Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2021-05-19 12:30:07 |
ROUNDTABLE: Experts react to President Biden\'s exec order in the aftermath of Colonial Pipeline hack (lien direct) |
As wake up calls go, the Colonial Pipeline ransomware hack was piercing.
Related: DHS embarks on 60-day cybersecurity sprints
The attackers shut down the largest fuel pipeline in the U.S., compelling Colonial to pay them 75 bitcoins, worth a … (more…) |
Ransomware
Hack
|
|
|
|
2021-05-18 12:37:36 |
GUEST ESSAY: 3 sure steps to replace legacy network security systems - in a measured way (lien direct) |
Keeping up with the pace of technology, information, and the evolving threat landscape is a challenge for all enterprises.
Related: DHS launches 60-day cybersecurity sprints
To make matters more difficult, implementing new security software and processes to address these issues … (more…) |
Threat
|
|
|
|
2021-05-17 13:06:06 |
RSAC insights: Introducing \'CWPP\' and \'CSPM,\' new frameworks to secure cloud infrastructure (lien direct) |
A greater good has come from Capital One's public pillaging over losing credit application records for 100 million bank customers.
Related: How credential stuffing fuels account takeovers
In pulling off that milestone hack, Paige Thompson took advantage of CapOne's lack … (more…) |
|
|
★★★★★
|
|
2021-05-15 12:20:41 |
RSAC insights: Deploying SOAR, XDR along with better threat intel stiffens network defense (lien direct) |
Much attention has been paid to the widespread failure to detect the insidious Sunburst malware that the SolarWinds hackers managed to slip deep inside the best-defended networks on the planet.
Related: The undermining of the global supply chain
But there's … (more…) |
Malware
Threat
|
Solardwinds
Solardwinds
|
|
|
2021-05-14 17:10:45 |
RSAC insights: \'SASE\' disrupts networking by meshing security, connectivity at the services edge (lien direct) |
It's accurate to say that security has been bolted onto modern business networks.
It also has become very clear that we won't achieve the full potential of digital transformation without security somehow getting intricately woven into every layer of corporate … (more…) |
|
|
|
|
2021-05-13 11:55:44 |
RSAC insights: Security Compass leverages automation to weave security deeper into SecOps (lien direct) |
In a day and age when the prime directive for many organizations is to seek digital agility above all else, cool new apps get conceived, assembled and deployed at breakneck speed.
Related: DHS instigates 60-day cybersecurity sprints
Software developers are … (more…) |
|
|
|
|
2021-05-12 14:15:35 |
RSAC insights: How the \'CIEM\' framework is helping companies manage permissions glut (lien direct) |
A permissions glut is giving rise to an explosion of new exposures in modern business networks.
Related: Securing digital identities
Companies are adopting multi-cloud and hybrid cloud infrastructures and relying on wide-open app development like never before. In doing so, … (more…) |
|
|
|
|
2021-05-12 11:28:09 |
RSAC insights: Sophos report dissects how improved tools, tactics stop ransomware attack (lien direct) |
A new report from Sophos dissects how hackers spent two weeks roaming far-and-wide through the modern network of a large enterprise getting into a prime position to carry out what could've been a devasting ransomware attack.
Related: DHS embarks on … (more…) |
Ransomware
|
|
|
|
2021-05-11 12:11:31 |
RSAC insights: SolarWinds hack illustrates why software builds need scrutiny - at deployment (lien direct) |
By patiently slipping past the best cybersecurity systems money can buy and evading detection for 16 months, the perpetrators of the SolarWinds hack reminded us just how much heavy lifting still needs to get done to make digital commerce as … (more…) |
Hack
|
|
|
|
2021-05-10 11:47:22 |
RSAC insights: CyberGRX finds a ton of value in wider sharing of third-party risk assessments (lien direct) |
The value of sharing threat intelligence is obvious. It's much easier to blunt the attack of an enemy you can clearly see coming at you.
Related: Supply chains under siege.
But what about trusted allies who unwittingly put your company … (more…) |
Threat
|
|
|
|
2021-05-03 11:47:56 |
MY TAKE: Agile cryptography is coming, now that \'attribute-based encryption\' is ready for prime time (lien direct) |
Encryption agility is going to be essential as we move forward with digital transformation.
Refer: The vital role of basic research
All of the technical innovation cybersecurity vendors are churning out to deal with ever-expanding cyber risks, at the end … (more…) |
|
|
|
|
2021-04-26 11:50:00 |
MY TAKE: How consumer-grade VPNs are enabling individuals to do DIY security (lien direct) |
Historically, consumers have had to rely on self-discipline to protect themselves online.
Related: Privacy war: Apple vs. Facebook.
I've written this countless times: keep your antivirus updated, click judiciously, practice good password hygiene. Then about 10 years ago, consumer-grade virtual … (more…) |
|
|
|
|
2021-04-21 23:13:05 |
NEW TECH: DigiCert unveils \'Automation Manager\' to help issue, secure digital certificates (lien direct) |
How do you bring a $9 billion-a-year, digitally-agile corporation to a grinding halt?
Related: Why it’s vital to secure IoT
Ask Spotify. When the popular streaming audio service went offline globally, last August, we saw a glimpse of just how … (more…) |
|
|
|
|
2021-04-21 12:15:12 |
SHARED INTEL: Report details how cyber criminals leverage HTTPS TLS to hide malware (lien direct) |
Google was absolutely right to initiate a big public push a couple of years ago to make HTTPS Transport Layer Security (TLS) a de facto standard.
Related: Malicious activity plagues the cloud services
At the time, in the spring of … (more…) |
Malware
|
|
|
|
2021-04-19 11:37:02 |
MY TAKE: GraphQL APIs rev up innovation – but also introduce a potential security nightmare (lien direct) |
The software developers who are creating the coolest new mobile apps have a secret weapon. It's called GraphQL.
Related: How APIs expand the attack surface
GraphQL is a leading-edge approach to deploying APIs, the software conduits that mesh … (more…) |
Guideline
|
|
|
|
2021-04-13 14:20:46 |
GUEST ESSAY: \'Identity Management Day\' highlights the importance of securing digital IDs (lien direct) |
The second Tuesday of April has been christened “Identity Management Day” by the Identity Defined Security Alliance, a trade group that provides free, vendor-neutral cybersecurity resources to businesses.
Related: The role of facial recognition
Today, indeed, is a … (more…) |
|
|
|
|
2021-04-08 11:14:47 |
ROUNDTABLE: Mayorkas\' 60-day cybersecurity sprints win support; also a prove-it-to-me response (lien direct) |
The Biden Administration is wasting no time fully re-engaging the federal government in cybersecurity.
Related: Supply-chains become top targets
Homeland Security Secretary Alejandro Mayorkas has assumed a very visible and vocal role. Mayorkas has been championing an extensive portfolio of … (more…) |
|
Yahoo
|
|
|
2021-04-07 10:28:26 |
SHARED INTEL: IT pros gravitate to \'passwordless\' authentication to improve security, boost agility (lien direct) |
Passwordless authentication as a default parameter can't arrive too soon.
Related: Top execs call for facial recognition to be regulated
The good news is that passwordless technologies are not only ready for prime time, they appear to be gaining traction … (more…) |
|
|
|
|
2021-04-06 10:51:02 |
MY TAKE: How SMBs can improve security via \'privileged access management\' (PAM) basics (lien direct) |
As digital transformation kicks into high gear, it's certainly not getting any easier to operate IT systems securely, especially for small- and medium-sized businesses.
Related: Business-logic attacks target commercial websites
SMBs are tapping into cloud infrastructure and rich mobile app … (more…) |
|
|
|
|
2021-04-05 11:37:04 |
GUEST ESSAY: The missing puzzle piece in DevSecOps - seamless source code protection (lien direct) |
We live in a time where technology is advancing rapidly, and digital acceleration is propelling development teams to create web applications at an increasingly faster rhythm. The DevOps workflow has been accompanying the market shift and becoming more efficient every … (more…) |
|
|
|
|
2021-03-31 11:19:21 |
GUEST ESSAY: Remote workforce exposures exacerbate cybersecurity challenges in 2021 (lien direct) |
The start of 2021 brings forth a cyber security crossroads. Many people are in the process of shifting back into office operations while balancing the potential risks and benefits of remote work.
Related: Breaches spike during pandemic
For some malicious … (more…) |
|
|
|
|
2021-03-29 16:02:07 |
GUEST ESSAY: \'Cybersecurity specialist\' tops list of work-from-home IT jobs that need filling (lien direct) |
Even before the COVID-19 pandemic turned many office workers into work-from-home (WFH) experts, the trend toward working without having to commute was clear.
Related: |
|
|
|
|
2021-03-17 11:50:01 |
MY TAKE: Why \'basic research\' is so vital to bringing digital transformation to full fruition (lien direct) |
Basic research, also called pure research, is aimed at advancing scientific theories unfettered by commercial interests.
Related: The case for infusing ethics into Artifical Intelligence.
Basic research is the foundational theorizing and testing scientists pursue in order to advance their … (more…) |
|
|
|
|
2021-03-15 20:01:39 |
GUEST ESSAY: How and why \'pen testing\' will continue to play a key role in cybersecurity (lien direct) |
When we look at society today, we can see that we are moving further and further ahead with technology. Numerous advancements are being made at an extremely fast pace with no sign of slowing down. In fact, there is evidence … (more…) |
|
|
|
|
2021-03-08 11:22:13 |
MY TAKE: Apple users show strong support for Tim Cook\'s privacy war against Mark Zuckerberger (lien direct) |
Like a couple of WWE arch rivals, Apple's Tim Cook and Facebook's Mark Zuckerberg have squared off against each other in a donnybrook over consumer privacy.
Cook initially body slammed Zuckerberg — when Apple issued new privacy policies aimed at … (more…) |
|
|
|
|
2021-03-06 17:53:09 |
BEST PRACTICES – 9 must-do security protocols companies must embrace to stem remote work risks (lien direct) |
Technology advancements have made it relatively easy for many employees to carry out their regular job duties from the comfort of their home.
Related: Poll confirms rise of Covid 19-related hacks
This is something companies are under pressure to allow … (more…) |
|
|
|
|
2021-02-28 16:48:30 |
GUEST ESSAY. Everyone should grasp these facts about cyber threats that plague digital commerce (lien direct) |
Regardless of how familiar you are with Information Security, you've probably come across the term 'malware' countless times. From accessing your business-critical resources and sensitive information to halting business operations and services, a malware infection can quickly become an organization's … (more…) |
Malware
|
|
|
|
2021-02-23 12:22:45 |
SHARED INTEL: Forrester poll – security decision makers report breaches escalated as Covid 19 spread (lien direct) |
Human suffering and economic losses weren't the only two things that escalated with the spread of Covid 19 last year.
Related: Can ‘SASE’ help companies secure connectivity?
Network breaches also increased steadily and dramatically month-to-month in 2020. This development is … (more…) |
|
|
|
|
2021-02-15 12:08:35 |
GUEST ESSAY: Now more than ever, companies need to proactively promote family Online Safety (lien direct) |
Cybersecurity training has steadily gained traction in corporate settings over the past decade, and rightfully so.
In response to continuing waves of data breaches and network disruptions, companies have made a concerted effort and poured substantial resources into promoting data … (more…) |
|
|
|
|
2021-02-08 11:59:14 |
GUEST ESSAY: HIPAA\'s new \'Safe Harbor\' rules promote security at healthcare firms under seige (lien direct) |
The Health Insurance Portability and Accountability Act — HIPAA — has undergone some massive changes in the past few years to minimize the burden of healthcare entities.
Related: Hackers relentless target healthcare providers
Despite these efforts, covered-entities and business associates … (more…) |
|
|
|
|
2021-02-03 11:28:53 |
ROUNDTABLE: Targeting the supply-chain: SolarWinds, then Mimecast and now UScellular (lien direct) |
It's only February, and 2021 already is rapidly shaping up to be the year of supply-chain hacks.
Related: The quickening of cyber warfare
The latest twist: mobile network operator UScellular on Jan. 21 disclosed how cybercriminals broke into its Customer … (more…) |
|
|
|
|
2021-02-01 11:46:53 |
AUTHOR Q&A: New book, \'Hackable,\' suggests app security is the key to securing business networks (lien direct) |
The cybersecurity operational risks businesses face today are daunting, to say the least.
Related: Embedding security into DevOps.
Edge-less networks and cloud-supplied infrastructure bring many benefits, to be sure. But they also introduce unprecedented exposures – fresh attack vectors that … (more…) |
|
|
|
|
2021-01-25 16:13:15 |
Q&A: SolarWinds, Mimecast hacks portend intensified third-party, supply-chain compromises (lien direct) |
SolarWinds and Mimecast are long-established, well-respected B2B suppliers of essential business software embedded far-and-wide in company networks.
Related: Digital certificates destined to play key role in securing DX
Thanks to a couple of milestone hacks disclosed at the close of … (more…) |
|
|
|
|
2021-01-18 12:12:40 |
MY TAKE: With disinformation running rampant, embedding ethics into AI has become vital (lien direct) |
Plato once sagely observed, “A good decision is based on knowledge and not on numbers.”
Related: How a Russian social media site radicalized U.S. youth
That advice resonates today, even as we deepen our reliance on number crunching - … (more…) |
|
|
|
|
2021-01-13 12:18:48 |
GUEST ESSAY: 5 steps for raising cyber smart children - who know how to guard their privacy (lien direct) |
Today's children are online at a young age, for many hours, and in more ways than ever before. As adults, we know that bad online decisions can have negative or dangerous effects for years to come.
Related: Web apps are … (more…) |
|
|
|
|
2021-01-11 18:38:37 |
Q&A: Here\'s why securing mobile apps is an essential key to tempering political division (lien direct) |
Finally, Facebook and Twitter muzzled Donald Trump, preventing him from using his favorite online bully pulpits to spread disinformation. It only took Trump inciting a failed coup d’état that cost five lives.
Related: How a Russian social media app … (more…) |
|
|
|
|
2020-12-28 12:05:12 |
MY TAKE: How Russia is leveraging insecure mobile apps to radicalize disaffected males (lien direct) |
How did we get to this level of disinformation? How did we, the citizens of the United States of America, become so intensely divided?
It's tempting to place the lion's share of the blame on feckless political leaders and facile … (more…) |
Guideline
|
|
|
|
2020-12-13 21:12:41 |
GUEST ESSAY: Here\'s how Secure Access Service Edge - \'SASE\' - can help, post Covid-19 (lien direct) |
One legacy of the ongoing global pandemic is that companies now realize that a secured and well-supported remote workforce is possible. Recently, the University of Illinois and the Harvard Business School conducted a study, and 16% of companies reported switching … (more…) |
|
|
|
|
2020-12-08 16:49:41 |
NEW TECH: Will \'Secure Access Service Edge\' - SASE - be the answer to secure connectivity? (lien direct) |
Company networks have evolved rather spectacularly in just 20 years along a couple of distinct tracks: connectivity and security.
We began the new millennium with on-premises data centers supporting servers and desktops that a technician in sneakers could service. Connectivity … (more…) |
|
|
|
|
2020-11-16 16:38:31 |
STEPS FORWARD: Math geniuses strive to make a pivotal advance - by obfuscating software code (lien direct) |
Most of time we take for granted the degree to which fundamental components of civilization are steeped in mathematics.Everything from science and engineering to poetry and music rely on numeric calculations. Albert Einstein once observed that “pure mathematics is, … (more…) |
|
|
|
|
2020-11-11 10:45:36 |
SHARED INTEL: Coming very soon - \'passwordless authentication\' as a de facto security practice (lien direct) |
As a tradeoff for enjoying our digital lives, we've learned to live with password overload and even tolerate two-factor authentication.But now, at long last, we're on the brink of eliminating passwords altogether, once and for all.Related: CEOs quit … (more…) |
|
|
|
|
2020-11-06 19:05:05 |
MY TAKE: Why companies and consumers must collaborate to stop the plundering of IoT systems (lien direct) |
The Internet of Things (IoT) has come a long, long way since precocious students at Carnegie Melon University installed micro-switches inside of a Coca-Cola vending machine so they could remotely check on the temperature and availability of their favorite beverages.… (more…) |
|
|
|
|
2020-10-19 16:18:09 |
GUEST ESSAY: \'CyberXchange\' presents a much-needed platform for cybersecurity purchases (lien direct) |
There is no shortage of innovative cybersecurity tools and services that can help companies do a much better job of defending their networks.Related: Welcome to the CyberXchange MarketplaceIn the U.S. alone, in fact, there are more than 5,000 … (more…) |
|
|
|
|
2020-09-23 22:49:44 |
MY TAKE: How \'credential stuffing\' is being deployed to influence elections, steal Covid-19 relief (lien direct) |
What do wildfires and credential stuffing have in common?Related: Automated attacks leverage big dataFor several years now, both have flared up and caused harm at the fringes of population centers and our digital economy. And, now, in 2020, … (more…) |
|
|
|
|
2020-09-01 13:11:48 |
MY TAKE: Lessons learned from the summer of script kiddies hacking Twitter, TikTok (lien direct) |
Graham Ivan Clark, Onel de Guzman and Michael Calce. These three names will go down in the history of internet commerce, right alongside Jack Dorsey, Mark Zuckerberg and Jeff Bezos.Related: How ‘Zero Trust’ is compatible with agile computingWe're … (more…) |
|
|
|
|
2020-08-25 16:48:37 |
NEW TECH: Trend Micro flattens cyber risks - from software development to deployment (lien direct) |
Long before this awful pandemic hit us, cloud migration had attained strong momentum in the corporate sector. As Covid19 rages on, thousands of large to mid-sized enterprises are now slamming pedal to the metal on projects to switch over to … (more…) |
|
|
|
|
2020-08-24 07:01:33 |
GUEST ESSAY: Skeptical about buying life insurance online? Here\'s how to do it - securely (lien direct) |
Purchasing life insurance once meant going to an insurer's office or booking an appointment with an insurance agent. Then, in most cases, you'd have to undergo a medical examination and wait a few weeks to get approved and complete the … (more…) |
|
|
|
|
2020-08-17 07:05:32 |
NEW TECH: A better way to secure agile software - integrate app scanning, pen testing into WAF (lien direct) |
The amazing array of digital services we so blithely access on our smartphones wouldn't exist without agile software development.Related: ‘Business logic’ hacks on the riseConsider that we began this century relying on the legacy “waterfall” software development process. … (more…) |
|
|
|
|
2020-07-27 17:26:01 |
MY TAKE: Even Google CEO Sundar Pichai agrees that it is imperative to embed ethics into AI (lien direct) |
It took a global pandemic and the death of George Floyd to put deep-seated social inequities, especially systemic racism, front and center for intense public debate.Related: Will ‘blockchain’ lead to more equitable wealth distribution?We may or may not … (more…) |
Guideline
|
|
|
|
2020-07-21 09:39:49 |
Q&A: Sophos poll shows how attackers are taking advantage of cloud migration to wreak havoc (lien direct) |
Cloud migration, obviously, is here to stay.Related: Threat actors add ‘human touch’ to hacksTo be sure, enterprises continue to rely heavily on their legacy, on-premises datacenters. But there's no doubt that the exodus to a much greater dependency … (more…) |
|
|
|