Wednesday, August 10, 2022

BrandPost: Is MFA the Vegetable of Cybersecurity?

Like it or not, vegetables are good for us. Chowing down on some broccoli or kale can help us build strong bones, reduce our risk of chronic diseases, and deliver the vitamins our bodies need. And yet, the CDC...

BrandPost: Choosing the Right Security Service Edge Platform

This is the third installment of our security service edge (SSE) blog series. Our first blog explores SSE as a platform, and the second looks at the top use cases. In this article, we’ll explore what features you should...

How OKRs keep security programs on track

When Michael Gregg joined the State of North Dakota as a security leader, he brought with him a concept he liked to use for keeping his security program on track: identifying objectives and key results (OKRs) and tracking progress...

7 best reasons to be a CISO

The job of the CISO can be tough with its share of challenges, difficulties and complications. A CISO’s trials and tribulations include responsibility for protecting a business’s most valuable asset (its data) from an evolving cyberthreat landscape, traversing complex...

Ransomware, email compromise are top security threats, but deepfakes increase

While ransomware and business email compromise (BEC) are leading causes of security incidents for businesses, geopolitics and deepfakes are playing an increasing role, according to reports from two leading cybersecurity companies.VMware’s 2022 Global Incident Threat Response Report shows a...

BrandPost: Transforming Digital Healthcare Through Video Vital Sign Analysis

Global events over the past few years have disrupted how healthcare professionals approach the measurement and monitoring of a patient’s vital signs. New regulations around sanitation and the use of personal protection equipment  pose a challenge to healthcare providers...

AWS, Google Cloud, and Azure: How their security features compare

CISOs trying to determine which of the three major cloud service providers (CSPs) offers the best security need to break that question down into two parts: Which one does the best job securing its own infrastructure, and which one...

SBOM formats SPDX and CycloneDX compared

Software bills of materials (SBOMs) are becoming a critical component of vulnerability management. Many organizations, however, are still wrestling with understanding fundamental topics in the SBOM discussion, such as the differences among the SBOM formats.What are SBOM formats? SBOM formats...

Top cybersecurity M&A deals for 2022

The number of cybersecurity mergers and acquisitions deals in 2021 set a record pace. The first three quarters of the year saw 151 transactions in the industry, according to 451 Research. That’s up from 94 for the same period...

Palo Alto debuts Unit 42 team for on-demand cybersecurity

Palo Alto Networks this week announced the immediate availability of Unit 42 Managed Detection and Response (MDR), a service providing on-call cybersecurity specialists to track and respond to security threats in real time.The idea is to back Palo Alto’s...

Palo Alto debuts Unit 42 team for managed detection and response

Palo Alto Networks this week announced the immediate availability of Unit 42 Managed Detection and Response (MDR), a service providing on-call cybersecurity specialists to track and respond to security threats in real time.The idea is to back Palo Alto’s...

The Secret Service’s missing text messages: Lessons for IT security

The U.S. Secret Service (USSS) has been under intense political fire since mid-July when the Department of Homeland Security (DHS) Inspector General's office told Congress that the text messages surrounding the important events of January 6 had been permanently...

Deep Instinct’s Prevention for Applications detects malicious files in transit

Cybersecurity vendor Deep Instinct has announced the launch of Deep Instinct Prevention for Applications, a new antimalware software product that detects and stops malicious files in transit.Prevention for Applications is deployed via a container within a customer’s environment and...

BrandPost: Real-World Applications of Security Service Edge

This article is the second in a three-part series covering security service edge (SSE). Our first blog explored what SSE is as a platform, and the third installment explains what features you should be looking for when selecting an...

11 stakeholder strategies for red team success

Red teams are a necessary evil – literally – in today’s cyber threat landscape. Motivations for engaging in offensive testing activities can vary from regulatory requirements to certification aspirations. Truly proactive and progressive security programs incorporate offensive operations almost...

China, Huawei, and the eavesdropping threat

In the world of espionage and intrigue, China has always played the long game, planning far beyond the next quarter, looking over the horizon at the next generation. For this reason, it should come as no surprise that China...

Thoma Bravo snares Ping Identity in $2.8 billion go-private deal

In the latest move in a series of security-company acquisitions, private equity firm Thoma Bravo announced Wednesday that it has reached an arrangement to acquire IAM (identity and access management) firm Ping for a total sale price of $2.8...

Qualys adds external attack management capability to cloud security platform

Cloud security and compliance software company Qualys on Wednesday announced it is adding external attack surface management (EASM) capabilities to the Qualys Cloud Platform.The new capability will be integrated into Qualys CSAM (cybersecurity asset management) 2.0, an inventory monitoring...

5 best practices for secure collaboration

The landscape around collaboration and communication security has changed in recent years, spurred by the shift to remote work as companies scrambled to bring video and team collaboration tools online.That rapid change in how teams communicate internally as well...

Tips to prevent RDP and other remote attacks on Microsoft networks

One long-favored way that ransomware enters your system is through Microsoft’s Remote Desktop Protocol (RDP) attacks. Years ago when we used Microsoft’s Terminal Services (from which RDP evolved) for shared remote access inside or outside of an office, attackers...

Phishers who breached Twilio and fooled Cloudflare could easily get you, too

Enlarge (credit: Getty Images) At least two security-sensitive companies—Twilio and Cloudflare—were targeted in a phishing attack by an advanced threat actor who had possession of home phone numbers of not...
Brian Krebs

Microsoft Patch Tuesday, August 2022 Edition

Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows....

One of 5G's Biggest Features Is a Security Minefield

New research found troubling vulnerabilities in the 5G platforms carriers offer to wrangle embedded device data.
The Register

Patch Tuesday: Yet another Microsoft RCE bug under active exploit

Oh, and that critical VMware auth bypass vuln? Miscreants found it, too August Patch Tuesday clicks off the week of hacker summer camp in Las Vegas this year, so it's basically a code cracker's holiday too. …