Reactive or Proactive? Making the Case for New Kill Chains
Classic kill chain models that aim to find and stop external attacks don't account for threats from insiders. Here what a modern kill chain should include.
Consumers Rank Security High in Payment Decisions
Security is a top priority when it comes to making decisions on payment methods and technologies.
iOS 12 2FA Feature May Carry Bank Fraud Risk
Making two-factor authentication faster could also make it less secure.
10 Tips for More Secure Mobile Devices
Mobile devices can be more secure than traditional desktop machines - but only if the proper policies and practices are in place and in use.
Secure Code: You Are the Solution to Open Source’s Biggest Problem
Seventy-eight percent of open source codebases examined in a recent study contain at least one unpatched vulnerability, with an average of 64 known vulnerabilities per codebase.
Inside a SamSam Ransomware Attack
Here's how hackers use network tools and stolen identities to turn a device-level compromise into an enterprise-level takedown.
3 Tips for Driving User Buy-in to Security Policies
Teaching users why it's important to commit to security controls is a far more effective strategy than simply demanding that they follow them. Here's how.
Survey Shows Florida at the Bottom for Consumer Cybersecurity
A new survey shows that residents of the Sunshine State engage in more risky behavior than their counterparts in the other 49 states.
Fortinet Completes Bradford Networks Purchase
NAC and security firm added to Fortinet's portfolio.
5 Tips for Protecting SOHO Routers Against the VPNFilter Malware
Most home office users need to simply power cycle their routers and disable remote access; enterprises with work-at-home employees should move NAS behind the firewall.
The Good News about Cross-Domain Identity Management
Adoption of the SCIM open source, standards-based approach for syncing user information between applications is ratcheting up among SaaS vendors as well as enterprises.
Facebook Must Patch 2 Billion Human Vulnerabilities; How You Can Patch Yours
The situation Facebook is in should be prompting all security teams to evaluate just how defenseless or protected the people in their organizations are.
6 Ways Third Parties Can Trip Up Your Security
Poor access control, inadequate patch management, and non-existent DR practices are just some of the ways a third party can cause problems
More Than Half of Users Reuse Passwords
Users are terrible at passwords and the problem is only getting worse, according to an expansive study of more than 100 million passwords and their owners.
What Should Post-Quantum Cryptography Look Like?
Researchers are tackling the difficult problem of transitioning toward a new mode of cryptographic protections that won't break under the pressure of quantum computing power.
GDPR 101: Keeping Data Safe Throughout the 'Supply Chain'
There are a lot of moving pieces involved with data collection, retention, and processing in the EU's new General Data Protection Regulation. Here's how to break down responsibilities between your security team and service providers.
How to Hang Up on Fraud
Three reasons why the phone channel is uniquely vulnerable to spoofing and what call centers are doing about it.
California Teen Arrested for Phishing Teachers to Change Grades
The student faces 14 felony counts for using a phishing campaign to steal teachers' credentials and alter students' grades.
Why Isn't Integrity Getting the Attention It Deserves?
A focus on integrity requires a shift in the way many approach security management, but it's one of the most promising approaches to effective enterprise security.
FIDO Alliance Appoints Facebook to Board of Directors
Facebook joins Google, Microsoft, Amazon, and Intel, all among major influential tech companies backing FIDO authentication.
Compliance Complexity: The (Avoidable) Risks of Not Playing by the Rules
Achieving compliance is a challenging process, but with the right systems and customized data management policy, your organization can stay ahead of the next data breach -- and the regulators.
10 Lessons From an IoT Demo Lab
The Demo Lab at InteropITX 2018 was all about IoT and the traffic - legitimate and malicious - it adds to an enterprise network.
6 Enterprise Password Managers That Lighten the Load for Security
EPMs offer the familiar password wallet with more substantial administrative management and multiple deployment models.
Spring Clean Your Security Systems: 6 Places to Start
The sun is shining and you have an extra kick in your step. Why not use that newfound energy to take care of those bothersome security tasks you've put off all winter?
A Data Protection Officer's Guide to GDPR 'Privacy by Design'
These five steps can show you how to start building your foundational privacy program for the EU's General Data Protection Regulation.
'Zero Login:' The Rise of Invisible Identity
Will new authentication technologies that recognize users on the basis of their behaviors finally mean the death of the despised password?
12 Trends Shaping Identity Management
As IAM companies try to stretch 'identity context' into all points of the cybersecurity market, identity is becoming 'its own solar system.'
Despite Risks, Nearly Half of IT Execs Don't Rethink Cybersecurity after an Attack
A recent survey reveals a troubling degree of security inertia lurking among scores of organizations. But there are a few bright spots.
Why Information Integrity Attacks Pose New Security Challenges
To fight information integrity attacks like the ones recently perpetrated by bots on the FCC's website, we need to change our stance and look for the adversaries hiding in plain sight.
'Stresspaint' Targets Facebook Credentials
New malware variant goes after login credentials for popular Facebook pages.
Digital Identity Makes Headway Around the World
The US is lagging behind the digital ID leaders.
Biometrics Are Coming & So Are Security Concerns
Could these advanced technologies be putting user data at risk?
8 Ways Hackers Monetize Stolen Data
Hackers are craftier than ever, pilfering PII piecemeal so bad actors can combine data to set up schemes to defraud medical practices, steal military secrets and hijack R&D product information.
Companies Still Suffering From Poor Credential Hygiene: New Report
Credentials are being mis-handled and it's hurting most companies, according to a new report out today.
Cisco, ISARA to Test Hybrid Classic, Quantum-Safe Digital Certificates
Goal is to make it easier for organizations to handle the migration to quantum computing when it becomes available.
HTTP Injector Steals Mobile Internet Access
Users aren't shy about sharing the technique and payload in a new attack.
Protect Yourself from Online Fraud This Tax Season
Use these tips to stay safe online during everyone's least-favorite time of the year.
Report: White House Email Domains Poorly Protected from Fraud
Only one Executive Office of the President email domain has fully implemented DMARC, according to a new report.
Phantom Secure 'Uncrackable Phone' Execs Indicted for RICO Crimes
Executives of Phantom Secure have been indicted on federal RICO charges for encrypting communications among criminals.
Voice-Operated Devices, Enterprise Security & the 'Big Truck' Attack
The problem with having smart speakers and digital assistants in the workplace is akin to having a secure computer inside your office while its wireless keyboard is left outside for everyone to use.
Segmentation: The Neglected (Yet Essential) Control
Failure to deploy measures to contain unauthorized intruders is a recipe for digital disaster.
Medical Apps Come Packaged with Hardcoded Credentials
Vulnerabilities in DocuTrac applications also include weak encryption, according to Rapid7.
IoT Product Safety: If It Appears Too Good to Be True, It Probably Is
Proposed new connected-product repair laws will provide hackers with more tools to make our lives less secure.
DevSecOps: The Importance of Building Security from the Beginning
Here are four important areas to tackle in order to master DevSecOps: code, privacy, predictability, and people.
Privilege Abuse Attacks: 4 Common Scenarios
It doesn't matter if the threat comes from a disgruntled ex-employee or an insider anticipating financial gain, privilege abuse patterns are pretty much the same, and they're easy to avoid.
Identity Management: Where It Stands, Where It's Going
How companies are changing the approach to identity management as people become increasingly digital.
What Enterprises Can Learn from Medical Device Security
In today's cloud-native world, organizations need a highly distributed approach that ties security to the workload itself in order to prevent targeted attacks.
How to Secure 'Permissioned' Blockchains
At the heart of every blockchain is a protocol that agrees to the order and security of transactions in the next block. Here's how to maintain the integrity of the chain.
Leveraging Security to Enable Your Business
When done right, security doesn't have to be the barrier to employee productivity that many have come to expect. Here's how.
Takeaways from the Russia-Linked US Senate Phishing Attacks
The Zero Trust Security approach could empower organizations and protect their customers in ways that go far beyond typical security concerns.
|