Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

The U.S. government's CISA and OMB are seeking the public’s opinion on draft zero trust strategic and technical documentation. [Read More]
Howard University closed its physical campus and canceled classes this week after experiencing a ransomware attack. [Read More]
The Android Security Bulletin for September 2021 includes patches for a total of 40 vulnerabilities, including seven that are rated critical. [Read More]
The agency's guidance is aimed at three main decision-maker groups and should help reduce overall risks associated with Managed Service Providers (MSPs). [Read More]
The American Petroleum Institute (API) has published the third edition of its pipeline cybersecurity standard. [Read More]
This week, the agency added single-factor authentication to its Bad Practices list, underlining that attackers may access systems by matching a single factor only. [Read More]
First observed in June 2021, the ransomware group employs various TTPs, encrypts and exfiltrates data, then threatens to publish it on the Tor site “HiveLeaks.” [Read More]
The company urges customers to install available patches as soon as possible, to ensure their deployments are protected from active attacks. [Read More]
The company said it fell victim to a Conti ransomware attack that included the exfiltration of personal information pertaining to current and former employees. [Read More]
Malicious attackers are exploiting the ProxyShell vulnerabilities to execute arbitrary code on target systems and deploy backdoors and ransomware. [Read More]

FEATURES, INSIGHTS // Risk Management

rss icon

Landon Winkelvoss's picture
Security and intelligence teams often lack finished intelligence, which leaves them ill-equipped to combat motivated and sophisticated adversaries.
William Lin's picture
After every company goes through digital transformation, their threat model will change in response.
Derek Manky's picture
As we see an increasing number of recent attacks against critical infrastructure – cybersecurity and physical security can be intrinsically linked.
Rob Fry's picture
We are a community with grand ideas around the concept of crowdsourced threat intel (CTI), but with little history or previous successes that show CTI as a viable idea.
Landon Winkelvoss's picture
Executive protection teams face threats from many sources including social media, telephone, email, and event in-person physical threats.
Landon Winkelvoss's picture
Ineffective security approaches when integrating two separate organizations can lead to significant issues that could undercut the business value of a merger or acquisition.
Landon Winkelvoss's picture
While cyber due diligence has yet to become commonplace in M&A transactions, the consequences of failing to identify risks and active campaigns can have costly implications.
Gunter Ollmann's picture
In the merry-go-round world of InfoSec technologies and “what’s old is new again,” this year we should include Attack Surface Management with a dash of Continuous.
Laurence Pitt's picture
School network administrators should be taking precautions to prepare for the new challenges of the upcoming academic year.
Torsten George's picture
Cyber resilience can be considered a preventive measure to counteract human error, malicious actions, and decayed, insecure software.