Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Industry professionals comment on the new guidance from the US government asking for security guarantees from software vendors. [Read More]
The non-profit foundation is building a team to proactively identify and address security defects in the popular Rust programming language. [Read More]
The White House wants software developers that provide products and services to the government to guarantee that security requirements are met. [Read More]
Dig Security’s latest financing comes as venture capital investors rush to place bets on startups jostling for space in the cloud data security space. [Read More]
Microsoft says its security teams have detected zero-day exploitation of a critical vulnerability in its flagship Windows platform. [Read More]
The new sanctions designate Iran’s Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence for engaging in cyber-enabled activities against the United States and its allies. [Read More]
Microsoft security teams share details on ransomware attacks linked to DEV-0270, a subgroup of Iran-linked Phosphorus. [Read More]
The latest funding was led by CIBC Innovation Banking and brings the total raised by the Maryland start-up to $100 million. [Read More]
Forty-one cybersecurity-related M&A deals were announced in August 2022. [Read More]
Zyxel has released patches for a format string vulnerability impacting the firmware of multiple NAS device models. [Read More]

FEATURES, INSIGHTS // Risk Management

rss icon

Jeff Orloff's picture
The Defense Readiness Index is a reliable alternative for assessing a security team’s skill level, developing a roadmap for improving cyber competencies, and reaching the optimal level of cyber security readiness.
Gordon Lawson's picture
The surge of cyber attacks in 2021 was a wake-up call for consumers, who felt the firsthand effects that can result from a breach.
Torsten George's picture
Organizations need to look beyond preventive measures when it comes to dealing with today’s ransomware threats and invest in ransomware response, which improves their ability to prepare and quickly recover endpoints from ransomware attacks.
Landon Winkelvoss's picture
Many think open source intelligence is just another name for better googling. They are wrong. Good open source and threat intelligence are derived from three core capabilities.
Keith Ibarguen's picture
Vendor agnostic technology, married with actionable, globally-sourced, and continually evolving intelligence, augmented by humans, is needed to defend our enterprises.
Laurence Pitt's picture
There are areas where governments can learn from the private sector and vice-versa, which will help both sides adapt more quickly and effectively to a continuously evolving threat environment.
Torsten George's picture
Schools should take measures to identify and secure sensitive data, keep devices up-to-date, and ensure that their endpoint security controls are working.
Gordon Lawson's picture
The rise of social engineering tactics as well as risks associated with embedded vulnerabilities in contractor networks makes keeping this technology confidential and out of the hands of adversaries increasingly difficult.
Torsten George's picture
Cyber resiliency measures (i.e., architectural design, technologies, operational practices) assume that today’s threat actors can achieve a foothold in an organization’s infrastructure and in turn post-exploit activities must be contained and eliminated.
Landon Winkelvoss's picture
The security industry must commit to a risk-based approach that understands the specific attacks and actors targeting their industry and profile.