Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Researchers who disclosed Meltdown, Spectre and other similar attacks are now back with a new type of side-channel attack, one that is hardware agnostic and targets the operating system page cache. [Read More]
USB Implementers Forum announces new USB Type-C authentication protocol designed to protect host systems against non-compliant chargers and malicious devices. [Read More]
The European Union is offering nearly $1 million in bug bounties through the FOSSA project for vulnerabilities in 14 widely used free software projects. [Read More]
The Department of Defense lacks visibility into software inventories, a review of Marine Corps, Navy, and Air Force commands and divisions reveals. [Read More]
Researchers demonstrate how hackers could remotely brick servers at scale via firmware attacks that leverage the Baseboard Management Controller (BMC). [Read More]
Huawei defends its global ambitions and network security in the face of Western fears that the Chinese telecom giant could serve as a Trojan horse for Beijing's security apparatus. [Read More]
A Czech cyber-security agency on Monday warned against using the software and hardware of China's Huawei and ZTE companies, saying they posed a threat to state security. [Read More]
The Cyber Readiness Institute (CRI) has launched a Cyber Readiness Program designed to provide assistance to small and medium businesses who may not have the resources to give security the priority it needs and deserves. [Read More]
Facebook has paid out over $1.1 million through its bug bounty program in 2018, which brings the total paid by the social media giant since the launch of its program to $7.5 million. [Read More]
Super Micro says it has conducted a thorough investigation following the recent Bloomberg report, but claims it has found “absolutely no evidence of malicious hardware” on its motherboards. [Read More]

FEATURES, INSIGHTS // Risk Management

rss icon

Josh Lefkowitz's picture
A business risk intelligence (BRI) program needs to understand and account for the different categories of risk faced by all business functions across an enterprise.
Alastair Paterson's picture
Organizations that continuously monitor their digital footprint and understand their online exposure will be the most effective at mitigating digital risk in the new year.
Lance Cottrell's picture
We spend a lot of time thinking about and trying to mitigate threats that are so extreme you are basically already doomed if they are ever used against you.
Laurence Pitt's picture
Failure to implement basic cybersecurity hygiene practices will leave retailers vulnerable to damage and fines during a lucrative time for their businesses.
Alastair Paterson's picture
As you develop a brand protection program, here are five concrete things you can do now to proactively identify and mitigate risk to your brand.
Josh Lefkowitz's picture
It’s relatively commonplace for CTI and incident response teams to establish a coordinated response plan in preparation for a cyber attack, but—as demonstrated by WannaCry—it’s imperative for physical security teams to be involved in such plans as well.
Mike Fleck's picture
A small business with one running all of IT, cannot defend against cyber-attacks from the North Korean military with the same vigor as Lockheed Martin or Northrup Grumman.
Torsten George's picture
Like the NIST Cybersecurity Framework, it integrates relevant regulations (e.g., HIPAA) and standards (NIST 800-53, ISO 27001, PCI DSS) into a single overarching security framework.
Josh Lefkowitz's picture
There’s no point in having billions of data points if those data points aren’t timely, accurate, actionable, and adequately map to your intelligence objectives and requirements.
Nick Sanna's picture
Board members and senior management are likely to wave off CISO techno-speak and push to get their questions answered on their terms.