For companies that run entirely in the cloud, the entire business can be at risk. That has some looking for help with monitoring and verifying cloud security configuration.
Cloud security configuration errors put data at risk; new tools can help Read More »
Using open source components saves developers time and companies money. In other words, it’s here to stay. Here’s a look at what it will take to improve open source security.
Open source software security challenges persist, but the risk can be managed Read More »
Password managers began as free or low-cost apps for consumers, tracking passwords and sign-ins to websites and applications, making it possible for users to create and manage long, hard-to-guess and unique passwords for all their accounts. Most work by encrypting the password lists with a single master password that only the user knows, so that
Password managers grow up, target business users Read More »
Controlling thousands or even millions of devices gives cyber attackers the upper hand to deliver malware or conduct a DDoS attack.
What is a botnet? And why they aren’t going away anytime soon Read More »
Password crackers have access to more stolen passwords and better password hacking software and tools than ever before.
How hackers crack passwords and why you can’t stop them Read More »
As an infosec professional, you’ve likely heard about using a cyber kill chain, also known as a cyber attack lifecycle, to help identify and prevent intrusions. Attackers are evolving their methods, which might require that you look at the cyber kill chain differently. What follows is a recap of what the cyber kill chain approach
What is the cyber kill chain? Why it’s not always the right approach to cyber attacks Read More »
Since the 2013 Target breach, it’s been clear that companies need to respond better to security alerts even as volumes have gone up. With this year’s fast-spreading ransomware attacks and ever-tightening compliance requirements, response must be much faster. Adding staff is tough with the cybersecurity hiring crunch, so companies are turning to machine learning and
How AI can help you stay ahead of cybersecurity threats Read More »
Late last month, global distributed denial of service (DDoS) protection provider Cloudflare announced that it would no longer charge customers extra when they were under attack. The company claims to have nearly 10 million customers and a presence in 117 cities around the world, with enough capacity to handle more than 15 terabits of traffic
Unlimited DDoS protection the new norm after Cloudflare announcement Read More »
It happens in every company. Employees find a cool new online service that makes them more productive. They create free or low-cost accounts on devices they use for work, and get all their friends and colleagues to join up. The new cloud service is great. The interface is a joy to use, it comes with
Shadow cloud apps pose unseen risks Read More »
Ransomware and other threats often get through signature-based antivirus protection, giving it a bad rap. However, anti-virus tools still play an important role in the enterprise security strategy. Traditional signature-based anti-virus is notoriously bad at stopping newer threats such as zero-day malware and ransomware, but it still has a place in the enterprise, experts say,
The best enterprise antivirus: Kaspersky leads in latest tests Read More »
“We see it every day,” says Steven Lentz, CSO at Samsung Research America. “Something coming through, some exploit type, unknown ransomware. We’ve stopped several things with our defenses, either network-wise or at the end point.” The attacks that Lentz is worried about are fileless attacks, also known as zero-footprint attacks, macro, or non-malware attacks. These
What is a fileless attack? How hackers invade systems without installing software Read More »
People expect their email to be private between them and the recipient, but in reality, the contents of your email are exposed during transmission. Full end-to-end encryption would mean that only the receiver of the email can decrypt their messages, but sharing public keys and agreeing on a common encryption standard can be tricky for
Is universal end-to-end encrypted email possible (or even desirable)? Read More »
In June, South Korean hosting company Internet Nayana, Inc., was hit by a ransomware attack that took down its 153 Linux web servers — home to more than 5,000 customer websites. “I know that negotiations with hackers should not be done,” company CEO Hwang Chilghong said in a statement. “I would not negotiate with a
What’s new in ransomware? Read More »
The cybersecurity talent shortage keeps getting worse. According to Cybersecurity Ventures, the cost of cybercrime will double from $3 trillion globally in 2015 to $6 trillion by 2021. Meanwhile, the number of open cybersecurity jobs will increase from 1 million in 2016 to 1.5 million by 2019. Meanwhile, the scale and damage of the attacks
Look beyond job boards to fill cybersecurity jobs Read More »
Sonatype’s crown jewel is its database of descriptions of over 1.2 million open source packages. “If that is lost, it could be an existential outcome,” said Wayne Jackson, CEO of the Fulton, Maryland-based software supply chain management company. To shut down any such leak quickly, Sonatype monitors the web for any indications that its data
Is your data being sold on the dark web? Read More »
