Commentary
Latest Content
|
To Narrow the Cyber Skills Gap with Attackers, Cut the Red Tape
Attackers are getting further ahead, and entrenched corporate rules shoulder much of the blame.
Old Threats Are New Again
They may look familiar to you, and that isn't a coincidence. New threats are often just small twists on old ones.
Financial Sector Under Siege
The old take-the-money-and-run approach has been replaced by siege tactics such as DDOS attacks and land-and-expand campaigns with multiple points of persistence and increased dwell time.
Killer SecOps Skills: Soft Is the New Hard
The sooner we give mindsets and tool sets equal bearing, the better. We must put SOC team members through rigorous training for emergency situations.
A Trustworthy Digital Foundation Is Essential to Digital Government
Agencies must take steps to ensure that citizens trust in the security of government's digital channels.
The Data Problem in Security
CISOs must consider reputation, resiliency, and regulatory impact to establish their organization's guidelines around what data matters most.
Cyber Workforce Exec Order: Right Question, Wrong Answer
Shuffling resources, adding administrative process, and creating a competition and incentive system will do little to grow and mature the talent we need to meet the cybersecurity challenges we face.
Introducing the Digital Transformation Architect
Bet-the-company transformation that expands the attack surface requires close alignment and leadership across executive, IT and security teams.
Windows 10 Migration: Getting It Right
The transition to Windows 10 doesn't need to be a sprint. Organizations can still take advantage of the security in Windows 7 while gaining added management flexibility from the newer OS.
Missing in Action: Cybersecurity Professionals
Just as every organization security team's needs are unique, so are the reasons for the shortage of candidates for open positions. Here are five strategies to help you close the gap.
Why AI Will Create Far More Jobs Than It Replaces
Just as spreadsheets and personal computers created a job boom in the '70s, so too will artificial intelligence spur security analysts' ability to defend against advanced threats.
How Open Testing Standards Can Improve Security
When creating security metrics, it's critical that test methodologies cover multiple scenarios to ensure that devices perform as expected in all environments.
How We Collectively Can Improve Cyber Resilience
Three steps you can take, based on Department of Homeland Security priorities.
How to Close the Critical Cybersecurity Talent Gap
If we don't change our ways, the gap will keep getting worse. Outside-the-box thinking and new techniques are required, and here are a few ways to get started.
Fighting Back Against Tech-Savvy Fraudsters
Staying a step ahead requires moving beyond the security techniques of the past.
FBI: Cybercrime Losses Doubled in 2018
The world has embraced digital technology, but cybercrime is putting a serious dent in corporate finances, the FBI finds.
The Fine Line of Feedback: 6 Tips for Talking to Security Pros
Feedback is a two-way street in terms of giving, receiving, and knowing how to give and receive.
The Big E-Crime Pivot
Criminals have begun to recognize that enterprise ransomware offers tremendous financial advantage over the more traditional tactics of wire fraud and account takeover.
Better Behavior, Better Biometrics?
Behavioral biometrics is a building block to be used in conjunction with other security measures, but it shows promise.
Trust the Stack, Not the People
A completely trusted stack lets the enterprise be confident that apps and data are treated and protected wherever they are.
How Storytelling Can Help Keep Your Company Safe
Well-crafted narratives can help you win over users in the battle to develop a sustainable cybersecurity culture.
Security Depends on Careful Design
Deploying focused edge protection on-site extends security beyond the network level to shield millions of previously exposed devices, apps, and control systems.
World Password Day or Groundhog Day?
Despite decades trying to fortify our passwords with bolt-on solutions, attackers have always found ways to defeat them. Here are four reasons why.
Staffing the Software Security Team: Who You Gonna Call?
Recruiting developers and testers from the product group is a great way to build a top-notch application security team. Here's why.
Digital Transformation Exposes Operational Technology & Critical Infrastructure
The convergence of OT and IP-based IT networks makes society more vulnerable, requiring CISOs to rethink defense.
California Consumer Privacy Act: 4 Compliance Best Practices
Companies that get ahead of the January 2020 data privacy deadline can minimize the risk of sanctions and also gain a competitive advantage in the marketplace.
How to Help Your Board Navigate Cybersecurity's Legal Risks
What's worse than a massive data breach? A massive data breach followed by a shareholder derivative lawsuit. Learn what’s at stake and what CISOs can do to mitigate the damage.
A Rear-View Look at GDPR: Compliance Has No Brakes
With a year of Europe's General Data Protection Regulation under our belt, what have we learned?
Go Medieval to Keep OT Safe
When it comes to operational technology and industrial control systems, make sure you're the lord of all you survey.
How a Nigerian ISP Accidentally Hijacked the Internet
For 74 minutes, traffic destined for Google and Cloudflare services was routed through Russia and into the largest system of censorship in the world, China's Great Firewall.
Ramblings of a Recovering Academic on the So-Called Lack of Security Talent
Hiring for security is difficult, as many surveys show. But what the research doesn't explain is the "why" — and a lack of talent may not be the sole reason.
5 Security Challenges to API Protection
Today's application programming interfaces are no longer simple or front-facing, creating new risks for both security and DevOps.
Attackers Aren't Invincible & We Must Use That to Our Advantage
The bad guys only seem infallible. Use their weaknesses to beat them.
When Every Attack Is a Zero Day
Stopping malware the first time is an ideal that has remained tantalizingly out of reach. But automation, artificial intelligence, and deep learning are poised to change that.
Will the US Adopt a National Privacy Law?
Probably not before the 2020 election. But keep an eye on this Congress as legislators debate how to define personal data and what limits to place on how companies use it.
4 Tips to Protect Your Business Against Social Media Mistakes
Don't let social media become the go-to platform for cybercriminals looking to steal sensitive corporate information or cause huge reputational damage.
Why We Need a 'Cleaner Internet'
By blocking threats and attacks nearer to their sources, cybersecurity pros could help turn the connected world into a safer place for all.
How to Raise the Level of AppSec Competency in Your Organization
Improving processes won't happen overnight, but it's not complicated either.
GoT Guide to Cybersecurity: Preparing for Battle During a Staffing Shortage
Faced with an overwhelming adversary, Game of Thrones heroes Daenerys Targaryen and Jon Snow have a lot in common with today's beleaguered CISOs.
Legacy Apps: The Security Risk Lurking in Dusty Corners
Four best practices to keep old code from compromising your enterprise environment.
Selecting the Right Strategy to Reduce Vulnerability Risk
There's no one-size-fits-all strategy for eliminating vulnerability risk. Knowing how your organization operates is what makes the difference.
Benefiting from Data Privacy Investments
GDPR-ready companies experience lower overall costs associated with data breaches, research finds.
New Attacks (and Old Attacks Made New)
Although new attacks might get the most attention, don't assume old ones have gone away.
The Single Cybersecurity Question Every CISO Should Ask
The answer can lead to a scalable enterprise security solution for years to come.
Cloudy with a Chance of Security Breach
Businesses must be aware of the security weaknesses of the public cloud and not assume that every angle is covered.
In Security, All Logs Are Not Created Equal
Prioritizing key log sources goes a long way toward effective incident response.
When Your Sandbox Fails
The sandbox is an important piece of the security stack, but an organization's entire strategy shouldn't rely on its ability to detect every threat. Here's why.
Merging Companies, Merging Clouds
Integrating cloud environments is anything but easy. Evaluating the security risks in doing so must be a starting component of an overall M&A strategy.
Safe Harbor Programs: Ensuring the Bounty Isn't on White Hat Hackers' Heads
As crowdsourced security-testing surges in popularity, companies need to implement safe harbor provisions to protect good-faith hackers -- and themselves.
A New Approach to Application Security Testing
If the appsec industry were to develop a better AST solution from scratch, what would it look like?
|
White Papers
Video
1 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: Could you pass the hash, I really have to use the bathroom!
Latest Comment: Could you pass the hash, I really have to use the bathroom!
Current Issue
Building and Managing an IT Security Operations ProgramAs cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
How Enterprises Are Developing Secure Applications
IT security and application development are disparate processes that are increasingly coming together. Here's a look at how that's happening.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2019-9892
PUBLISHED: 2019-05-22
PUBLISHED: 2019-05-22
PUBLISHED: 2019-05-22
PUBLISHED: 2019-05-21
PUBLISHED: 2019-05-21
From DHS/US-CERT's National Vulnerability Database CVE-2019-9892
PUBLISHED: 2019-05-22
An issue was discovered in Open Ticket Request System (OTRS) 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as an agent user with appropriate permissions may try to import carefully crafted Report Statistics XML that will result in reading of arbit...
CVE-2019-10066PUBLISHED: 2019-05-22
An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6, Community Edition 6.0.x through 6.0.17, and OTRSAppointmentCalendar 5.0.x through 5.0.12. An attacker who is logged into OTRS as an agent with appropriate permissions may create a carefully crafted calendar appointment i...
CVE-2019-10067PUBLISHED: 2019-05-22
An issue was discovered in Open Ticket Request System (OTRS) 7.x through 7.0.6 and Community Edition 5.0.x through 5.0.35 and 6.0.x through 6.0.17. An attacker who is logged into OTRS as an agent user with appropriate permissions may manipulate the URL to cause execution of JavaScript in the context...
CVE-2019-6513PUBLISHED: 2019-05-21
An issue was discovered in WSO2 API Manager 2.6.0. It is possible for a logged-in user to upload, as API documentation, any type of file by changing the extension to an allowed one.
CVE-2019-12270PUBLISHED: 2019-05-21
OpenText Brava! Enterprise and Brava! Server 7.5 through 16.4 configure excessive permissions by default on Windows. During installation, a displaylistcache file share is created on the Windows server with full read and write permissions for the Everyone group at both the NTFS and Share levels. The ...
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2019 UBM, All rights reserved
Tweet This