Security Experts:
LATEST SECURITY NEWS HEADLINES
NEWS & INDUSTRY UPDATES
A vulnerability in Box's implementation of multi-factor authentication (MFA) allowed attackers to take over accounts without needing access to the target's phone. [Read More]
Supply chain cyberattacks are not a new idea, but have been taken to new levels of sophistication and frequency in recent years. This growth will continue through 2022 and beyond. [Read More]
Security researchers document vulnerabilities in AWS CloudFormation and AWS Glue that could be abused to leak sensitive files and access other customer’s data. [Read More]
Federal Communications Commission (FCC) Chairwoman Jessica Rosenworcel proposes strengthening rules around telecom providers’ reporting of data breaches. [Read More]
Mozilla fixes multiple high-severity vulnerabilities with the release of Firefox 96, Firefox ESR 91.5, and Thunderbird 91.5. [Read More]
CISA, FBI and NSA have released a joint cybersecurity advisory providing an overview of cyber operations linked to the Russian government. [Read More]
Researchers have analyzed 16 URL parsing libraries and showed how inconsistencies can lead to various types of vulnerabilities. [Read More]
The U.S. government has issued a warning over the use of commercial surveillance tools and it has shared some recommendations. [Read More]
Recorded Future snaps up SecurityTrails for a direct entry into the booming attack surface management business. [Read More]
The FTC has warned companies that they face legal action if exploitation of the Log4Shell vulnerability leads to customer harm. [Read More]
- 1 of 133
- ››
FEATURES, INSIGHTS // Risk Management
The rise of social engineering tactics as well as risks associated with embedded vulnerabilities in contractor networks makes keeping this technology confidential and out of the hands of adversaries increasingly difficult.
Cyber resiliency measures (i.e., architectural design, technologies, operational practices) assume that today’s threat actors can achieve a foothold in an organization’s infrastructure and in turn post-exploit activities must be contained and eliminated.
The security industry must commit to a risk-based approach that understands the specific attacks and actors targeting their industry and profile.
It is a good idea to assume that your network has already been breached, even if no overtly malicious notifications have surfaced.
You risk limiting the value you can derive from your next security investment without first thinking about your top use cases and the capabilities needed to address them.
While it might be overwhelming to look at the critical threats on the horizon you need to prepare for, focusing on these predictions for 2022 will help you strengthen your security posture and minimize your organization’s risk exposure.
Before the next Cybersecurity Awareness Month comes along, companies across all industries should consider moving to a Zero Trust approach, powered by additional security measures such as MFA and endpoint resilience.
While there still isn’t a clear industry-accepted answer to Vendor risk management (VRM), there has been more interest in staying on top of and learning about the latest in this space.
In addition to evaluating the core capabilities and range of intelligence monitoring, organizations must consider data source integrity, and perhaps most importantly, the level of expert analysis included with each service.
Far too many engineers in the trenches don’t take the time to lift their heads to see context, so when good (and bad) things happen, this is a great management opportunity that you should take full advantage of.
- 1 of 36
- ››
Get the Daily Briefing
- Cloud Security Provider Anitian Raises $55 Million
- CISA Releases Final IPv6 Security Guidance for Federal Agencies
- DoH Makes It Difficult to Track Botnets: Spamhaus
- F5 Patches Two Dozen Vulnerabilities in BIG-IP
- Industry Reactions to Biden Cybersecurity Memo: Feedback Friday
- High-Severity Vulnerabilities Patched in McAfee Enterprise Product
- Dark Web Chatter: What Other Russian Hackers Are Saying About the REvil Arrests
- FBI Warns Organizations of Diavol Ransomware Attacks
- Insurance and Fintech Firm Acrisure Launches Cyber Services Division
- Nigerian Authorities Arrest 11 Members of Prolific BEC Fraud Group
Copyright © 2022 Wired Business Media. All Rights Reserved. Privacy Policy