Monday, September 23, 2019

CISA’s Krebs seeks more measured approach to election security heading into 2020

Given the too-late realization that Russia interfered in the 2016 presidential election through massive disinformation campaigns and -- as the Mueller report most recently documented with a few new twists -- actual efforts to hack into state elections systems,...

What a security career will look like in five years

When it comes to protecting the growing infrastructure at Polaris Alpha, CISO Eric Schlesinger believes in a people-and-processes approach over a tools-based approach.  But five years from now, those priorities will likely shift.To read this article in full, please...

3 ways to improve PC security

Insider Pro columnist Jack Gold writes that organizations must focus on three key areas if they want to protect their PCs -- and ultimately the entire organization -- from security breaches.

IDG Contributor Network: Lessons learned through 15 years of SDL at work

Do a quick search on secure development and you’ll find pages and pages of advice and best practices. You could relatively quickly create a long checklist of best practices and how-tos covering everything from how to create a threat...

Senator Warner seeks “grand alliance” to protect against surveillance threat from China’s tech dominance

When it comes to technology policy, Senator Mark Warner (D-VA), Vice Chairman of the Senate Intelligence committee, is clearly concerned about the power China holds, particularly when it comes to trusting China’s leading tech suppliers and the prospect of...

Security Recruiter Directory

Looking for a qualified candidate or new job? CSO's security recruiter directory is your one-stop shop.The recruiters listed below can help you find your next Chief Security Officer (CSO), Chief Information Security Officer (CISO), or VP of Security and...

What is OAuth? How the open authorization framework works

Since the beginning of distributed personal computer networks, one of the toughest computer security nuts to crack has been to provide a seamless, single sign-on (SSO) access experience among multiple computers, each of which require unrelated logon accounts to...

BrandPost: The CISO must be included in any SD-WAN discussion

Extending advanced services to the WAN Edge of the network can have a serious impact on a security architecture and strategy. News cycles are filled with stories about critical network breaches that began by taking advantage of some neglected...

Arcadia Power Can Help You Go Green & Lower Your Power Bill

We only have one planet, and using clean, renewable energy resources is perhaps the easiest way to preserve and maintain our future. Luckily, clean energy farms generate far more power than ever before, so whether you want to ensure...

10 signs you’re being socially engineered

Together, phishing and social engineering are by far the number one root-cause attack vector, and they have been around nearly since computers themselves were invented.To read this article in full, please click here(Insider Story)

Secrets of latest Smominru botnet variant revealed in new attack

The latest iteration of Smominru, a cryptomining botnet with worming capabilities, has compromised over 4,900 enterprise networks worldwide in August. The majority of the affected machines were small servers and were running Windows Server 2008 or Windows 7.Smominru is...

Misconfigured WS-Discovery in devices enable massive DDoS amplification

Hundreds of thousands of devices can be abused to amplify distributed denial-of-sevice (DDoS) attacks because they are misconfigured to listen and respond to WS-Discovery protocol requests over the internet. Web Services Dynamic Discovery (WS-Discovery or WSD) is an UDP-based...

How to detect and halt credential theft via Windows WDigest

Once attackers get into a system, they often want to elevate privileges or do credential harvesting. One way they do this is by finding a WDigest legacy authentication protocol left forgotten and open on servers. On Windows Server prior...

6 questions candidates should ask at every security job interview

"Off with their heads!" the Red Queen cried in Alice in Wonderland, but you could be forgiven for thinking that's how some enterprises treat security folk after a data breach.To read this article in full, please click here(Insider Story)

The top 5 email encryption tools: More capable, better integrated

The world of email encryption has changed significantly in the past few years. The leading tools are evolving, each in their own way:To read this article in full, please click here(Insider Story)

Review: Blue Hexagon may make you rethink perimeter security

This fully functional, fully trained cybersecurity tool is ready on day 1 to spot threats on whatever network it’s charged with protecting.

Three strategies to prove security’s value

Security executive Ricardo González doesn’t see IT security as a cost center; instead, he describes it as “a strategic investment in reduction of corporate risk, and a positive contribution to the realization of business value.”To read this article in...

Shining light on dark data, shadow IT and shadow IoT

What's lurking in the shadows of YOUR organization? What you don't know can hurt you. Insider Pro columnist Mike Elgan looks at how your business is at risk and offers six steps to minimize it.

What is the EU’s revised Payment Services Directive (PSD2) and its impact?

New security requirements for online payments will come into effect in Europe in September as part of the revised Payment Services Directive (PSD2), but they are also expected to make an impact in the US and other regions of...

What is PSD2? And how it will impact the payments processing industry

PSD2 explained New security requirements for online payments will come into effect in Europe in September as part of the revised Payment Services Directive (PSD2), but they are also expected to make an impact in the US and other regions...
SC Magazine

Steve Grobman – McAfee

Steve GrobmanSenior Vice President & Chief Technology OfficerMcAfee Why Nominated:  With over 20 years of experience, Grobman has held numerous technical and cybersecurity leadership positions over the years. In these various roles – from his time as an...
SC Magazine

Greg Lesnewich – Recorded Future

Greg LesnewichThreat Intelligence AnalystRecorded Future Why Nominated: With a focus on state-sponsored espionage campaigns and Middle Eastern- borne cyber threats, as a Threat Intelligence Analyst at Recorded Future, Greg Lesnewich provides detailed threat actor and malware profiles to some of the world’s...
SC Magazine

Ophir HarpazSecurity ResearcherGuardicore Why nominated: After spending several years working on email security products, Ophir Harpaz became interested in understanding how malware worked. She then began working as a cybercrime researcher specializing in financial malware and hunted banking trojans and analyzed their...
SC Magazine

Amina Bashir – Flashpoint

Amina BashirAnalyst II, Hunt TeamFlashpoint Why Nominated: Flashpoint analystAmina Bashir is her company’s go-to subject-matter expert on the threat landscape of the Indian subcontinent. In her role, she has authored key research on the malicious use of chatbots, as well as vulnerabilities...
SC Magazine

Ning Wang – Offensive Security

Ning WangCEO Offensive Security Why Nominated: Ning Wang is a rising star has worked to break the boundaries in the security industry, so that people can see that anyone is capable of starting a career in cybersecurity and advancing it –...