Security Experts:

Security Infrastructure
long dotted


Firefox does a poor job at securing stored passwords even if the user has set up a master password, a software developer claims. [Read More]
Russia-linked cyberspy group Dragonfly compromised a Cisco router and abused it to harvest credentials later used to hack energy companies in the UK [Read More]
Cloud-managed IT firm Cisco Meraki launches public bug bounty program with rewards of up to $10,000 [Read More]
A vulnerability exists in MikroTik's RouterOS in versions prior to the latest 6.41.3, released Monday 12 March 2018. Details were discovered February and disclosed by Core Security on Thursday. [Read More]
Microcode patches for Spectre are available for all Intel CPUs launched in the past five years. The company provided more details on future processors that will include protections against these types of attacks [Read More]
Less than 1% of the top 1 million websites have yet to replace Symantec-issued certificates before major browsers distrust them, DigiCert announced earlier this week. [Read More]
White hats managed to hack Microsoft Edge, Oracle VirtualBox and Apple Safari on the first day of the Pwn2Own 2018 hacking contest, earning a total of $162,000 [Read More]
Palo Alto Networks (NYSE: PANW) has agreed to acquire cloud security and compliance firm for $300 million in cash. [Read More]
An unnamed energy firm in the U.S. has been fined $2.7 million over a data security incident that exposed critical cyber assets [Read More]
The need to manage privileged accounts is understood by practitioners and required by regulators, but poorly implemented in practice. [Read More]

FEATURES, INSIGHTS // Security Infrastructure

rss icon

Alastair Paterson's picture
Security teams need visibility outside the organization and across the widest range of data sources possible to mitigate digital risk and better protect the organization.
Jim Ivers's picture
Applications contain three specific components where vulnerabilities can be found, and each must be tested in a different way for security testing to be complete.
Marc Solomon's picture
How do you get the most value from your threat intelligence? It comes down to relevance, and that’s determined by your industry/geography, your environment and your skills/capabilities.
Erin O’Malley's picture
Designed for specific purposes, security tools should be fed only the data they need to do what they do best; they shouldn’t be burdened with irrelevant data.
Lance Cottrell's picture
Net Neutrality holds that the internet should be a passive conduit for data between any endpoints. It should not make any difference to a carrier who is initiating the connection and what service they are using.
Torsten George's picture
Unfortunately, the Cyber Shield Act as it stands falls short, since it is a voluntary program that does not incentivize vendors to implement the NIST security standards.
Marie Hattar's picture
Enterprises need to rethink security to focus less on the perimeter and more on identifying anomalies in user and network behavior that may be indicators of an attack in progress.
Marc Solomon's picture
With the right technologies and/or services, every organization can get relevant, prioritized threat intelligence how, when and where they need it.
Ashley Arbuckle's picture
While it’s easy to deploy new IT services, many of the security tools and processes that we’ve used in our networks and data centers will not work in public clouds.
John Maddison's picture
Digital transformation is creating a whole new set of risks that, especially where critical infrastructure is involved, could have potentially devastating consequences.