Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
The Port of Los Angeles opened its new Cyber Resilience Center (CRC) to improve the cybersecurity readiness of the Port and enhance its threat-sharing and recovery capabilities among supply chain stakeholders. [Read More]
New Jersey court delivers summary judgment against Ace American Insurance company’s refusal to pay based on war exclusion clause. [Read More]
The IPv6 guidance provides federal agencies with information on IPv6 and its security features, along with security considerations on the network protocol. [Read More]
Fast-growing insurance firm Acrisure announced a new cyber services division that will allow the company to provide customers with a portfolio of solutions to help address some of the most pressing cyber risks. [Read More]
Threat hunters at Kaspersky have spotted a well-known Chinese APT actor using an UEFI implant to maintain stealthy persistence across reboots, disk formatting or disk replacements. [Read More]
U.S. President Joe Biden has signed a new national security memorandum focusing on the implementation of the cybersecurity requirements of an executive order issued in 2021. [Read More]
Google researcher documents a pair of Zoom security defects and chides the company for missing a decades-old anti-exploit mitigation. [Read More]
A vulnerability in Box's implementation of multi-factor authentication (MFA) allowed attackers to take over accounts without needing access to the target's phone. [Read More]
Supply chain cyberattacks are not a new idea, but have been taken to new levels of sophistication and frequency in recent years. This growth will continue through 2022 and beyond. [Read More]
Security researchers document vulnerabilities in AWS CloudFormation and AWS Glue that could be abused to leak sensitive files and access other customer’s data. [Read More]
- 1 of 134
- ››
FEATURES, INSIGHTS // Risk Management
Schools should take measures to identify and secure sensitive data, keep devices up-to-date, and ensure that their endpoint security controls are working.
The rise of social engineering tactics as well as risks associated with embedded vulnerabilities in contractor networks makes keeping this technology confidential and out of the hands of adversaries increasingly difficult.
Cyber resiliency measures (i.e., architectural design, technologies, operational practices) assume that today’s threat actors can achieve a foothold in an organization’s infrastructure and in turn post-exploit activities must be contained and eliminated.
The security industry must commit to a risk-based approach that understands the specific attacks and actors targeting their industry and profile.
It is a good idea to assume that your network has already been breached, even if no overtly malicious notifications have surfaced.
You risk limiting the value you can derive from your next security investment without first thinking about your top use cases and the capabilities needed to address them.
While it might be overwhelming to look at the critical threats on the horizon you need to prepare for, focusing on these predictions for 2022 will help you strengthen your security posture and minimize your organization’s risk exposure.
Before the next Cybersecurity Awareness Month comes along, companies across all industries should consider moving to a Zero Trust approach, powered by additional security measures such as MFA and endpoint resilience.
While there still isn’t a clear industry-accepted answer to Vendor risk management (VRM), there has been more interest in staying on top of and learning about the latest in this space.
In addition to evaluating the core capabilities and range of intelligence monitoring, organizations must consider data source integrity, and perhaps most importantly, the level of expert analysis included with each service.
- 1 of 36
- ››
Get the Daily Briefing
- Network Security Firm Portnox Raises $22 Million in Series A Funding
- Vulnerabilities in Swiss E-Voting System Earn Researchers Big Bounties
- Zerodium Offering $400,000 for Microsoft Outlook Zero-Day Exploits
- In the Hacker's Crosshairs: K-12 Schools
- HackerOne Bags $49 Million in Series E Funding
- FBI Warns of Hacker Attacks Conducted by Iranian Cyber Firm
- Xerox Quietly Patched Device-Bricking Flaw Affecting Some Printers
- Web-Tracking 'Cookies' Meant to Protect Privacy: Inventor
- Identity Verification Firm Veriff Raises $100 Million
- Over 100 Million Android Users Installed 'Dark Herring' Scamware
Copyright © 2022 Wired Business Media. All Rights Reserved. Privacy Policy