Security Experts:

Security Infrastructure
long dotted

NEWS & INDUSTRY UPDATES

Cloudflare announced a series of improvements to its Rate Limiting distributed denial of service (DDoS) protection tool this week. [Read More]
Endpoint protection firm Carbon Black surveyed the CISOs of 40 major financial institutions during April 2018 to understand how the finance sector is attacked and what concerns its defenders. [Read More]
Two unpatched vulnerabilities in Dasan’s Gigabit-capable Passive Optical Network (GPON) routers are being targeted by Internet of Things (IoT) botnets, security researchers warn. [Read More]
FireEye has launched a new platform to allow organizations and pentesters check their ability to detect and respond to OAuth abuse attacks. [Read More]
VMware patches privilege escalation and DoS vulnerabilities in Fusion and Workstation products. The company also published an advisory for the recently uncovered speculative execution attack known as Variant 4 [Read More]
Intel, AMD, ARM, IBM, Microsoft and other major tech firms have released updates, mitigations and advisories for two new Meltdown/Spectre speculative execution attacks dubbed Variant 3a and Variant 4 [Read More]
Attackers have been targeting a zero-day vulnerability in routers made by DrayTek to change their DNS settings and likely abuse them in future attacks. [Read More]
Four vulnerabilities, including ones rated critical and high severity, patched in industrial switches from Phoenix Contact [Read More]
An 18-year-old researcher from Uruguay earned more than $36,000 for finding critical Google App Engine vulnerabilities [Read More]
Aachen, Germany-based firm Utimaco will acquire the Atalla hardware security module (HSM) and enterprise secure key manager (ESKM) lines from UK-based Micro Focus. [Read More]

FEATURES, INSIGHTS // Security Infrastructure

rss icon

David Holmes's picture
Forward Secrecy (sometimes called Perfect Forward Secrecy or PFS), is a cryptographic technique that adds an additional layer of confidentiality to an encrypted session, ensuring that only the two endpoints can decrypt the traffic.
Laurence Pitt's picture
The rapid proliferation of connected things is leaving networks exposed with more potential entry points that are vulnerable to attack.
Erin O’Malley's picture
SecOps and NetOps are starting to put aside their differences and find ways to work better together. As Gartner reports, these once distinct groups have begun to realize and accept that alignment is not a nice to have, but a business imperative.
Bradon Rogers's picture
While a contract, distributed, partner-oriented workforce and supply chain can create serious risks to your organization, careful implementation of visibility and data protection strategies can help you mitigate many of the risks.
John Maddison's picture
Even though a NOC or a SOC consolidates a variety of tools and measurements into a single management system, they are still too isolated.
David Holmes's picture
There’s a popular attack vector among brute-force attackers right now that takes advantage of the 90-day password expirations commonly used by enterprises.
Joshua Goldfarb's picture
The security operations workflow has grown more sophisticated and complex, and the value that most organizations get out of their SIEM deployment is far lower than it used to be.
Alastair Paterson's picture
While a boon to productivity, some of the most ubiquitous file sharing services across the Internet are also at the heart of a global problem – publicly exposed data.
Travis Greene's picture
Closing the gaps in credential security requires awareness of what gaps exist and how to mitigate them.
Torsten George's picture
Implementing machine learning in the context of access control can help organizations reduce their reliance on passwords, and potentially get rid of them altogether.