Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
The IPv6 guidance provides federal agencies with information on IPv6 and its security features, along with security considerations on the network protocol. [Read More]
Fast-growing insurance firm Acrisure announced a new cyber services division that will allow the company to provide customers with a portfolio of solutions to help address some of the most pressing cyber risks. [Read More]
Threat hunters at Kaspersky have spotted a well-known Chinese APT actor using an UEFI implant to maintain stealthy persistence across reboots, disk formatting or disk replacements. [Read More]
U.S. President Joe Biden has signed a new national security memorandum focusing on the implementation of the cybersecurity requirements of an executive order issued in 2021. [Read More]
Google researcher documents a pair of Zoom security defects and chides the company for missing a decades-old anti-exploit mitigation. [Read More]
A vulnerability in Box's implementation of multi-factor authentication (MFA) allowed attackers to take over accounts without needing access to the target's phone. [Read More]
Supply chain cyberattacks are not a new idea, but have been taken to new levels of sophistication and frequency in recent years. This growth will continue through 2022 and beyond. [Read More]
Security researchers document vulnerabilities in AWS CloudFormation and AWS Glue that could be abused to leak sensitive files and access other customer’s data. [Read More]
Federal Communications Commission (FCC) Chairwoman Jessica Rosenworcel proposes strengthening rules around telecom providers’ reporting of data breaches. [Read More]
Mozilla fixes multiple high-severity vulnerabilities with the release of Firefox 96, Firefox ESR 91.5, and Thunderbird 91.5. [Read More]
- 1 of 134
- ››
FEATURES, INSIGHTS // Risk Management
The rise of social engineering tactics as well as risks associated with embedded vulnerabilities in contractor networks makes keeping this technology confidential and out of the hands of adversaries increasingly difficult.
Cyber resiliency measures (i.e., architectural design, technologies, operational practices) assume that today’s threat actors can achieve a foothold in an organization’s infrastructure and in turn post-exploit activities must be contained and eliminated.
The security industry must commit to a risk-based approach that understands the specific attacks and actors targeting their industry and profile.
It is a good idea to assume that your network has already been breached, even if no overtly malicious notifications have surfaced.
You risk limiting the value you can derive from your next security investment without first thinking about your top use cases and the capabilities needed to address them.
While it might be overwhelming to look at the critical threats on the horizon you need to prepare for, focusing on these predictions for 2022 will help you strengthen your security posture and minimize your organization’s risk exposure.
Before the next Cybersecurity Awareness Month comes along, companies across all industries should consider moving to a Zero Trust approach, powered by additional security measures such as MFA and endpoint resilience.
While there still isn’t a clear industry-accepted answer to Vendor risk management (VRM), there has been more interest in staying on top of and learning about the latest in this space.
In addition to evaluating the core capabilities and range of intelligence monitoring, organizations must consider data source integrity, and perhaps most importantly, the level of expert analysis included with each service.
Far too many engineers in the trenches don’t take the time to lift their heads to see context, so when good (and bad) things happen, this is a great management opportunity that you should take full advantage of.
- 1 of 36
- ››
Get the Daily Briefing
- Apple Patches 'Actively Exploited' iOS Security Flaw
- Sophisticated Threat Actor Targets Governments, Defense Industry in Western Asia
- Cyber Insights 2022: Identity
- New Open Source Tool Helps Identify EtherNet/IP Stacks for ICS Research, Analysis
- Virtual Event Today: Ransomware Resilience & Recovery Summit - Doors Are Open
- Slim.AI Raises $31 Million to Secure Cloud-Native Applications
- Apple Pays Out $100,000 for Webcam, User Account Hacking Exploit
- Polkit Vulnerability Provides Root Privileges on Linux Systems
- Europe's Hypocrisy Over Personal Data Privacy Exposed
- Two More Poles Identified as Victims of Hacking With Spyware
Copyright © 2022 Wired Business Media. All Rights Reserved. Privacy Policy