News & Commentary

The research around a recent vulnerability shows how researchers follow leads and find unexpected results.

8 Cybersecurity Myths Debunked

Commentary | 1/31/2019 |

The last thing any business needs is a swarm of myths and misunderstandings seeding common and frequent errors organizations of all sizes make in safeguarding data and infrastructure.

Dell, CrowdStrike, Secureworks Join Forces to Secure Endpoints

News | 1/31/2019 |

Dell SafeGuard and Response is geared toward businesses, governments, and schools that may lack resources they need to detect and remediate sophisticated threats.

Airbus Employee Info Exposed in Data Breach

Quick Hits | 1/31/2019 |

Few details as yet on a cyberattack that hit Airbus' commercial aircraft business.

For a Super Security Playbook, Take a Page from Football

Commentary | 1/31/2019 |

Four key questions to consider as you plan out your next winning security strategy.

Justice Dept. Alerting Victims of North Korean Botnet Infections

Quick Hits | 1/30/2019 |

US officials disrupt North Korea's Joanap attack infrastructure.

Rubrik Data Leak is Another Cloud Misconfiguration Horror Story

News | 1/30/2019 |

A server security mishap exposed vast stores of data belonging to clients of Rubrik, a security and cloud management firm.

Massive DDoS Attack Generates 500 Million Packets per Second

News | 1/30/2019 |

January 10 torrent involved nearly four times as many packets as last year's huge attack on GitHub, says Imperva.

Iran Ups its Traditional Cyber Espionage Tradecraft

News | 1/30/2019 |

Newly named APT39 hacking team exemplifies Iran's growing sophistication in nation-state hacking operations.

Yes, You Can Patch Stupid

Commentary | 1/30/2019 |

5 comments

Before you start calling users stupid, remember that behind every stupid user is a stupider security professional.

Discover Issues New Cards Following Data Breach

Quick Hits | 1/30/2019 |

The credit card company reports Discover's card systems were not involved in the breach, discovered in August 2018.

Access Control Lists: 6 Key Principles to Keep in Mind

Slideshows | 1/30/2019 |

Build them carefully and maintain them rigorously, and ACLs will remain a productive piece of your security infrastructure for generations of hardware to come.

Open Source & Machine Learning: A Dynamic Duo

Commentary | 1/30/2019 |

In recent months, machine-learning code has become readily available in the open source community, putting security analysts on a path toward easier data pattern recognition.

Microsoft Exchange Vuln Enables Attackers to Gain Domain Admin Privileges

News | 1/29/2019 |

Anyone with access to an Exchange mailbox can take control of domain, security researcher says.

FaceTime Bug an AppSec Fail

News | 1/29/2019 |

Apple has shut off Group FaceTime while it prepares a fix for a newly found security flaw found by a 14-year-old gamer.

Americans Worried More About Computer - Not Border - Security

Quick Hits | 1/29/2019 |

A new survey shows more Americans are more concerned about their computer's security than the US border's.

Remote Access & the Diminishing Security Perimeter

Commentary | 1/29/2019 |

Where security really matters, the enterprise is only as secure as the endpoints it allows to access its sensitive core systems.

Symantec Rolls Out New Endpoint Security Tools, Updates

Quick Hits | 1/29/2019 |

Today's releases include more advanced EDR tools, a new managed EDR service, and protection and hardening for Symantec's endpoint portfolio.

Creating a Security Culture & Solving the Human Problem

Commentary | 1/29/2019 |

People are the biggest weakness to security breaches; people can also be your organization's biggest defense.

Turn Off FaceTime in Apple iOS Now, Experts Warn

Quick Hits | 1/28/2019 |

Newly found bug reportedly allows callers to spy on you – even if you don't pick up.

US Law Enforcement Shuts Down Massive Marketplace for Compromised Servers

News | 1/28/2019 |

At its peak, xDedic listed over 70,000 owned servers that buyers could purchase for prices starting as low as $6 each.

Japan Authorizes IoT Hacking

Quick Hits | 1/28/2019 |

7 comments

A new campaign will see government employees hacking into personal IoT devices to identify those at highest security risk.

Why Privacy Is Hard Work

Commentary | 1/28/2019 |

For Data Privacy Day, let's commit to a culture of privacy by design, nurtured by a knowledgeable team that can execute an effective operational compliance program.

3 Ways Companies Mess Up GDPR Compliance the Most

Commentary | 1/28/2019 |

The best way to conform to the EU's new privacy regulation is to assume that you don't need to hold on to personal data, versus the opposite.

Internet Society to Issue Privacy Code of Conduct

News | 1/25/2019 |

In time for Data Privacy Day, on Monday, the nine-point guidance will offer insights into how companies can more effectively manage personal data.

Ukraine Sees Surge in Election-Targeted Cyberattacks

Quick Hits | 1/25/2019 |

The nation suspects Russia's hand in the attacks, which seem aimed at disrupting the upcoming presidential election.

Satya Nadella: Privacy Is a Human Right

Quick Hits | 1/25/2019 |

In a talk at the World Economic Forum, Microsoft's CEO voiced support for GDPR and expressed hope the United States creates a similar approach to privacy.

Credential Compromises by the Numbers

Slideshows | 1/25/2019 |

Recent statistics show just how much credential stealing has become a staple in the attacker playbook.

The 5 Stages of CISO Success, Past & Future

Commentary | 1/25/2019 |

In cybersecurity, as in history, security leaders who forget the lessons of the past will be doomed to repeat them.

After Eight Years, Metasploit Gets Its First Major Update

News | 1/24/2019 |

Metasploit 5.0 offers a host of service-oriented features, along with a new commitment from Rapid7 for regular releases.

Cisco Study Finds Fewer Data Breaches at GDPR-Ready Firms

News | 1/24/2019 |

9 comments

Many organizations find that getting their data privacy house in order is paying off.

Cyberattackers Bait Financial Firms with Google Cloud Platform

News | 1/24/2019 |

A new wave of attacks abuses the Google Cloud Platform URL redirection in PDF decoys, sending users to a malicious link.

Database of 24 Million Mortgage, Loan Records Left Exposed Online

News | 1/24/2019 |

Breach latest example of how misconfigurations, human errors undermine security in a big way, experts say.

Collateral Damage: When Cyberwarfare Targets Civilian Data

Commentary | 1/24/2019 |

You can call it collateral damage. You can call it trickledown cyberwarfare. Either way, foreign hacker armies are targeting civilian enterprises as a means of attacking rival government targets.

New Phishing Campaign Packs Triple Threat

Quick Hits | 1/24/2019 |

Attack threatens victims with three "deadly malware" infestations if they don't give up critical email account credentials.

Cloud Customers Faced 681M Cyberattacks in 2018

Quick Hits | 1/24/2019 |

11 comments

The most common attacks involved software vulnerabilities, stolen credentials, Web applications, and IoT devices.

Why Cybersecurity Must Be a Top Priority for Small & Midsize Businesses

Commentary | 1/24/2019 |

9 comments

The big corporations may grab the headlines, but America's SMBs have the most to lose in the aftermath of a data breach.

RF Hacking Research Exposes Danger to Construction Sites

News | 1/23/2019 |

Trend Micro team unearthed 17 vulnerabilities among seven vendors' remote controller devices.

DHS Issues Emergency Directive on DNS Security

News | 1/23/2019 |

9 comments

All government domain owners are instructed to take immediate steps to strengthen the security of their DNS servers following a successful hacking campaign.

'Anatova' Emerges as Potentially Major New Ransomware Threat

News | 1/23/2019 |

Modular design, ability to infect network shares make the malware dangerous, McAfee says.

Aging PCs Running Out-of-Date Software Bring Security Worries

Quick Hits | 1/23/2019 |

Age is an issue with application languages and frameworks, too.

The Evolution of SIEM

Commentary | 1/23/2019 |

Expectations for these security information and event management systems have grown over the years, in ways that just aren't realistic.

Google Creates Online Phishing Quiz

Quick Hits | 1/23/2019 |

4 comments

Google Alphabet incubator Jigsaw says knowing how to spot a phish plus two-factor authentication are the best defenses against falling for a phishing email.

Cybercriminals Home in on Ultra-High Net Worth Individuals

News | 1/23/2019 |

Research shows that better corporate security has resulted in some hackers shifting their sights to the estates and businesses of wealthy families.

Think Twice Before Paying a Ransom

Commentary | 1/23/2019 |

Why stockpiling cryptocurrency or paying cybercriminals is not the best response.

Enterprise Malware Detections Up 79% as Attackers Refocus

News | 1/23/2019 |

A new report on the state of malware shows a spike in B2B malware, with former banking Trojans Emotet and TrickBot topping the list.

Stealthy New DDoS Attacks Target Internet Service Providers

News | 1/22/2019 |

Adversaries took advantage of the large attack surface of large communications networks to spread small volumes of junk traffic across hundreds of IP prefixes in Q3 2018, Nexusguard says.

Hack of Plug-in Website Ruffles WordPress Community

News | 1/22/2019 |

An intruder thought to be a former employee used a backdoor into the WPML website to skim email addresses and send a mass email blast.

Security Talent Continues to Fetch Top Dollar on IT Job Market

Quick Hits | 1/22/2019 |

IT and cybersecurity positions continue to rank near the top of the salary ranges paid to IT professionals, according to a new survey.

The Fact and Fiction of Homomorphic Encryption

Commentary | 1/22/2019 |