Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Google announces reCAPTCHA v3, which aims to improve user experience by eliminating challenges [Read More]
Department of Defense announces new Hack the Pentagon bug bounty program that allows it to run year-long assessments for high-value systems [Read More]
New report from CyberX shows that plaintext passwords, direct connections to the Internet, the lack of automated updates for antiviruses, and outdated operating systems often put industrial systems at risk of attacks [Read More]
Cisco and F5 Networks are investigating the possible impact of the recently patched libssh vulnerability on their products, while other vendors have concluded similar investigations [Read More]
Cyberbit launches SCADAScan, a portable solution for assessing the security of ICS/SCADA networks [Read More]
Many servers may be exposed to attacks due to an authentication bypass vulnerability affecting the libssh SSH library [Read More]
Mozilla commissioned a security audit of the Firefox update system. No critical vulnerabilities were found and the high severity flaws were not easy to exploit [Read More]
Siemens informed customers that many of its products are affected by the recently disclosed Foreshadow/L1TF vulnerabilities in Intel processors [Read More]
Twitter makes some changes in preparation for the upcoming midterm elections in the US, including updates to rules on fake accounts and the distribution of hacked materials [Read More]
Facebook shares more details about the massive hack affecting 50 million accounts, including the exploited bugs, impact on users, attack timeline, and impact on Facebook [Read More]

FEATURES, INSIGHTS // Risk Management

rss icon

Torsten George's picture
Solving the security challenges healthcare providers face will fuel faster growth, enable further digital transformation, and ultimately result in enhanced patient care and data protection.
Preston Hogue's picture
Security teams should think about how company data might connect with data from other organizations or industries and how those combined data sets could be triangulated into a larger picture that ultimately puts you at risk.
Siggi Stefnisson's picture
Companies often grant access to corporate data and give access to all sorts of systems with the expectation that their business partners will have reasonable security practices in place.
Stan Engelbrecht's picture
If you know you want to improve your security operations, but don’t know where to start, here are a few steps that can help get you ready for a security orchestration, automation, and response (SOAR) platform.
Josh Lefkowitz's picture
Proper evaluation of business risk requires insight into the likelihood that a vulnerability will be exploited, and if exploited, how that vulnerability could impact the company on a macro level.
Josh Lefkowitz's picture
If an InfoSec team lacks the requisite capabilities, bandwidth, and/or resources to do so, it may inhibit the progress and accuracy of the investigation.
Alastair Paterson's picture
Given the uncertain future of dark web marketplaces and the clandestine nature of insider activity, specialized insider marketplaces are emerging.
Josh Lefkowitz's picture
It’s imperative that security practitioners acknowledge the often-confusing nature of insider threat, seek to dispel misconceptions, and provide clear, accurate insight whenever possible.
Alastair Paterson's picture
Threat modeling is an iterative process that needs to be updated whenever there are substantial changes to either assets or threats.
Preston Hogue's picture
Securing applications and understanding vulnerabilities in code and IT systems will always be important. But today security pros must open their eyes to a much bigger picture.