form New Forum to Encourage Adoption

IT leaders who formed the SSE Forum say the technology offers cloud-forward security for modern workplaces.

Mandiant: 1 in 7 Ransomware Extortion Attacks Exposes OT Data

Analysis of "shaming site" data dumps found sensitive documentation from OT organizations, including oil and gas.

BlackBerry Agrees to Sell Legacy Patents for $600M

It has entered into a patent sale agreement with Catapult IP Innovations.

Aggressive BlackCat Ransomware on the Rise

The cybercriminals behind the malware claim to have compromised more than a dozen companies; they have aggressively outed victims and purportedly paid a significant share of ransoms back to affiliates.

7 Privacy Tips for Security Pros

How best to integrate privacy into your organization's security program.

The Zero-Trust Timer Is on for Federal Agencies — How Ready Are They?

A new study coincides with OMB’s finalization of its zero-trust strategy through 2024.

Crypto Agility: Solving for the Inevitable

The advent of viable quantum computers will threaten today’s encryption standards, which are the basis of Internet security. Cryptographic agility is the key to post-quantum computing security, although implementing it will be a formidable challenge.

The Looming CISO Mental Health Crisis — and What to Do About It, Part 2

Letting mental health issues fester may result in burnout and attrition, which affect both the company and the humans it employs.

Energy Sector Still Needs to Shut the Barn Door

One third of the companies studied haven't fixed their credential management — the same issue that led to the Colonial Pipeline hack last May.

The Looming CISO Mental Health Crisis — and What to Do About It, Part 1

The next big threat to corporate security may not be a new strain of malware or innovative attacker tactics, techniques, and processes. It may be our own mental health.

More Security Flaws Found in Apple's OS Technologies

Apple's latest updates included fixes for two zero-day flaws, several code execution bugs, and vulnerabilities that allowed attackers to bypass its core security protections.

Navigating Nobelium: Lessons From Cloud Hopper & NotPetya

Nearly every organization should assume that it is at risk, but there are ways of countering the tactics used by advanced persistent threats.

Data Privacy Day 2022: How Can AI Help in the Fight Against Ransomware?

Fewer than one-quarter of organizations believe they are fully prepared for a ransomware attack, threatening data privacy

Phishing Simulation Study Shows Why These Attacks Remain Pervasive

Email purportedly from human resources convinced more than one-fifth of recipients to click, the majority of whom did so within an hour of receiving the fraudulent message.

Security Service Edge: 4 Core Tenets for Your SASE Journey

Historically we've held network conversations to address security problems, but that doesn't work in a cloud-based world.

IFSEC Seeks Security Pros for New Survey on Physical Access Control

Take part in an IFSEC Global survey to better understand the state of access control in 2022.

With Cloud the Norm, Insiders Are Everywhere — and Pose Greater Risk

After companies accelerated their adoption of cloud infrastructure, remote workers are now insiders and pose significant risks, and costs, to companies.

Barracuda Expands Email and Endpoint Protection Capabilities in MSP Security Offerings

Barracuda enhances SKOUT Managed XDR offering via new integration with Barracuda Email Protection and alliance with SentinelOne for endpoint protection.

Censys Completes $35 Million Series B Funding Round Led by Intel Capital

Also names Brad Brooks as new CEO.

Log4j Proved Public Disclosure Still Helps Attackers

Disclosure also puts organizations in the awkward position of trying to mitigate a vulnerability without something like a vendor patch to do the job.

IT Pros May Use Cloud, But They Trust On-Prem More

While opinions about the trustworthiness of the cloud are split, everyone believes that's where hackers will focus their efforts.

JFrog's New Tools Flag Malicious JavaScript Packages

The three open source tools flag malicious JavaScript packages before they are downloaded and installed from the npm package manager.

Millions of Routers, IoT Devices at Risk as Malware Source Code Surfaces on GitHub

"BotenaGo" contains exploits for more than 30 vulnerabilities in multiple vendor products and is being used to spread Mirai botnet malware, security vendor says.

ArmorCode Closes $11 Million Seed Funding Round

Company will use new funds to extend its AppSecOps platform capabilities.

OMB Issues Zero-Trust Strategy for Federal Agencies

Federal officials tout the strategy as a more proactive approach to securing government networks.

Experts Urge Firms to Patch Trivial-to-Exploit Flaw in Linux PolicyKit

The memory corruption vulnerability in a policy component installed by default on most Linux distributions allows any user to become root. Researchers have already reproduced the exploit.

Cybersecurity Is Broken: How We Got Here & How to Start Fixing It

It's not just your imagination — malicious threats have exponentially increased organizational risk.

VPNLab.net Shuttered in Latest Spate of Global Takedowns

Europol and 10 nations seized servers and disconnected the anonymous network allegedly used by many cybercriminals in the latest effort to hobble cybercrime groups.

Why It's Time to Rethink Incident Response

The incident response landscape has changed drastically, largely from shifting attitudes among insurance companies and, to some extent, business customers feeling the pain of security incidents.

Fighting Supply Chain Email Attacks With AI

Supply chain account takeover is the most pressing issue facing email security today, but artificial intelligence can head off such attempts.

Revelstoke Launches With SOAR Platform to Automate SOCs

The SOAR platform helps CISOs automate the security operations center via a low-code/no-code platform.

Threat Actors Use Microsoft OneDrive for Command-and-Control in Attack Campaign

Signs hint at Russia's APT28, aka Fancy Bear, being behind the attacks, according to new research.

How Does Threat Modeling Work in Software Development?

Threat modeling should be a continuous process alongside development, not a one-time project.

Link11 Sets New Standards in DDoS Protection as Test Winner

In a recent performance test, cybersecurity provider Link11 was benchmarked against leading international security vendors and emerged as the winner. The study by Frost & Sullivan emphasized the importance of precise detection and speed in mitigating DDoS (Distributed Denial of Service) attacks.

8 Security Startups to Watch in 2022

Cloud security, API security, and incident response are among the issues up-and-coming security companies are working on.

Striking a Balance Between Cybersecurity Awareness and Anxiety

Employees don't have to be paralyzed by fear to keep the company safe. They just have to understand what threats look like and how to stop them.

As IoT Attacks Increase, Experts Fear More Serious Threats

Variants of the Mirai codebase are still a popular way to compromise and subvert Internet of Things devices, but experts fear more serious threats may be ahead.

4 Steps Toward Knowing Your Exploitable Attack Surface

Actionable steps you can take today to identify the true risk your organization faces — learn how to separate the exploitable vulnerabilities from the rest.

Cyber-Physical Security: What It Is and What You Should Do

Ancillary installations like the Internet of Things, operational technology, and industrial control systems enable lots of great functionality, and they face most of the same risks as IT infrastructure.

Test Your Team, Not Just Your Disaster Recovery Plan

Cyberattacks imperil business continuity, but there is a much more common security threat — unintentional human error.

Tales from the Dark Web, Part 2: Ransomware Stacked With Distribution Services Creates the Perfect Storm

Security professionals need to understand the actors behind ransomware threats, how they operate and how they continuously find new victims to target

Trickbot Injections Get Harder to Detect & Analyze

The authors of the infamous malware family have added measures for better protecting malicious code injections against inspection and research.

Registration for the (ISC)² Entry-Level Cybersecurity Certification Exam Pilot Program Is Now Open

New certification validates students' and career changers' foundational skills and helps kickstart their cybersecurity careers.

DHS Sounds Alarm on Potential for Major Russian Cyberattacks on US

Latest bulletin out of DHS advises state and local governments, critical infrastructure operators to be on alert.

The Case for Backing Up Source Code

As enterprise data security concerns grow, security experts urge businesses to back up their GitLab, GitHub, and BitBucket repositories.

Ransomware Operators Are Feeling the Heat

Ransomware has maintained its dominance the past few years; however, increased law enforcement attention may result in changes to how it looks in the future.

Are You Prepared to Defend Against a USB Attack?

Recent "BadUSB" attacks serve as a reminder of the big damage that small devices can cause.

A Level-Set on Russia-Borne Cyber Threats

As hostilities mount between Russia and Ukraine, new and more dangerous cyberattacks are likely to develop. Pinpointing sources and motives will remain elusive, but enterprises should prepare for an escalation in cyberspace.

IT Leaders Consider Security Tech a Part of Business Transformation

Security makes the top 10 list of technologies changing how organizations operate, an indicator of how information security is increasingly viewed as a strategic business initiative.

Fraud Is On the Rise, and It's Going to Get Worse

The acceleration of the digital transformation resulted in a surge of online transactions, greater adoption of digital payments, and increased fraud.