Commentary
Latest Content
|
Google's Origin & the Danger of Link Sharing
How the act of sharing links to files stored in a public cloud puts organizations at risk, and what security teams can do to safeguard data and PII.
Incident Response: 3 Easy Traps & How to Avoid Them
Sage legal advice about navigating a data breach from a troubleshooting cybersecurity outside counsel.
Proving the Value of Security Awareness with Metrics that 'Deserve More'
Without metrics that matter to the business, awareness programs will continue to be the bastard child of security.
The 3 Cybersecurity Rules of Trust
Every day, keeping anything secure requires being smart about trust. The rules of trust will keep you and your data safer.
To Narrow the Cyber Skills Gap with Attackers, Cut the Red Tape
Attackers are getting further ahead, and entrenched corporate rules shoulder much of the blame.
Old Threats Are New Again
They may look familiar to you, and that isn't a coincidence. New threats are often just small twists on old ones.
Financial Sector Under Siege
The old take-the-money-and-run approach has been replaced by siege tactics such as DDOS attacks and land-and-expand campaigns with multiple points of persistence and increased dwell time.
Killer SecOps Skills: Soft Is the New Hard
The sooner we give mindsets and tool sets equal bearing, the better. We must put SOC team members through rigorous training for emergency situations.
A Trustworthy Digital Foundation Is Essential to Digital Government
Agencies must take steps to ensure that citizens trust in the security of government's digital channels.
The Data Problem in Security
CISOs must consider reputation, resiliency, and regulatory impact to establish their organization's guidelines around what data matters most.
Cyber Workforce Exec Order: Right Question, Wrong Answer
Shuffling resources, adding administrative process, and creating a competition and incentive system will do little to grow and mature the talent we need to meet the cybersecurity challenges we face.
Introducing the Digital Transformation Architect
Bet-the-company transformation that expands the attack surface requires close alignment and leadership across executive, IT and security teams.
Windows 10 Migration: Getting It Right
The transition to Windows 10 doesn't need to be a sprint. Organizations can still take advantage of the security in Windows 7 while gaining added management flexibility from the newer OS.
Missing in Action: Cybersecurity Professionals
Just as every organization security team's needs are unique, so are the reasons for the shortage of candidates for open positions. Here are five strategies to help you close the gap.
Why AI Will Create Far More Jobs Than It Replaces
Just as spreadsheets and personal computers created a job boom in the '70s, so too will artificial intelligence spur security analysts' ability to defend against advanced threats.
How Open Testing Standards Can Improve Security
When creating security metrics, it's critical that test methodologies cover multiple scenarios to ensure that devices perform as expected in all environments.
How We Collectively Can Improve Cyber Resilience
Three steps you can take, based on Department of Homeland Security priorities.
How to Close the Critical Cybersecurity Talent Gap
If we don't change our ways, the gap will keep getting worse. Outside-the-box thinking and new techniques are required, and here are a few ways to get started.
Fighting Back Against Tech-Savvy Fraudsters
Staying a step ahead requires moving beyond the security techniques of the past.
FBI: Cybercrime Losses Doubled in 2018
The world has embraced digital technology, but cybercrime is putting a serious dent in corporate finances, the FBI finds.
The Fine Line of Feedback: 6 Tips for Talking to Security Pros
Feedback is a two-way street in terms of giving, receiving, and knowing how to give and receive.
The Big E-Crime Pivot
Criminals have begun to recognize that enterprise ransomware offers tremendous financial advantage over the more traditional tactics of wire fraud and account takeover.
Better Behavior, Better Biometrics?
Behavioral biometrics is a building block to be used in conjunction with other security measures, but it shows promise.
Trust the Stack, Not the People
A completely trusted stack lets the enterprise be confident that apps and data are treated and protected wherever they are.
How Storytelling Can Help Keep Your Company Safe
Well-crafted narratives can help you win over users in the battle to develop a sustainable cybersecurity culture.
Security Depends on Careful Design
Deploying focused edge protection on-site extends security beyond the network level to shield millions of previously exposed devices, apps, and control systems.
World Password Day or Groundhog Day?
Despite decades trying to fortify our passwords with bolt-on solutions, attackers have always found ways to defeat them. Here are four reasons why.
Staffing the Software Security Team: Who You Gonna Call?
Recruiting developers and testers from the product group is a great way to build a top-notch application security team. Here's why.
Digital Transformation Exposes Operational Technology & Critical Infrastructure
The convergence of OT and IP-based IT networks makes society more vulnerable, requiring CISOs to rethink defense.
California Consumer Privacy Act: 4 Compliance Best Practices
Companies that get ahead of the January 2020 data privacy deadline can minimize the risk of sanctions and also gain a competitive advantage in the marketplace.
How to Help Your Board Navigate Cybersecurity's Legal Risks
What's worse than a massive data breach? A massive data breach followed by a shareholder derivative lawsuit. Learn what’s at stake and what CISOs can do to mitigate the damage.
A Rear-View Look at GDPR: Compliance Has No Brakes
With a year of Europe's General Data Protection Regulation under our belt, what have we learned?
Go Medieval to Keep OT Safe
When it comes to operational technology and industrial control systems, make sure you're the lord of all you survey.
How a Nigerian ISP Accidentally Hijacked the Internet
For 74 minutes, traffic destined for Google and Cloudflare services was routed through Russia and into the largest system of censorship in the world, China's Great Firewall.
Ramblings of a Recovering Academic on the So-Called Lack of Security Talent
Hiring for security is difficult, as many surveys show. But what the research doesn't explain is the "why" — and a lack of talent may not be the sole reason.
5 Security Challenges to API Protection
Today's application programming interfaces are no longer simple or front-facing, creating new risks for both security and DevOps.
Attackers Aren't Invincible & We Must Use That to Our Advantage
The bad guys only seem infallible. Use their weaknesses to beat them.
When Every Attack Is a Zero Day
Stopping malware the first time is an ideal that has remained tantalizingly out of reach. But automation, artificial intelligence, and deep learning are poised to change that.
Will the US Adopt a National Privacy Law?
Probably not before the 2020 election. But keep an eye on this Congress as legislators debate how to define personal data and what limits to place on how companies use it.
4 Tips to Protect Your Business Against Social Media Mistakes
Don't let social media become the go-to platform for cybercriminals looking to steal sensitive corporate information or cause huge reputational damage.
Why We Need a 'Cleaner Internet'
By blocking threats and attacks nearer to their sources, cybersecurity pros could help turn the connected world into a safer place for all.
How to Raise the Level of AppSec Competency in Your Organization
Improving processes won't happen overnight, but it's not complicated either.
GoT Guide to Cybersecurity: Preparing for Battle During a Staffing Shortage
Faced with an overwhelming adversary, Game of Thrones heroes Daenerys Targaryen and Jon Snow have a lot in common with today's beleaguered CISOs.
Legacy Apps: The Security Risk Lurking in Dusty Corners
Four best practices to keep old code from compromising your enterprise environment.
Selecting the Right Strategy to Reduce Vulnerability Risk
There's no one-size-fits-all strategy for eliminating vulnerability risk. Knowing how your organization operates is what makes the difference.
Benefiting from Data Privacy Investments
GDPR-ready companies experience lower overall costs associated with data breaches, research finds.
New Attacks (and Old Attacks Made New)
Although new attacks might get the most attention, don't assume old ones have gone away.
The Single Cybersecurity Question Every CISO Should Ask
The answer can lead to a scalable enterprise security solution for years to come.
Cloudy with a Chance of Security Breach
Businesses must be aware of the security weaknesses of the public cloud and not assume that every angle is covered.
In Security, All Logs Are Not Created Equal
Prioritizing key log sources goes a long way toward effective incident response.
|
White Papers
Video
1 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Ben saw that management takes locked-down situations very seriously.
Latest Comment: Ben saw that management takes locked-down situations very seriously.
Current Issue
Building and Managing an IT Security Operations ProgramAs cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
How Enterprises Are Developing Secure Applications
IT security and application development are disparate processes that are increasingly coming together. Here's a look at how that's happening.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2019-5798
PUBLISHED: 2019-05-23
PUBLISHED: 2019-05-23
PUBLISHED: 2019-05-23
PUBLISHED: 2019-05-23
PUBLISHED: 2019-05-23
From DHS/US-CERT's National Vulnerability Database CVE-2019-5798
PUBLISHED: 2019-05-23
Lack of correct bounds checking in Skia in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
CVE-2019-5799PUBLISHED: 2019-05-23
Incorrect inheritance of a new document's policy in Content Security Policy in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2019-5800PUBLISHED: 2019-05-23
Insufficient policy enforcement in Blink in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to bypass content security policy via a crafted HTML page.
CVE-2019-5801PUBLISHED: 2019-05-23
Incorrect eliding of URLs in Omnibox in Google Chrome on iOS prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
CVE-2019-5802PUBLISHED: 2019-05-23
Incorrect handling of download origins in Navigation in Google Chrome prior to 73.0.3683.75 allowed a remote attacker to perform domain spoofing via a crafted HTML page.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2019 UBM, All rights reserved
Tweet This