CISA overhauls vulnerability management, focuses on CVEs under active exploit

The order is directed at all federal civilian agencies, "however, all organizations should adopt this directive and prioritize mitigating vulnerabilities listed on our public catalog," CISA Director Jen Easterly said.

By Samantha Schwartz • Nov. 3, 2021

Twitter eyes phishing deterrence with security key rollout

The employee multifactor upgrade follows a high-profile attack against celebrity users in 2020, but the social media company says improvements are still needed. 

By David Jones • Oct. 29, 2021

How businesses are tackling fraud in a digital-first reality

With digital transactions and eCommerce continuing to grow in volume, successfully taking on fraud will require businesses to explore and rely on new tools and technologies.

Oct. 25, 2021

Supply chain attacks lift debate on how to manage software vulnerabilities

Researchers and developers dispute where responsibilities lie for early detection and how to manage disclosure to customers. The disagreement can allow vulnerabilities to linger. 

By David Jones • Oct. 21, 2021

Users have bad security habits. What can businesses do?

"As strange as it sounds, in the case of a security incident in the enterprise, you can't blame the user," Bitdefender's Alex "Jay" Balan said. 

By Samantha Schwartz • Oct. 14, 2021

Top global companies falling short in protecting domain security

Major brands leave themselves and their customers open to phishing attacks, ransomware and BEC due to inadequate measures.

By David Jones • Oct. 5, 2021

Threat actors more frequently — and successfully — target Active Directory

Attacks on AD played a prominent role during the high-profile SolarWinds campaign and LockBit 2.0 ransomware attacks.

By David Jones • Sept. 30, 2021

Timely patching remains pain point as high-profile bugs linger

Patches interfering with business productivity are more of a challenge for security teams. 

By Samantha Schwartz • Sept. 29, 2021

How hackers are making the leap from cloud to the software build processes

The security problem with third-party container applications is not, however, indicative of infrastructure flaws.

By Samantha Schwartz • Sept. 28, 2021

Is there too much transparency in cybersecurity?

Between information sharing, software accountability, or incident response and disclosures, companies have to find the disclosure sweet spot.

By Samantha Schwartz • Sept. 21, 2021

Executives fail to make software supply chain security a priority, report finds

The disconnect between rhetoric and performance in the software development and security industries are part of an internal debate: Which sector should take the lead?

By David Jones • Sept. 14, 2021

The Great Resignation and the risk of data loss

The Great Resignation is upon us and with it comes data loss.

Sept. 13, 2021

Exploits underway for Microsoft zero day leveraging Office documents

Until a patch is developed, the company recommends disabling ActiveX in Internet Explorer. But Huntress researchers found the workaround is not functional in all cases.

By Samantha Schwartz , David Jones • Updated Sept. 10, 2021

Are you ready for the second wave of digital transformation?

In the second wave of digital transformation, understanding Insider Risk is more important than ever.  

Sept. 7, 2021

Cyber Command urges immediate patching for Atlassian Confluence bug

Atlassian Cloud customers are not impacted by the vulnerability.

By Samantha Schwartz • Sept. 3, 2021

Machine identity remains a mystery, threatening digital security

As organizations undergo digital transformation, security often depends on authenticating the identity of connected machines. 

By David Jones • Sept. 2, 2021

Azure flaw exposes enterprise databases, raising questions on cloud security

The flaw dates back to 2019, when Microsoft added a data-visualization feature called Jupyter Notebook to the Cosmos DB, Wiz researchers said.

By David Jones • Aug. 30, 2021

More threats target Linux, a foundation for the cloud, report finds

As enterprises embrace cloud, malicious actors are finding sophisticated methods to threaten users for computing power and data theft. 

By David Jones • Aug. 25, 2021

Microsoft Exchange vulnerabilities targeted in ProxyShell attacks

Conti affiliates are now using ProxyShell exploits to target organizations during ransomware attacks, researchers found. 

By David Jones • Updated Sept. 7, 2021

Men more likely to engage in risky online behavior: report

Male employees are three times as likely to click on phishing emails, forget passwords or stream pirated content, SecurityAdvisor's research shows. 

By David Jones • Aug. 20, 2021

FDA warns of BlackBerry OS vulnerability in medical devices

The OS is often deployed in cardiac and patient monitors, drug infusion pumps, imaging, and surgical robots, according to the CEO of security consultancy Harbor Labs.

By Greg Slabodkin • Aug. 19, 2021

The most vulnerable ICS assets: operations management

A vulnerability's complexity is irrelevant if an exploit exists to sidestep security layers.

By Samantha Schwartz • Aug. 18, 2021

Up to 83M IoT devices at risk of remote access

With a risk score of 9.6 out of 10, the ThroughTek "Kalay" vulnerability could allow malicious actors to watch real-time video or gain access to credentials usable in future attacks.

By David Jones • Aug. 18, 2021

How much does phishing really cost the enterprise?

Ransomware and business email compromise are adding layers of risk, slowing productivity at U.S. companies.

By David Jones • Aug. 17, 2021

Researchers withholding vulnerabilities can create path to supply chain hacks

Bug bounty programs incentivize researchers to fully develop vulnerabilities by offering higher payouts. But that can create risk for the enterprise, Corellium's Matt Tait said.

By Samantha Schwartz • Aug. 5, 2021