Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Microsoft-owned GitHub warns that a pair of newly discovered vulnerabilities continue to expose the soft underbelly of the open-source software supply chain. [Read More]
External threat hunting firm Team Cymru has acquired threat surface management firm Amplicy. [Read More]
SecurityWeek takes a look inside the nascent cyber insurance industry and examines the challenges this dynamic industry faces as it becomes a key part of the global business landscape [Read More]
Microsoft said the two under-attack vulnerabilities exist in Microsoft Exchange Server and Microsoft Excel, two widely deployed products in the Windows ecosystem. [Read More]
The U.S. Treasury Department slaps sanctions against the Chatex cryptocurrency exchange and offers multi-million-dollar rewards for information on the REvil ransomware gang. [Read More]
A dozen cybersecurity-related acquisitions were announced in the first week of November 2021. [Read More]
Security researchers spot signs that the Babuk ransomware gang is targeting ProxyShell vulnerabilities in Microsoft Exchange Server. [Read More]
Software supply chain security jitters escalated again Friday with new “critical severity” warnings about malware embedded in two npm package managers with millions of weekly downloads. [Read More]
The U.S. Department of State is offering $10 million for information leading to the identification or location of senior members of the DarkSide ransomware gang. [Read More]
A heap overflow in the TIPC (Transparent Inter-Process Communication) module that ships with the Linux kernel can be exploited to launch remote code execution attacks. [Read More]

FEATURES, INSIGHTS // Risk Management

rss icon

Torsten George's picture
While it might be overwhelming to look at the critical threats on the horizon you need to prepare for, focusing on these predictions for 2022 will help you strengthen your security posture and minimize your organization’s risk exposure.
Torsten George's picture
Before the next Cybersecurity Awareness Month comes along, companies across all industries should consider moving to a Zero Trust approach, powered by additional security measures such as MFA and endpoint resilience.
William Lin's picture
While there still isn’t a clear industry-accepted answer to Vendor risk management (VRM), there has been more interest in staying on top of and learning about the latest in this space.
Landon Winkelvoss's picture
In addition to evaluating the core capabilities and range of intelligence monitoring, organizations must consider data source integrity, and perhaps most importantly, the level of expert analysis included with each service.
Keith Ibarguen's picture
Far too many engineers in the trenches don’t take the time to lift their heads to see context, so when good (and bad) things happen, this is a great management opportunity that you should take full advantage of.
Landon Winkelvoss's picture
Security and intelligence teams often lack finished intelligence, which leaves them ill-equipped to combat motivated and sophisticated adversaries.
William Lin's picture
After every company goes through digital transformation, their threat model will change in response.
Derek Manky's picture
As we see an increasing number of recent attacks against critical infrastructure – cybersecurity and physical security can be intrinsically linked.
Rob Fry's picture
We are a community with grand ideas around the concept of crowdsourced threat intel (CTI), but with little history or previous successes that show CTI as a viable idea.
Landon Winkelvoss's picture
Executive protection teams face threats from many sources including social media, telephone, email, and event in-person physical threats.