Security Experts:

WRITE FOR US

IT Security News Headlines

rss icon

DarkSide Ransomware Shutdown: An Exit Scam or Running for Hills?
Investors Pump $90 Million Into Pentesting Firm NetSPI
Impacted Vendors Release Advisories for FragAttacks Vulnerabilities
Application Security Startup ArmorCode Emerges From Stealth
Cisco Patches Code Execution Flaw in VPN Product 6 Months After Disclosure
long dotted

More Security Headlines

DarkSide Ransomware Hits Toshiba Tec Group
A European subsidiary of Japanese firm giant Toshiba was hit by a ransomware attack at the hands of the DarkSide ransomware syndicate [Read More]
Insurer CNA Fully Restores Systems Following Ransomware Attack
The company says it has no evidence that potentially compromised data is being shared on the Dark Web. [Read More]
Cisco to Acquire Vulnerability Management Firm Kenna Security
Cisco has agreed to acquire Kenna Security, a privately held cybersecurity company focused on vulnerability management technology. [Read More]
Biden Signs Executive Order on Strengthening Cybersecurity Defenses: Feedback Friday
Industry professionals comment on the executive order signed by President Joe Biden to strengthen the US’s cybersecurity defenses. [Read More]
DC Police Victim of Massive Data Leak by Ransomware Gang
The Washington DC police department suffered a massive leak of internal information after refusing to meet the blackmail demands of Russian-speaking ransomware syndicate. Experts say it’s the worst known ransomware attack ever to hit a U.S. police department. [Read More]
Colonial Pipeline Paid $5 Million to Ransomware Gang: Reports
Colonial Pipeline reportedly paid a $5 million ransom to Darkside ransomware operators, but still used backups to restore systems as the tool provided by the hackers was too slow. [Read More]
Irish Health System Says It’s Targeted in Ransomware Attack
Ireland’s health service shut down its IT systems on Friday after being targeted in what it called a “significant ransomware attack.” [Read More]
Researchers Abuse Apple’s Find My Network for Data Upload
Researchers find and document a way to leverage Apple’s Find My's Offline Finding network to upload arbitrary data to the Internet. [Read More]
Rapid7 Source Code Exposed in Codecov Supply Chain Attack
Enterprise security vendor Rapid7 says unauthorized third-party accessed source code, customer data during Codecov supply chain breach [Read More]
Vendor Survey vs Reality on SASE Implementation
Gartner believes it will be four years before the market achieves two-thirds of the position a WSJ Intelligence and Forcepoint survey says is already achieved on deployment of secure access service edge (SASE). [Read More]

SecurityWeek Experts

rss icon

Joshua Goldfarb's picture
How Stubbornness Can Harm an Organization's Security Posture
Joshua Goldfarb - Management & Strategy
Josh Goldfarb analyzes five statements stubborn people often say, discusses how they harm an organization's security posture, and suggests ways forward in each case.
Read full story
Marc Solomon's picture
Security Automation: Data is More Important Than Process
Marc Solomon - Incident Response
For efficiency and effectiveness, automation must take a data-driven approach and encompass how we initiate and learn from the response, not just how we execute the process.
Read full story
Tim Bandos's picture
The Benefits of Cloud Services Far Outweigh On-Premises in 2021
Tim Bandos - Cloud Security
Shifting to the cloud can be a radical but necessary change. There’s no denying the transition can be time consuming and costly upfront.
Read full story
Gordon Lawson's picture
Attackers Use Obscurity, Enterprises Should Too
Gordon Lawson - Network Security
While obscurity is an offensive tool for attackers, it also represents a defensive measure for organizations. Let’s consider the benefits of concealing network infrastructure and activity from the outside world to reduce the enterprise attack surface.
Read full story
Landon Winkelvoss's picture
3 Steps to Disrupt Threat Actors Selling Access to Your Environment
Landon Winkelvoss - Incident Response
In response to a specific attack, it’s important to do external threat monitoring and threat actor engagement to determine if the actors are attempting to exploit or monetize the security event.
Read full story
William Lin's picture
The VC View: Cloud Security and Compliance
William Lin - Cloud Security
The combination of “shifting left” and “cloud security” is going to happen and be called “shifting everywhere.”
Read full story
Rob Fry's picture
What Cybersecurity Can Learn From Video Games
Rob Fry - Management & Strategy
Each year we see more vendors with technology solutions and buzzwords that rarely live up to their hype and customers willing to believe or gamble for the chance at more visibility, lower business risk, or the chance to close a security gap.
Read full story
Idan Aharoni's picture
The Anti-Fraud Lifecycle
Idan Aharoni - Fraud & Identity Theft
Fraudsters will determine who to target within the industry based on each service’s fraud prevention policies and maturity, rather than generally targeting the industry.
Read full story
John Maddison's picture
Effective Security Needs to See and Interrupt Every Step in an Attack Chain
John Maddison - Network Security
The best defense in depth strategy is one that enables multiple tools, deployed across the distributed network—including endpoints, clouds, and applications—to work as a unified solution to detect and respond to threats.
Read full story
Torsten George's picture
Today's Security Trap: Increasing Spending but Not Efficacy
Torsten George - Endpoint Security
Despite the long-standing belief that deploying more security solutions will result in greater protection against threats, the truth of the matter can be very different.
Read full story