How Proactive Threat Hunting Redefines the Zero-Day

Threat hunters are continuously and actively scouring the environment for clues of a malicious incursion.

4 Keys to Bridging the Gap Between Security and Developers

Security personnel's priority is protecting the organization. Developers are trying to hit tight timelines. Here's how both groups can get get their needs met.

Russian Actors Targeting US Defense Contractors in Cyber Espionage Campaign, CISA Warns

Sensitive data stolen on US weapons development and deployment, product development, foreign partnerships, contracts, and more.

SentinelOne Launches DataSet

With the launch, SentinelOne has appointed Rahul Ravulur to lead the new data analytics solution.

FBI: Cybercriminals Using Virtual Meeting Platforms to Wage BEC Attacks

Attackers are increasingly executing business email compromise (BEC) scams by impersonation of executives via virtual meetings.

MITRE Engenuity Center for Threat-Informed Defense Unveils New Affiliate Program

Program showcases industry adoption of the center's R&D resources to increase community awareness and advance threat-informed defense.

Cybercriminals Have Changed Tactics

Truesec's annual Threat Intelligence Report for 2022 shows a sharp increase in the number of cyber attacks against organizations in Scandinavia and worldwide.

Kryptowire Receives Funding from USVP and Crosslink Capital

New funding will be used to accelerate the adoption of intrusion-free mobile security into targeted verticals.

Pixelating Text Leads to Information Leakage, Warns Firm

Blurring text isn't enough to obscure sensitive information. An offensive-security firm releases a tool showing how information can still be exposed.

How to Fight the Novel Software Supply Chain Attacks of Tomorrow

In the past year, attackers have focused on the lucrative supply chain. Organizations need to defend against such attacks, even inside their perimeters.

Pixelating Text Leads to Information Leakage, Warns Firm

Blurring text isn't enough to obscure sensitive information. An offensive-security firm releases a tool showing how information can still be exposed.

SANS Institute Launches Cybersecurity Education Scholarship for HBCU Students and Alumni

Applications will be open throughout all Black History Month and accepted until March 1, 2022.

Laminar Announces General Availability of Cloud Data Security Platform

Solution monitors and protects public cloud data.

DoD Awards Attivo Networks Contract for Ransomware Mitigation

Contract extends Attivo’s strategic support to the three major branches of the DoD – Air Force, Army, and Navy.

Where AI Falls Down in Cybersecurity

Almost every cybersecurity product claims to incorporate AI. Sometimes, though, that's a mirage.

Hybrid Work Accelerated Fraud; Now, CSOs Are Taking a Seat at the Executive Table

The days of security as a second-class citizen are over.

Be Flexible About Where People Work — But Not on Data Privacy

If your policies don't keep up with your work models, your company's sensitive information could be at risk.

Infineon’s Latest Chip Tackles Post-Quantum Security

Infineon’s latest Trusted Platform Module has a mechanism to still update device firmware after quantum computing breaks existing algorithms.

Securonix Secures Over $1B in Growth Investment From Vista Equity

Deal is the second one topping $1 billion since November and sets the stage for what could be another record-breaking year for investment in the cybersecurity industry.

Akamai To Acquire Linode

Akamai will discuss the acquisition on its Q4 and year end 2021 financial results conference call today, February 15, at 4:30 p.m. ET.

FBI, US Secret Service Issue Mitigations for BlackByte Ransomware

Joint Cybersecurity Advisory from federal law enforcement includes indicators of compromise associated with the ransomware variant.

Machine Learning in 2022: Data Threats and Backdoors?

While research illustrates some sly threats, experts say attackers will likely focus on data exposure and finding ways to fool algorithms.

How Nonprofits Can Evade Ransomware Attacks

Just as small businesses can't be complacent, nonprofits also need to prepare for cyberattacks.

Red Canary Launches Partner Program

Red Canary Partner Connect will unite a diverse ecosystem of incident response, risk and managed services partners.

The Unsettling Reason Why Your Help Desk May Be Your Greatest Security Vulnerability

A rogue help-desk employee could gain access to user accounts through unauthorized password resets. It's time to bring zero trust to the help desk.

3 Critical Software Development Security Trends and Best Practices

Organizations should focus on proactive, development-based approaches to security.

Netacea Announces $12M Series A Investment

New funding will be used to grow Netacea’s presence in US and UK bot mitigation markets.

2022 Executive Women's Forum Annual Conference to Be In Person for 20th Anniversary Celebration

This year’s theme is “Celebrating 20 Years of Building Women Leaders.”

NYU Tandon Launches Chief Information Security Officer Program

Featuring in-depth core sessions and topical electives, the nine-month program takes a risk-based approach to cyber strategy.

Bugcrowd Announces Real-Time Customer Visibility and Improved Crowd-matching For Penetration Testing as a Service Solution

New features include a rich dashboard with customer visibility into the progress of methodology-based pen tests.

CompTIA ISAO and IT-ISAC Urge Technology Companies to Elevate Cybersecurity Monitoring, Readiness in Response to Rising Geopolitical Tensions

The CompTIA ISAO and IT-ISAC teams will continue to provide updated reporting and share new threat information as it becomes available.

How to Make Cybersecurity Effective and Invisible

Cybersecurity should be a shield that protects the business, not a barrier that holds it back.

San Francisco 49ers Hit With a Ransomware Attack

AP report says NFL team organization acknowledged a "network security incident" that affected its corporate IT network.

8 of the Biggest Cybersecurity M&As & Investment Deals in 2021

There were more financial deals in cybersecurity last year than in any previous year.

One Identity Enhances Unified Identity Security Platform with CIEM, Application Governance and Teams Modules

Plans to further advance vision for end-to-end identity security.

(ISC)² to Pilot Online Proctored Exams for CISSP in U.S., U.K. and Singapore

Second pilot program will assess feasibility and security of offering online exams to increase global accessibility for certification candidates.

LogRhythm Unveils New Brand Identity

Announcement comes in advance of new technology offerings in 2022.

Could Biology Hold the Clue to Better Cybersecurity?

Sophisticated malware attacks underscore the need for a more dynamic security framework, inspired by biological concepts.

Ransomware Threat Intel: You're Soaking In It!

Organizations need to improve their ability to detect and prevent emerging ransomware attacks.

5 Reasons Why Civil Discourse Is Good for Security

A cordial environment helps valuable input reach those who can use it to improve the organization's security posture.

DDoS Attacks on a Tear in Q4 2021

New data from Kaspersky shows distributed denial-of-service attacks increased by more than 50% in the fourth quarter of last year compared with the third quarter.

Aviatrix Enhances Secure Cloud Networking with Network Behavior Analytics

New capabilities added to Aviatrix ThreatIQ improve enterprise security posture to reduce business risk.

Seven Key Ingredients to Effective Incident Response

With ransomware attacks on the rise, organizations need to upgrade their incident response processes to improve speed and precision.

Google Paid Record $8.7 Million to Bug Hunters in 2021

Company's Chrome and Android technologies continued to be target-rich environments for security researchers from around the world.

BlackBerry Seeks to Restore Its Past Glory With Services Push

Selling security software might prove easier than selling phones, but can BlackBerry outsmart its competition?

What CISOs Should Tell the Board About Log4j

It's time for a reset with the board of directors. Very few have a dedicated, board-level cybersecurity committee, which means cybersecurity isn't viewed as a critical executive function.

Retailers' Offboarding Procedures Leave Potential Risks

IT teams need to consider unforeseen threats to avoid violating privacy regulations and supplier contracts.

Credential-Stuffing Attacks on Remote Windows Systems Took Off in 2021

Password-guessing became last year's weapon of choice, as attackers attempted to brute-force vulnerable Remote Desktop Protocol (RDP) servers, SQL databases, and SMB file shares.

Apple Releases Security Update for Webkit Flaw

A Webkit use-after-free vulnerability in iOS, iPadOS, Monterey, and Safari may already have been exploited, Apple said in a security advisory issued today.

Defense Contractors Need to Check Their Six

Companies overall met government standards, but poor credential management left vulnerabilities.

Dynatrace Adds Real-Time Attack Detection and Blocking, Advancing Cloud Application Security

Application Security Module unifies multicloud observability and advanced AIOps with real-time vulnerability management and defense.

Dynatrace Launches DevSecOps Automation Alliance Partner Program

Program enables alliance and solution partners to extend the capabilities of their DevSecOps offerings through seamless integrations with the Dynatrace platform.

Orca Security Adds Expanded CIEM Capabilities and Multi-Cloud Security Score to Cloud Platform

Expands cloud infrastructure entitlement management capabilities, adds cloud security benchmarking, and support for Kubernetes compliance frameworks.

Allure Security Raises $6.8 Million Seed Funding Round

Funding led by Gutbrain Ventures.

Titaniam Secures $6 Million in Seed Funding

Funding round led by Refinery Ventures, with participation from Fusion Fund and Shasta Ventures.

Data Transparency Hasn't Made Us Safer Yet. Can It Uncover Breach Causality?

Advanced machine learning models within an XDR framework could uncover what actually causes breaches, but first we need better data transparency.

Bot Marketplaces as a Source of Future Data Breaches

Of the four bot marketplaces Cognyte analyzed, the Russian Market is the most dominant, but the others are all active, updated daily, and well-known, too.

Putting AI to Practical Use in Cybersecurity

Almost every cybersecurity product has an AI component. Here is where it's working in the real world.

Experts: Several CVEs From Microsoft's February Security Update Require Prompt Attention

Microsoft's release of relatively sparse vulnerability information makes it difficult for organizations to prioritize mitigation efforts, security experts say.

Linux Malware on the Rise

Ransomware, cryptojacking, and a cracked version of the penetration-testing tool Cobalt Strike have increasingly targeted Linux in multicloud infrastructure, report states.