Security Experts:

long dotted


In collaboration with the Sigstore project, Google ships an open-source tool called cosign to make signing and verifying container images easy. [Read More]
Researchers at Kaspersky warn that a new rootkit is being used as part of the ongoing 'TunnelSnake' campaign targeting entities in Asia and Africa since 2019. [Read More]
Twilio joins HashiCorp in confirming collateral damage from the CodeCov supply chain attack but details remain scarce. [Read More]
The U.S. Department of Defense has put all public-facing websites and applications in scope for an expanded vulnerability disclosure program. [Read More]
Israeli cybersecurity testing firm Cymulate announced has raised $45 million through a Series C funding round led by One Peak. [Read More]
Version 9 of the ATT&CK framework introduces techniques related to containers and Google Workspace, as well as other changes. [Read More]
The NSA has released a cybersecurity advisory focusing on the security of operational technology (OT) systems, particularly connectivity to IT systems. [Read More]
A task force from the Institute for Security and Technology recommends a comprehensive framework for preparing for, disrupting, and responding to ransomware attacks. [Read More]
Cyber hygiene and patch management company Automox has raised $110 million in a Series C funding round. [Read More]
A joint document provides information on how attackers execute software supply chain attacks and on how organizations can mitigate risks. [Read More]

FEATURES, INSIGHTS // Risk Management

rss icon

Laurence Pitt's picture
School network administrators should be taking precautions to prepare for the new challenges of the upcoming academic year.
Torsten George's picture
Cyber resilience can be considered a preventive measure to counteract human error, malicious actions, and decayed, insecure software.
Yaniv Vardi's picture
Supply chain cyber risk is complicated and spans the entire lifecycle of a product—across design, manufacturing, distribution, storage, and maintenance.
AJ Nash's picture
For companies trying to build new or mature existing intelligence programs, the Age of COVID has been an excellent time to capture 30-60 minutes with that hard-to-find manager
Torsten George's picture
While the SolarWinds hack is not the first supply chain attack to make headlines, its sophistication and blast radius is forcing organizations to consider how they can minimize their exposure to these types of threats in the future.
AJ Nash's picture
As you build your cyber intelligence program – and have all the vendors lined up to take your money – don’t overlook the importance of investing in the right people.
Laurence Pitt's picture
Many security teams will have to reduce budget against projects scheduled for 2021, with funds being re-allocated to pandemic-related business and workforce enablement
Tim Bandos's picture
Keeping a ‘six foot distance’ between our digital home life and digital work life can go a long way when it comes to safeguarding our most sensitive data, too.
AJ Nash's picture
Knowing that threat intelligence is readily available and proving its worth is one thing, understanding how to use it within your security operations program is quite another.
Marc Solomon's picture
When intelligence becomes a capability and not just subscriptions to feeds, we can gain the full value of intelligence as the foundation to security operations.