Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Facebook's security team issues a warning about Tortoiseshell, an Iranian hacking group targeting military personnel and defense organizations in the United States. [Read More]
A new Emergency Directive from CISA gives federal agencies one week to patch the vulnerability (CVE-2021-34527) [Read More]
Adobe urged Windows and macOS users to treat the PDF Reader patch with the utmost priority, because the flaws expose machines to remote code execution and privilege escalation attacks. [Read More]
Phishing links were used for initial access in nearly half of CISA’s FY2020 Risk and Vulnerability Assessments. [Read More]
Microsoft insists the latest Windows Print Spooler security update works as intended but researchers show code execution demos if certain capabilities are enabled. [Read More]
Cisco issues an advisory with a warning that the vulnerabilities could be exploited by authenticated, remote attackers to gain elevated privileges. [Read More]
The Republican National Committee says no RNC data was compromised in a cyberattack that involved B2B IT services provider Synnex. [Read More]
Sophos has acquired Capsule8 to beef up the Linux protection capabilities to its endpoint detection and response product stack. [Read More]
The out-of-band update comes more than a week after the publication of proof-of-concept exploit code sent Windows network administrators scrambling to apply pre-patch mitigations. [Read More]
Theft of U.S. intellectual property (IP) is a fundamental part of China’s stated intention to be the world leader in science and technology by 2050 [Read More]

FEATURES, INSIGHTS // Risk Management

rss icon

Rob Fry's picture
We are a community with grand ideas around the concept of crowdsourced threat intel (CTI), but with little history or previous successes that show CTI as a viable idea.
Landon Winkelvoss's picture
Executive protection teams face threats from many sources including social media, telephone, email, and event in-person physical threats.
Landon Winkelvoss's picture
Ineffective security approaches when integrating two separate organizations can lead to significant issues that could undercut the business value of a merger or acquisition.
Landon Winkelvoss's picture
While cyber due diligence has yet to become commonplace in M&A transactions, the consequences of failing to identify risks and active campaigns can have costly implications.
Gunter Ollmann's picture
In the merry-go-round world of InfoSec technologies and “what’s old is new again,” this year we should include Attack Surface Management with a dash of Continuous.
Laurence Pitt's picture
School network administrators should be taking precautions to prepare for the new challenges of the upcoming academic year.
Torsten George's picture
Cyber resilience can be considered a preventive measure to counteract human error, malicious actions, and decayed, insecure software.
Yaniv Vardi's picture
Supply chain cyber risk is complicated and spans the entire lifecycle of a product—across design, manufacturing, distribution, storage, and maintenance.
AJ Nash's picture
For companies trying to build new or mature existing intelligence programs, the Age of COVID has been an excellent time to capture 30-60 minutes with that hard-to-find manager
Torsten George's picture
While the SolarWinds hack is not the first supply chain attack to make headlines, its sophistication and blast radius is forcing organizations to consider how they can minimize their exposure to these types of threats in the future.