The U.S. Cybersecurity and Infrastructure Security Agency is creating the Joint Cyber Defense Collaborative to build a national cybersecurity defense strategy based on collaboration between the public and private sectors, CISA Director Jen Easterly said at the Black Hat 2021 conference Thursday.
A seemingly nonstop number of ransomware-wielding attackers have been granting tell-all media interviews. One perhaps inadvertent takeaway from these interviews is the extent to which - surprise - so many criminals use lies in an attempt to compel more victims to pay a ransom.
Digital transformation has rapidly accelerated over the last year, with organizations requiring greater agility and focusing even more on the shift to cloud. At the same time, the workforce has shifted from mobile to fully remote, with more location flexibility anticipated to be a lasting impact of the pandemic. These...
Few industries have changed as dramatically as financial services (fiserv) in the last decade. Banking and financial transactions were
once an exclusively in-person process; now customers regularly conduct their financial affairs digitally, and employees of fiserv
companies increasingly rely on websites and cloud...
The National Security Agency and the Cybersecurity and Infrastructure Security Agency have released new guidance on Kubernetes security, providing advice on securing container environments from supply chain threats, insider threats and data exfiltration risks.
Infection numbers are surging in the southern U.S., states and cities are enacting new mask mandates and the fall flu season looms as the great unknown. Sound familiar? COVID-19 is back with the highly contagious Delta variant. Pandemic expert Regina Phelps discusses what that means for business recovery.
Researchers at Palo Alto Networks' Unit 42 say they have demonstrated how exploits of Microsoft Jet Database Engine vulnerabilities could lead to remote attacks on Microsoft Internet Information Services and Microsoft SQL Server to gain system privileges. Microsoft recently patched the flaws.
A consolidated class action lawsuit filed against mobile game developer Zynga after it suffered a 2019 data breach looks set to be handled instead via arbitration. A judge notes that users agreed to arbitration in the terms and conditions, and so far, they've failed to prove they suffered any financial harm.
David Brumley, CEO of ForAllSecure, is the creator of Mayhem, a machine that applies patching and continuous penetration testing autonomously and in real time. He discusses software flaw detection and more in this episode of "Cybersecurity Unplugged."
How to Classify and Protect Cloud Data at Scale
Due largely to data sprawl across the cloud, misconfigurations of security controls are found in a majority of security incidents, like ransomware attacks. For this reason and others, data classification and the parent concept of governance is a growing need for...
What do Facebook, Twitter, and Github all have in common? Data exposure incidents in recent years where even though they had locked down their data stores, credentials leaked into their log files creating painful, public security incidents. Modern software development practices, from microservices to CI/CD, make it...
Teleworking U.S. national security employees are putting sensitive data at risk if they use public Wi-Fi networks without using a virtual private network to encrypt the traffic, the National Security Agency notes in a new advisory.