News & Commentary

Classic kill chain models that aim to find and stop external attacks don't account for threats from insiders. Here what a modern kill chain should include.

Consumers Rank Security High in Payment Decisions

Quick Hits | 7/3/2018 |

Security is a top priority when it comes to making decisions on payment methods and technologies.

iOS 12 2FA Feature May Carry Bank Fraud Risk

Quick Hits | 7/2/2018 |

Making two-factor authentication faster could also make it less secure.

10 Tips for More Secure Mobile Devices

Slideshows | 6/27/2018 |

3 comments

Mobile devices can be more secure than traditional desktop machines - but only if the proper policies and practices are in place and in use.

Secure Code: You Are the Solution to Open Source’s Biggest Problem

Commentary | 6/25/2018 |

Seventy-eight percent of open source codebases examined in a recent study contain at least one unpatched vulnerability, with an average of 64 known vulnerabilities per codebase.

Inside a SamSam Ransomware Attack

Commentary | 6/20/2018 |

Here's how hackers use network tools and stolen identities to turn a device-level compromise into an enterprise-level takedown.

3 Tips for Driving User Buy-in to Security Policies

Commentary | 6/18/2018 |

Teaching users why it's important to commit to security controls is a far more effective strategy than simply demanding that they follow them. Here's how.

Survey Shows Florida at the Bottom for Consumer Cybersecurity

News | 6/6/2018 |

A new survey shows that residents of the Sunshine State engage in more risky behavior than their counterparts in the other 49 states.

Fortinet Completes Bradford Networks Purchase

Quick Hits | 6/4/2018 |

3 comments

NAC and security firm added to Fortinet's portfolio.

5 Tips for Protecting SOHO Routers Against the VPNFilter Malware

Slideshows | 6/2/2018 |

4 comments

Most home office users need to simply power cycle their routers and disable remote access; enterprises with work-at-home employees should move NAS behind the firewall.

The Good News about Cross-Domain Identity Management

Commentary | 5/31/2018 |

Adoption of the SCIM open source, standards-based approach for syncing user information between applications is ratcheting up among SaaS vendors as well as enterprises.

Facebook Must Patch 2 Billion Human Vulnerabilities; How You Can Patch Yours

Commentary | 5/31/2018 |

The situation Facebook is in should be prompting all security teams to evaluate just how defenseless or protected the people in their organizations are.

6 Ways Third Parties Can Trip Up Your Security

Slideshows | 5/29/2018 |

Poor access control, inadequate patch management, and non-existent DR practices are just some of the ways a third party can cause problems

More Than Half of Users Reuse Passwords

News | 5/24/2018 |

4 comments

Users are terrible at passwords and the problem is only getting worse, according to an expansive study of more than 100 million passwords and their owners.

What Should Post-Quantum Cryptography Look Like?

News | 5/23/2018 |

Researchers are tackling the difficult problem of transitioning toward a new mode of cryptographic protections that won't break under the pressure of quantum computing power.

GDPR 101: Keeping Data Safe Throughout the 'Supply Chain'

Commentary | 5/22/2018 |

There are a lot of moving pieces involved with data collection, retention, and processing in the EU's new General Data Protection Regulation. Here's how to break down responsibilities between your security team and service providers.

How to Hang Up on Fraud

Commentary | 5/18/2018 |

Three reasons why the phone channel is uniquely vulnerable to spoofing and what call centers are doing about it.

California Teen Arrested for Phishing Teachers to Change Grades

Quick Hits | 5/17/2018 |

The student faces 14 felony counts for using a phishing campaign to steal teachers' credentials and alter students' grades.

Why Isn't Integrity Getting the Attention It Deserves?

Commentary | 5/17/2018 |

A focus on integrity requires a shift in the way many approach security management, but it's one of the most promising approaches to effective enterprise security.

FIDO Alliance Appoints Facebook to Board of Directors

Quick Hits | 5/16/2018 |

Facebook joins Google, Microsoft, Amazon, and Intel, all among major influential tech companies backing FIDO authentication.

Compliance Complexity: The (Avoidable) Risks of Not Playing by the Rules

Commentary | 5/9/2018 |

Achieving compliance is a challenging process, but with the right systems and customized data management policy, your organization can stay ahead of the next data breach -- and the regulators.

10 Lessons From an IoT Demo Lab

Slideshows | 5/7/2018 |

The Demo Lab at InteropITX 2018 was all about IoT and the traffic - legitimate and malicious - it adds to an enterprise network.

6 Enterprise Password Managers That Lighten the Load for Security

Slideshows | 5/3/2018 |

EPMs offer the familiar password wallet with more substantial administrative management and multiple deployment models.

Spring Clean Your Security Systems: 6 Places to Start

Commentary | 5/2/2018 |

The sun is shining and you have an extra kick in your step. Why not use that newfound energy to take care of those bothersome security tasks you've put off all winter?

A Data Protection Officer's Guide to GDPR 'Privacy by Design'

Commentary | 5/1/2018 |

These five steps can show you how to start building your foundational privacy program for the EU's General Data Protection Regulation.

'Zero Login:' The Rise of Invisible Identity

Commentary | 4/27/2018 |

Will new authentication technologies that recognize users on the basis of their behaviors finally mean the death of the despised password?

12 Trends Shaping Identity Management

Slideshows | 4/26/2018 |

As IAM companies try to stretch 'identity context' into all points of the cybersecurity market, identity is becoming 'its own solar system.'

Despite Risks, Nearly Half of IT Execs Don't Rethink Cybersecurity after an Attack

Commentary | 4/25/2018 |

6 comments

A recent survey reveals a troubling degree of security inertia lurking among scores of organizations. But there are a few bright spots.

Why Information Integrity Attacks Pose New Security Challenges

Commentary | 4/25/2018 |

3 comments

To fight information integrity attacks like the ones recently perpetrated by bots on the FCC's website, we need to change our stance and look for the adversaries hiding in plain sight.

'Stresspaint' Targets Facebook Credentials

News | 4/24/2018 |

New malware variant goes after login credentials for popular Facebook pages.

Digital Identity Makes Headway Around the World

Commentary | 4/23/2018 |

The US is lagging behind the digital ID leaders.

Biometrics Are Coming & So Are Security Concerns

Commentary | 4/20/2018 |

Could these advanced technologies be putting user data at risk?

8 Ways Hackers Monetize Stolen Data

Slideshows | 4/17/2018 |

4 comments

Hackers are craftier than ever, pilfering PII piecemeal so bad actors can combine data to set up schemes to defraud medical practices, steal military secrets and hijack R&D product information.

Companies Still Suffering From Poor Credential Hygiene: New Report

Quick Hits | 4/16/2018 |

Credentials are being mis-handled and it's hurting most companies, according to a new report out today.

Cisco, ISARA to Test Hybrid Classic, Quantum-Safe Digital Certificates

News | 4/13/2018 |

Goal is to make it easier for organizations to handle the migration to quantum computing when it becomes available.

HTTP Injector Steals Mobile Internet Access

News | 4/10/2018 |

Users aren't shy about sharing the technique and payload in a new attack.

Protect Yourself from Online Fraud This Tax Season

Commentary | 4/6/2018 |

Use these tips to stay safe online during everyone's least-favorite time of the year.

Report: White House Email Domains Poorly Protected from Fraud

Quick Hits | 4/4/2018 |

Only one Executive Office of the President email domain has fully implemented DMARC, according to a new report.

Phantom Secure 'Uncrackable Phone' Execs Indicted for RICO Crimes

Quick Hits | 3/16/2018 |

Executives of Phantom Secure have been indicted on federal RICO charges for encrypting communications among criminals.

Voice-Operated Devices, Enterprise Security & the 'Big Truck' Attack

Commentary | 3/15/2018 |

The problem with having smart speakers and digital assistants in the workplace is akin to having a secure computer inside your office while its wireless keyboard is left outside for everyone to use.

Segmentation: The Neglected (Yet Essential) Control

Commentary | 3/14/2018 |

Failure to deploy measures to contain unauthorized intruders is a recipe for digital disaster.

Medical Apps Come Packaged with Hardcoded Credentials

News | 3/14/2018 |

Vulnerabilities in DocuTrac applications also include weak encryption, according to Rapid7.

IoT Product Safety: If It Appears Too Good to Be True, It Probably Is

Commentary | 3/12/2018 |

Proposed new connected-product repair laws will provide hackers with more tools to make our lives less secure.

DevSecOps: The Importance of Building Security from the Beginning

Commentary | 3/9/2018 |

Here are four important areas to tackle in order to master DevSecOps: code, privacy, predictability, and people.

Privilege Abuse Attacks: 4 Common Scenarios

Commentary | 3/7/2018 |

It doesn't matter if the threat comes from a disgruntled ex-employee or an insider anticipating financial gain, privilege abuse patterns are pretty much the same, and they're easy to avoid.

Identity Management: Where It Stands, Where It's Going

News | 3/6/2018 |

How companies are changing the approach to identity management as people become increasingly digital.

What Enterprises Can Learn from Medical Device Security

Commentary | 3/1/2018 |

In today's cloud-native world, organizations need a highly distributed approach that ties security to the workload itself in order to prevent targeted attacks.

How to Secure 'Permissioned' Blockchains

Commentary | 2/28/2018 |

At the heart of every blockchain is a protocol that agrees to the order and security of transactions in the next block. Here's how to maintain the integrity of the chain.

Leveraging Security to Enable Your Business

Commentary | 2/23/2018 |