3 reasons why you're more vulnerable than you think to fraud

Fraud prevention in the age of multiple digital channels has become a never-ending struggle and maintaining a seamless user experience and security is crucial.

May 10, 2021

Cyberthreats dog the US supply chain, complicated by global competition

As companies acquire components and services, they need mechanisms to ensure backdoors are not lurking in their systems, experts at the Hack the Capitol 2021 conference said.

By David Jones • May 5, 2021

Password managers are a necessary — yet vulnerable — last line of defense

The Passwordstate breach is forcing CISOs and researchers to review vendors and reassess security practices.

By David Jones • May 4, 2021

Work from home means far less security visibility, report says

The number of incidents are surging as companies shift to multicloud environments and struggle to track endpoint and IoT security. 

By David Jones • April 28, 2021

Cyberattack on Passwordstate tests confidence in password managers

The supply chain attack is raising questions about how best to deploy and secure the tools as corporations face heightened threats across the globe.

By David Jones • April 27, 2021

Software bug bests MacOS notarization protocols

The update, which fixes the bug, is available in MacOS version 11.3.

By Samantha Schwartz • April 27, 2021

Attackers leverage Pulse Secure VPNs to target defense, financial industries

Cybersecurity and Infrastructure Security Agency warned federal agencies of "unacceptable risk" in the latest campaign linked to suspected APT actors.

By David Jones • April 22, 2021

Companies take second look at third-party risk management programs

As part of the supply chain web, monitoring the vendors of a company's vendor, called Nth party risk, has become a critical part of protecting companies from potential threats.

By David Jones • April 20, 2021

25% of utilities exposed to SolarWinds hack amid growing ICS vulnerabilities, analysts say

Security experts warn it may be too soon to tell whether follow-on activity has occurred.

By Robert Walton • April 16, 2021

Poor management of privileged accounts leaves organizations open to attack

Access gaps open the door for malicious threat actors to hide inside the corporate systems using trusted identities to exfiltrate data. 

By David Jones • April 15, 2021

Feds launch coordinated effort to mitigate remaining Microsoft Exchange flaws

A court-approved operation to remove web shells coincided with a push to get government and private sector systems patched with critical security updates.

By David Jones • April 14, 2021

100M devices susceptible to NAME:WRECK DNS vulnerabilities, researchers say

Each vulnerability could lead to a denial of service attack, or an attacker could take control of a susceptible device through remote code execution.

By Samantha Schwartz • April 14, 2021

Half of business continuity changes hurt cybersecurity, study shows

Companies take a second look at security practices after business pressures put mobile security at risk, a Verizon report shows.

By David Jones • April 12, 2021

Enterprise security leaders fear rising AI use among threat actors: report

Some experts are urging companies to incorporate AI into their cyber defense strategies, while others view the threat of AI as overhyped marketing.

By David Jones • April 9, 2021

VPN security falls short as demand increases for remote workforce at scale

Despite repeated warnings, enterprise customers have fallen behind on patching and upgrades as internal productivity needs take priority. 

By David Jones • April 7, 2021

Employees can't quit habit of writing down, sharing passwords

Amid heightened threats, workers are incorporating company names into passwords, writing them on sticky notes and sharing them via email.

By David Jones • April 6, 2021

Half of companies lack security to support cloud-based IAM: report

Almost all (98%) of IT executives report challenges with IAM sourced from the cloud, including lack of visibility and increased complexity.

By Katie Malone • April 1, 2021

Enterprises lag on firmware security spending in face of rising threat

IT security officials are often more worried about the difficulty of detecting malware threats, in part because firmware attacks are hard to catch, a Microsoft-commissioned report found. 

By David Jones • April 1, 2021

Molson Coors incident shines a light on industrial cyberattack vulnerabilities

The international brewery continues to face delays and financial impacts amid a wave of attacks against manufacturing.

By David Jones • March 30, 2021

Security leaders: Expect more insider data leaks, threats in 2021

The rise stems from a lack of accurate insight from data loss prevention and cloud access security broker technologies.

By David Jones • March 29, 2021

To combat open source insecurity, companies need tech and leadership

With software dependencies commonplace, it's up to industry to clear a path to greater supply chain security in software.

By Samantha Schwartz • March 26, 2021

Spending on IAM, zero trust to rise as companies extend remote work

The shift to remote work placed more pressure on IT and security departments to secure corporate data without interrupting productivity.

By David Jones • March 23, 2021

SolarWinds threat actors accessing Microsoft 365 by altering permissions

Mandiant observed a threat actor linked to the SolarWinds campaign using a stealthy approach to read email in targeted mailboxes.

By David Jones • March 22, 2021

Prioritizing risk in M&A due diligence in the COVID-19 era, and beyond

Imagine acquiring a company with an infected network, and then connecting your company to that flawed network. That can introduce serious issues into a previously protected company. 

By Ray Rothrock • March 22, 2021

Microsoft Exchange fixes arrive, but some companies lack IT resources to repair

Security specialists and managed-service providers are filling the void at thousands of small firms that operate with limited IT and cybersecurity staffing. 

By David Jones • March 19, 2021