Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Router and switch LEDs can be used to stealthily exfiltrate sensitive data from air-gapped computers, researchers demonstrate [Read More]
A government contractor has been charged for leaking a classified NSA report on Russia election hacking to The Intercept [Read More]
Two researchers said they earned a total of $10,000 from Yahoo for finding several vulnerabilities, including ones that allowed code execution [Read More]
Change 2 to the National Industrial Security Program Operating Manual (NISPOM 2) specifies that all cleared personnel receive prior insider threat awareness training prior to gaining access to classified information. [Read More]
WikiLeaks Vault 7: CIA tool “Pandemic” replaces legitimate files accessed via SMB with malware [Read More]
Crowdfunding initiative for buying Shadow Brokers exploits canceled. Researchers cite legal reasons, including Russia (FSB) involvement [Read More]
Researcher discovers unprotected Amazon S3 bucket storing sensitive military data belonging to a US combat support and intelligence agency [Read More]
Researchers find 1,000 apps on enterprise mobile devices that expose terabytes of data via insecure connections to backend servers [Read More]
Companies that provide NAS appliances, routers and other networking devices are investigating the impact of the recently disclosed Samba vulnerability [Read More]
The Shadow Brokers announce the details of their “monthly dump service” and they want $20,000 paid in Zcash [Read More]

FEATURES, INSIGHTS // Risk Management

rss icon

Josh Lefkowitz's picture
Executive protection and physical security teams must leverage cyber threat intelligence to gain visibility into all relevant cyber and physical threats and ensure open collaboration and information sharing with all business functions.
Travis Greene's picture
If there are only five controls that a security organization can reasonably tackle this year, what should they be?
Torsten George's picture
Cyber security and cyber threats are most often confused with cyber risk, and often used interchangeably, but they are worlds apart.
Joshua Goldfarb's picture
Risk, reporting, and metrics are three important topics within information security, and they all mean drastically different things to different audiences.
Steven Grossman's picture
When it comes to security and cyber risk, CISOs are in the middle of it all, but they are not alone in protecting the enterprise.
Torsten George's picture
Let’s consider whether the proposed principles and tools by the World Economic Forum (WEF) can improve cyber resilience, and which types of enterprises can benefit most from implementing them.
Erin O’Malley's picture
Today, we expect ultimate convenience. But at what cost? More and more, I’m left wondering whether modern conveniences—grâce à today’s advanced technologies—are truly worth the risk.
Rafal Los's picture
Do you ever find yourself trying to protect your organization from exotic attack scenarios that are highly unlikely or that would have a minimal impact on you?
Josh Lefkowitz's picture
It's crucial for healthcare institutions to recognize their industry’s inherent susceptibility to cyber threats and that standards and regulations will, by their nature, always be reactive.
Steven Grossman's picture
The goal of stopping all cyber attacks and preventing all business impact has been recognized as a fool’s errand, and has shifted to measuring risk and minimizing business impacts.