Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

A vulnerability in Box's implementation of multi-factor authentication (MFA) allowed attackers to take over accounts without needing access to the target's phone. [Read More]
Supply chain cyberattacks are not a new idea, but have been taken to new levels of sophistication and frequency in recent years. This growth will continue through 2022 and beyond. [Read More]
Security researchers document vulnerabilities in AWS CloudFormation and AWS Glue that could be abused to leak sensitive files and access other customer’s data. [Read More]
Federal Communications Commission (FCC) Chairwoman Jessica Rosenworcel proposes strengthening rules around telecom providers’ reporting of data breaches. [Read More]
Mozilla fixes multiple high-severity vulnerabilities with the release of Firefox 96, Firefox ESR 91.5, and Thunderbird 91.5. [Read More]
CISA, FBI and NSA have released a joint cybersecurity advisory providing an overview of cyber operations linked to the Russian government. [Read More]
Researchers have analyzed 16 URL parsing libraries and showed how inconsistencies can lead to various types of vulnerabilities. [Read More]
The U.S. government has issued a warning over the use of commercial surveillance tools and it has shared some recommendations. [Read More]
Recorded Future snaps up SecurityTrails for a direct entry into the booming attack surface management business. [Read More]
The FTC has warned companies that they face legal action if exploitation of the Log4Shell vulnerability leads to customer harm. [Read More]

FEATURES, INSIGHTS // Risk Management

rss icon

Gordon Lawson's picture
The rise of social engineering tactics as well as risks associated with embedded vulnerabilities in contractor networks makes keeping this technology confidential and out of the hands of adversaries increasingly difficult.
Torsten George's picture
Cyber resiliency measures (i.e., architectural design, technologies, operational practices) assume that today’s threat actors can achieve a foothold in an organization’s infrastructure and in turn post-exploit activities must be contained and eliminated.
Landon Winkelvoss's picture
The security industry must commit to a risk-based approach that understands the specific attacks and actors targeting their industry and profile.
Marie Hattar's picture
It is a good idea to assume that your network has already been breached, even if no overtly malicious notifications have surfaced.
Marc Solomon's picture
You risk limiting the value you can derive from your next security investment without first thinking about your top use cases and the capabilities needed to address them.
Torsten George's picture
While it might be overwhelming to look at the critical threats on the horizon you need to prepare for, focusing on these predictions for 2022 will help you strengthen your security posture and minimize your organization’s risk exposure.
Torsten George's picture
Before the next Cybersecurity Awareness Month comes along, companies across all industries should consider moving to a Zero Trust approach, powered by additional security measures such as MFA and endpoint resilience.
William Lin's picture
While there still isn’t a clear industry-accepted answer to Vendor risk management (VRM), there has been more interest in staying on top of and learning about the latest in this space.
Landon Winkelvoss's picture
In addition to evaluating the core capabilities and range of intelligence monitoring, organizations must consider data source integrity, and perhaps most importantly, the level of expert analysis included with each service.
Keith Ibarguen's picture
Far too many engineers in the trenches don’t take the time to lift their heads to see context, so when good (and bad) things happen, this is a great management opportunity that you should take full advantage of.