Security Experts:

WRITE FOR US
Management & Strategy

LATEST SECURITY NEWS HEADLINES

rss icon

Hypr Raises $25 Million for Passwordless Authentication Platform
Three Innocuous Linux Vulnerabilities Chained to Obtain Full Root Privileges
Report: California Gun Data Breach Was Unintentional
IBM Cloud Vulnerability Exposed Users to Supply Chain Attacks
Over 100 Organizations Hit by Cuba Ransomware: CISA, FBI
long dotted

NEWS & INDUSTRY UPDATES

One Year Later: Log4Shell Remediation Slow, Painful Slog
According to data from Tenable, more than 70 percent of global organizations remain vulnerable to the Log4Shell flaw as of October this year. [Read More]
Project Zero Flags 'Patch Gap' Problems on Android
Google researchers call attention to the ongoing “patch-gap” problem, warning that downstream vendors continue to be tardy at delivering security fixes to Android-powered devices. [Read More]
Proofpoint: Watch Out for Nighthawk Hacking Tool Abuse
Security researchers at Proofpoint call attention to the discovery of a commercial red-teaming attack tool called Nighthawk, warning that the command-and-control framework is likely to be abused by threat actors. [Read More]
CISA Updates Infrastructure Resilience Planning Framework
CISA has released an updated version of IRPF, which provides responders with new tools and guidance for improving infrastructure resilience. [Read More]
US Offshore Oil and Gas Infrastructure at Significant Risk of Cyberattacks
GAO says the Department of Interior needs to address the cybersecurity risks that offshore oil and gas infrastructure face. [Read More]
33 Attorneys General Send Letter to FTC on Commercial Surveillance Rules
Attorneys general in more than 30 US states have urged the FTC to take into consideration the consumer harms associated with online surveillance and data security practices. [Read More]
Google Making Cobalt Strike Pentesting Tool Harder to Abuse
Google has announced the release of YARA rules and a VirusTotal Collection to help detect Cobalt Strike and disrupt its malicious use. [Read More]
US Gov Issues Software Supply Chain Security Guidance for Customers
CISA, NSA, and ODNI have released recommendations on how customers can help secure the software supply chain. [Read More]
Palo Alto to Acquire Israeli Software Supply Chain Startup
The cybersecurity powerhouse plans to spend $195 million in cash to acquire Israeli application security startup Cider Security. [Read More]
US Gov Cybersecurity Apprenticeship Sprint: 190 New Programs, 7,000 People Hired
The US government’s 120-day Cybersecurity Apprenticeship Sprint has come to an end and it resulted in more than 190 new programs and 7,000 apprentices getting hired. [Read More]

FEATURES, INSIGHTS // Management & Strategy

rss icon

Joshua Goldfarb's picture
Don't Let Your Career Go the Way of Entertainment 720
Joshua Goldfarb - Management & Strategy
I believe that as security and fraud professionals, we can learn an important career lesson from fictional company Entertainment 720.
Read full story
Gordon Lawson's picture
Digesting CISA's Cross-Sector Cybersecurity Performance Goals
Gordon Lawson - Compliance
Basic cyber hygiene may seem rudimentary, but as highlighted in CISA’s four key challenges above, it is something organizations of all sizes struggle with.
Read full story
Torsten George's picture
Cyber Resilience: The New Strategy to Cope With Increased Threats
Torsten George - Network Security
When implemented properly, cyber resilience can be considered a preventive measure to counteract human error, malicious actions, and decayed, insecure software.
Read full story
Marc Solomon's picture
Balancing Security Automation and the Human Element
Marc Solomon - Incident Response
When we start to consider the human element of the security automation equation, and its impact on the automation capabilities we select and how we measure progress, we can accelerate automation initiatives and the benefits we derive.
Read full story
Joshua Goldfarb's picture
Bringing Bots and Fraud to the Boardroom
Joshua Goldfarb - Fraud & Identity Theft
If security can learn to communicate in a way that executives and boar members can understand, internalize, and act upon, it serves to benefit tremendously.
Read full story
Derek Manky's picture
Offense Gets the Glory, but Defense Wins the Game
Derek Manky - Incident Response
Organizations may better align their defenses to adapt and react proactively to rapidly changing attack approaches when they have a better grasp of the objectives and strategies employed by their adversaries.
Read full story
Jeff Orloff's picture
Tailoring Security Training to Specific Kinds of Threats
Jeff Orloff - Training & Certification
By focusing on attack tactics and techniques that pose clear and present danger to the business, a company can achieve the greatest return on its training initiatives.
Read full story
Gordon Lawson's picture
How to Prepare for New SEC Cybersecurity Disclosure Requirements
Gordon Lawson - Incident Response
The new SEC requirements are putting on paper what many companies—public and private—should have been investing in already.
Read full story
Landon Winkelvoss's picture
Leveraging Managed Services to Optimize Your Threat Intelligence Program During an Economic Downturn
Landon Winkelvoss - Risk Management
How organizations can use managed services to optimize their threat intelligence program during an economic downturn.
Read full story
Marc Solomon's picture
Anticipation and Action: What's Next in SOC Modernization
Marc Solomon - Network Security
Within the context of security operations, anticipation teams use internal and external threat and event data across their security infrastructure for context and analytics and to become more proactive.
Read full story