3 reasons companies fail to assess the scope of a data breach
First comes the embarrassing breach announcement. Then, a few days or weeks later, another one — a few million stolen records were missed the first…
California Consumer Privacy Act: What you need to know to be compliant
In late June, 2018, California passed a consumer privacy act, AB 375, that could have more repercussions on U.S. companies than the European Union’s General…
5 ways to hack blockchain in the enterprise
One of the hottest topics in cybersecurity circles is the enterprise blockchain. This is the same technology that underpins cryptocurrencies like Bitcoin. Simply defined, blockchain…
Hardware, software options emerge for runtime encryption
When it comes to cloud applications, enterprises have an encryption gap. Encrypting data while it is in storage is straightforward, even if many companies are…
Cloud functions present new security challenges
Serverless apps are deployed over a cloud platform and are designed to use only the amount of computing resources needed to carry out a task.…
How privacy is moving data security to the top of corporate agendas
The European Union’s far-reaching General Data Protection Regulation (GDPR) goes into effect May 25, Facebook has had to answer to Congress for its ties with…
Why securing containers and microservices is a challenge
Containers are a small, fast, and easy-to-set-up way to deploy and run software across different computing environments. By holding an application’s complete runtime environment, including…
Verizon report: Ransomware top malware threat of 2017, moving into critical systems
Verizon released its Data Breach Investigations Report (DBIR) this morning, the massive, in-depth analysis of last year’s security breaches, based on 53,000 security incidents from…
How to detect and prevent crypto mining malware
Hackers are turning to cryptojacking — infecting enterprise infrastructure with crypto mining software — to have a steady, reliable, ongoing revenue stream. As a result,…
Open source software security challenges persist
This year’s Equifax breach was a reminder that open source software and components pose a giant risk to enterprise security despite their many benefits, especially…
SEC’s new cybersecurity guidance falls short
The Securities and Exchange Commission (SEC) issued new guidance in February, urging senior executives and board members to pay closer attention to cybersecurity. However,…
The global cyber war is heating up: Why businesses should be worried
Last Friday, the Department of Justice indicted 13 Russians and three Russian companies for interfering with the 2016 elections. Also last week, several countries including…
New cryptocurrencies offer better anonymity, new security challenges
A new crop of anonymous cryptocurrencies, which are less traceable and offer greater privacy than Bitcoin, are gaining ground with cybercriminals. Despite the lower risk…
Cloud security configuration errors put data at risk; new tools can help
Last fall, a security researcher discovered four Amazon S3 storage buckets with highly sensitive data such as client credentials and a backup database containing 40,000…
Open source software security challenges persist, but the risk can be managed
This year’s Equifax breach was a reminder that open source software and components pose a giant risk to enterprise security despite their many benefits, especially…
Password managers grow up, target business users
Password managers began as free or low-cost apps for consumers, tracking passwords and sign-ins to websites and applications, making it possible for users to create…
What is a botnet? And why they aren’t going away anytime soon
Botnets act as a force multiplier for individual attackers, cyber-criminal groups, and nation-states looking to disrupt or break into their targets’ systems. By definition, they…
How hackers crack passwords and why you can’t stop them
Experts agree that it’s long past time for companies to stop relying on traditional passwords. They should switch to more secure access methods like multi-factor…
What is the cyber kill chain? Why it’s not always the right approach to cyber attacks
As an infosec professional, you’ve likely heard about using a cyber kill chain, also known as a cyber attack lifecycle, to help identify and prevent…
How AI can help you stay ahead of cybersecurity threats
Since the 2013 Target breach, it’s been clear that companies need to respond better to security alerts even as volumes have gone up. With this…
Unlimited DDoS protection the new norm after Cloudflare announcement
Late last month, global distributed denial of service (DDoS) protection provider Cloudflare announced that it would no longer charge customers extra when they were under…
Shadow cloud apps pose unseen risks
It happens in every company. Employees find a cool new online service that makes them more productive. They create free or low-cost accounts on devices…
The best enterprise antivirus: Kaspersky leads in latest tests
Ransomware and other threats often get through signature-based antivirus protection, giving it a bad rap. However, anti-virus tools still play an important role in the…
What is a fileless attack? How hackers invade systems without installing software
“We see it every day,” says Steven Lentz, CSO at Samsung Research America. “Something coming through, some exploit type, unknown ransomware. We’ve stopped several things…
Is universal end-to-end encrypted email possible (or even desirable)?
People expect their email to be private between them and the recipient, but in reality, the contents of your email are exposed during transmission. Full…
What’s new in ransomware?
In June, South Korean hosting company Internet Nayana, Inc., was hit by a ransomware attack that took down its 153 Linux web servers — home…
Look beyond job boards to fill cybersecurity jobs
The cybersecurity talent shortage keeps getting worse. According to Cybersecurity Ventures, the cost of cybercrime will double from $3 trillion globally in 2015 to $6…
Is your data being sold on the dark web?
Sonatype’s crown jewel is its database of descriptions of over 1.2 million open source packages. “If that is lost, it could be an existential outcome,”…
Two years after the OPM data breach: What government agencies must do now
The Office of Personnel Management breach in June 2015 was a big wake up call to our federal government, and, in its wake, a number…
With new dynamic capabilities, will whitelisting finally catch on?
Everybody knows and hates whitelisting. Employees are only allowed to install approved software on their desktops and laptops, so they’re always complaining and asking for…