Security Experts:

long dotted


Private equity investment firm KKR leads a $200 million round in enterprise identity protection vendor Semperis. [Read More]
LimaCharlie has now raised a total of $6.35 million, at a current valuation of $24 million. [Read More]
The attackers use sqlps.exe, a utility for running SQL-built cmdlets, to achieve fileless persistence on poorly secured SQL servers. [Read More]
CISA has issued a warning for recent and newly patched VMware vulnerabilities — the agency believes the new flaws will quickly be exploited by threat actors. [Read More]
The US government has warned that rogue IT workers from North Korea enable DPRK hacking operations and provide logistical support for its threat actors. [Read More]
SecurityWeek will host its 2022 Threat Intelligence Summit as a fully immersive virtual event on May 18, 2022. [Read More]
Canada, the Netherlands, New Zealand, the US, and the UK warn that threat actors exploit weak cybersecurity practices for initial access. [Read More]
SecurityWeek will host its 2022 Threat Intelligence Summit as a fully immersive virtual event on May 18, 2022. [Read More]
CISA has temporarily removed the Windows vulnerability known as PetitPotam from its Must-Patch list after learning from Microsoft that a recent patch can cause authentication failures. [Read More]
Texas startup Balkan ID banks $5.75 million in seed funding to help organizations find and remediate risky privileges across SaaS and public cloud infrastructure. [Read More]

FEATURES, INSIGHTS // Risk Management

rss icon

Rob Fry's picture
We are a community with grand ideas around the concept of crowdsourced threat intel (CTI), but with little history or previous successes that show CTI as a viable idea.
Landon Winkelvoss's picture
Executive protection teams face threats from many sources including social media, telephone, email, and event in-person physical threats.
Landon Winkelvoss's picture
Ineffective security approaches when integrating two separate organizations can lead to significant issues that could undercut the business value of a merger or acquisition.
Landon Winkelvoss's picture
While cyber due diligence has yet to become commonplace in M&A transactions, the consequences of failing to identify risks and active campaigns can have costly implications.
Gunter Ollmann's picture
In the merry-go-round world of InfoSec technologies and “what’s old is new again,” this year we should include Attack Surface Management with a dash of Continuous.
Laurence Pitt's picture
School network administrators should be taking precautions to prepare for the new challenges of the upcoming academic year.
Torsten George's picture
Cyber resilience can be considered a preventive measure to counteract human error, malicious actions, and decayed, insecure software.
Yaniv Vardi's picture
Supply chain cyber risk is complicated and spans the entire lifecycle of a product—across design, manufacturing, distribution, storage, and maintenance.
AJ Nash's picture
For companies trying to build new or mature existing intelligence programs, the Age of COVID has been an excellent time to capture 30-60 minutes with that hard-to-find manager
Torsten George's picture
While the SolarWinds hack is not the first supply chain attack to make headlines, its sophistication and blast radius is forcing organizations to consider how they can minimize their exposure to these types of threats in the future.