Security Experts:

WRITE FOR US

LATEST SECURITY NEWS HEADLINES

rss icon

Irish Watchdog Opens Another Facebook Probe, Over Data Dump
Capcom Says Older VPN Device at Heart of Ransomware Attack
Cybersecurity VC Funding Hit Record in 2020 With $7.8 Billion Invested
Another Critical Vulnerability Patched in SAP Commerce
Siemens Releases Several Advisories for 'NAME:WRECK' Vulnerabilities
long dotted

NEWS & INDUSTRY UPDATES

APT Group Using Voice Changing Software in Spear-Phishing Campaign
Researchers report that a subgroup of the Molerats APT is employing voice changing software in attacks targeting regional adversaries and political opponents. [Read More]
US DoD Launches Vuln Disclosure Program for Contractor Networks
In a new pilot program, the U.S. DoD invites the HackerOne community to remotely test the participating DoD contractors’ assets and report on any identified vulnerabilities. [Read More]
China-Linked 'Cycldek' Hackers Target Vietnamese Government, Military
Kaspersky researchers warn that China-linked APT group Cycldek using custom malware in a series of recent attacks targeting government and military entities in Vietnam. [Read More]
CISA, FBI Warn of Attacks Targeting Fortinet FortiOS
The U.S. government's Cybersecurity and Infrastructure Security Agency (CISA) warns that APT actors are exploiting Fortinet FortiOS vulnerabilities in attacks targeting commercial, government, and technology services networks. [Read More]
VMware Patches Critical Flaw in Carbon Black Cloud Workload
VMWare fixes a serious URL-handling vulnerability in the Carbon Black administrative interface and warns of authentication bypass and potential code execution risks. [Read More]
SecureDrop Workstation Gets Post-Audit Security Refresh
A third-party audit financed by the New York Times discovers a high-risk vulnerability but overall gives Securedrop Workstation a positive security bill of health. [Read More]
DHS Gives Federal Agencies 5 Days to Identify Vulnerable MS Exchange Servers
The U.S. Department of Homeland Security's CISA is directing federal agencies to scan their Microsoft Exchange environments for four weeks and report if they find any compromised servers. [Read More]
Unpatched RCE Flaws Affect Tens of Thousands of QNAP SOHO NAS Devices
Researchers warns that tens of thousands of QNAP SOHO NAS devices potentially impacted by unpatched remote code execution flaws. [Read More]
Kansas Man Charged with Tampering with Public Water System
The U.S. Department of Justice this week announced official charges against Wyatt A. Travnichek, a Kansas man accused of accessing and tampering with a public water system. [Read More]
Websites of EU Mobile Providers Fail to Properly Secure User Data: Report
The sensitive information of over 235 million customers of EU mobile providers could be at risk due to website vulnerabilities. [Read More]

FEATURES, INSIGHTS // Data Protection

rss icon

William Lin's picture
The VC View: Data Security - Deciphering a Misunderstood Category
William Lin - Data Protection
Data security is a tough topic to summarize and I’d argue it may be the most misunderstood category in security right now.
Read full story
Gunter Ollmann's picture
Attesting to the Security of Data-in-Use
Gunter Ollmann - Cloud Security
CISOs and their security teams need to quickly master these technologies if they’re to successfully partner with in-house development teams and secure “data-in-use.”
Read full story
Gunter Ollmann's picture
Securing Data-in-Use With Confidential Computing
Gunter Ollmann - Cloud Security
It is reasonable to assume that within five years the term “confidential compute” will become superfluous and an assumed native component of all cloud services.
Read full story
Alastair Paterson's picture
The Digital Ship is Full of Leaks. But There Are Ways to Keep it Afloat.
Alastair Paterson - Risk Management
Opportunities for accidental exposure of sensitive information are often compounded by multiple stakeholders using collaborative tools without the proper policies, oversight and security training.
Read full story
Laurence Pitt's picture
SD-WAN and Managed Service Providers: The Dream Team?
Laurence Pitt - Network Security
For an MSP looking to grow business, the convergence of SD-WAN and security, along with the transitional needs of customers, translates to opportunity.
Read full story
Jim Gordon's picture
Data Protection and Privacy: Think 360, Demand 360
Jim Gordon - Privacy
Individuals and security professionals should have a 360 mindset and know the actions needed to take in the pursuit of data protection and the preservation of privacy.
Read full story
Alastair Paterson's picture
In an Interconnected World, Data Security is a Shared Responsibility
Alastair Paterson - Cloud Security
If it takes a whole village to raise a child, it takes a whole community of vendors and business partners to build a secure data environment.
Read full story
Ellison Anne Williams's picture
Data in Use Is the Point of Least Resistance
Ellison Anne Williams - Data Protection
Data in Use has become a point of least resistance for an attacker. There is a major industry need to recognize this lapse and close the gap in data security by protecting data while it is being used.
Read full story
Gunter Ollmann's picture
From Traffic Cop to Fleet Manager, DLP Evolves Beyond the Perimeter
Gunter Ollmann - Data Protection
DLP has always been tricky to deploy and enforce, and most CISOs can freely regale stories of DLP promises and their subsequent failures.
Read full story
Ellison Anne Williams's picture
Uncovering the Data Security Triad
Ellison Anne Williams - Data Protection
Data protection schemes must recognize and secure data as it exists at all points in the processing lifecycle, whether at rest, in transit, or in use.
Read full story