Don’t like Mondays? Neither do attackers
You can reduce potential damage by paying attention to when attackers are most likely to strike.
View ArticleMobile app developers: Make sure your back end is covered
Developers need to make sure they are baking security into the application code and protecting how their apps handle data, but as the so-called HospitalGown security issue shows, they also need to know...
View ArticleWhy linguistics can't always identify cyber attackers' nationality
The security whodunnit: analyzing the language used in an attack is just one tool to assign attribution, and it’s not always reliable.
View Article5 things you need to know about Stack Clash to secure your shared Linux...
Qualys shows that attackers can locally exploit the privilege escalation vulnerability to gain root access over Linux, Solaris and BSD machines. This is bad news for Unix-based servers, and even more...
View ArticleThe fault for ransomware attacks lies with the challenges security teams face
The realities of managing and protecting IT infrastructures puts IT and security personnel in a no-win situation when attacks like WannaCry or ExPetr occur, so stop blaming them.
View ArticleTop cloud security controls you should be using
Human error is one of the top reasons for data breaches in the cloud, as administrators forget to turn on basic security controls. Whether it is Amazon Web Services, Microsoft Azure, or Google Cloud...
View ArticleOracle’s monster update emphasizes flaws in critical business applications
Oracle hasn’t been “just” a database company in a long time, and nowhere is that more evident than in its quarterly critical patch update release, where the bulk of the fixes are in business...
View ArticleWhy SSL/TLS attacks are on the rise
As more companies adopt better encryption practices, cyber criminals are turning to SSL/TLS vulnerabilities to deliver malicious attacks.
View ArticleMalicious code in the Node.js npm registry shakes open source trust model
Bad actors using typo-squatting place 39 malicious packages in npm that went undetected for two weeks. How should the open source community respond?
View ArticleAmazon Macie automates cloud data protection with machine learning
Amazon promises AWS S3 customers that they will be able to identify and protect sensitive data faster with Macie, but is it enough to catch up to what Microsoft and Google offers?
View ArticleDNSSEC key signing key rollover: Are you ready?
Enterprises that rely on the DNSSEC protocol need to update their name servers before Oct. 11 with the new root zone key signing key or risk having DNSSEC validations fail.
View ArticleWhat is the biggest threat from the Equifax breach? Account takeovers
Cyber criminals have the most to gain by taking ownership of bank, brokerage and retirement accounts using people’s PII. Are traditional authentication systems obsolete?
View ArticleWant stronger passwords? Understand these 4 common password security myths
Yes, password length and complexity matter, but only if you apply those qualities to the proper security context.
View ArticleLegal hack back lets you go after attackers in your network
Security startup Cymmetria has put together a tool and a framework to help security defenders hack back legally as part of incident response activities.
View ArticleHow to identify every type of phishing attack
Phishing comes in many forms, from spear phishing, whaling and business-email compromise to clone phishing, vishing and snowshoeing. Here's how to recognize each type of phishing attack.
View Article
