Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

The NSA has published information on the targeting of Exim mail servers by the Russia-linked threat actor known as Sandworm Team. [Read More]
The FTC has approved a settlement with Canadian smart lock maker Tapplock, which allegedly falsely claimed that its devices were designed to be “unbreakable.” [Read More]
Web security company ImmuniWeb this week announced a free tool that allows businesses and government organizations to check their dark web exposure. [Read More]
Several Microsoft Office vulnerabilities that were patched years ago continue to be among the security flaws most exploited in attacks, the U.S. government warns. [Read More]
Researchers analyzed the possible entry points and attack vectors for targeting smart manufacturing systems and discovered several new vulnerabilities in the process. [Read More]
Recorded Future has announced Express, a free threat intelligence browser extension that helps security teams prioritize SIEM alerts and vulnerability patching. [Read More]
The Czech Republic and the United States have signed a joint declaration Wednesday for cooperating on security of 5G technology. [Read More]
SAP this week revealed that it is notifying customers of a series of security issues that it has identified in its cloud products. [Read More]
President Donald Trump has signed an executive order prohibiting the acquisition of bulk-power system equipment that could contain intentional backdoors planted by adversaries. [Read More]
The number of attacks abusing RDP to compromise corporate environments has increased significantly over the past couple of months. [Read More]

FEATURES, INSIGHTS // Risk Management

rss icon

Craig Harber's picture
As long as organizations continue to employ simplistic “set it and forget it” security approaches, they will be forced into playing reactive, catch-up defense against cyber attackers.
Fred Kneip's picture
Employing a third party adds risk, especially if that company is given some level of access to network and computing resources, or is asked to handle and protect critical or proprietary information.
Marc Solomon's picture
National Cybersecurity Awareness Month (NCSAM) is a great vehicle to raise awareness for cybersecurity and to remind every organization that the ability to improve security operations begins with contextual awareness.
Josh Lefkowitz's picture
Here’s a crash-course on the intelligence cycle and how you can apply and derive value from its core principles—no matter your role or security discipline:
Torsten George's picture
Until government agencies start implementing identity-centric security measures, account compromise attacks will continue to provide a perfect cover for data breaches.
Jim Gordon's picture
Intel's Jim Gordon presents critical top 10 tactical action items every SMB should take to protect itself.
Gunter Ollmann's picture
Any bug hunter, security analyst, software vendor, or device manufacturer should not rely on CVSS as the pointy end of the stick for prioritizing remediation.
Torsten George's picture
A gradual improvement in cyber hygiene can go a long way toward keeping an organization immune from security infections and minimizing the risk of falling victim to a cyber-attack.
Ashley Arbuckle's picture
The convergence of security products and services is a welcomed development and will lead to improved security.
Ellison Anne Williams's picture
While threats facing private industry and government may once have looked distinctly different, the line separating attackers pursuing these two arenas is now so blurred that it’s often hard to distinguish one from another.