New Year, New Threats: 4 Tips to Activate Your Best Cyber-Defense
Need a blueprint for architecting a formidable cyber-defense? Kerry Matre, senior director at Mandiant, shares hers in this detailed breakdown. [...]
Showing only posts tagged InfoSec Insider. Show all posts.
Cybercriminals Love Supply-Chain Chaos: Here’s How to Protect Your Inbox
Threat actors use bogus 'shipping delays' to deceive customers and businesses. Troy Gill, senior manager of threat intelligence at Zix, discusses how spoofing is evolving and what to do. [...]
The Internet’s Most Tempting Targets
What attracts the attackers? David "moose" Wolpoff, CTO at Randori, discusses how to evaluate your infrastructure for juicy targets. [...]
The Log4j Vulnerability Puts Pressure on the Security World
It's time to sound the alarm for Log4Shell. Saryu Nayyar, CEO at Gurucul, discusses what actions you should be taking. [...]
Real Big Phish: Mobile Phishing & Managing User Fallibility
Phishing is more successful than ever. Daniel Spicer, CSO of Ivanti, discusses emerging trends in phishing, and using zero-trust security to patch the human vulnerabilities underpinning the spike. [...]
Here’s REALLY How to Do Zero-Trust Security
It's not about buying security products! Joseph Carson, chief security scientist from ThycoticCentrify, offers practical steps to start the zero-trust journey. [...]
What the Rise in Cyber-Recon Means for Your Security Strategy
Expect many more zero-day exploits in 2022, and cyberattacks using them being launched at a significantly higher rate, warns Aamir Lakhani, researcher at FortiGuard Labs. [...]
Threat Advisory: E-commerce Bots Use Domain Registration Services for Mass Account Fraud
Jason Kent, hacker-in-residence at Cequence Security, discusses sneaky shopping bot tactics (i.e., domain parking) seen in a mass campaign, and what retail security teams can do about them. [...]
Global Cyberattacks from Nation-State Actors Posing Greater Threats
Casey Ellis, CTO at Bugcrowd, outlines how international relations have deteriorated into a new sort of Cold War, with espionage playing out in the cyber-domain. [...]
Time to Ditch Big-Brother Accounts for Network Scanning
Yaron Kassner, CTO and co-founder of Silverfort, discusses why using all-seeing privileged accounts for monitoring is bad practice. [...]
Convergence Ahoy: Get Ready for Cloud-Based Ransomware
Oliver Tavakoli, CTO at Vectra AI, takes us inside the coming nexus of ransomware, supply-chain attacks and cloud deployments. [...]
2022: Supply-Chain Chronic Pain & SaaS Security Meltdowns
Sounil Yu, CISO at JupiterOne, discusses the growing mesh of integrations between SaaS applications, which enables automated business workflows - and rampant lateral movement by attackers, well outside IT's purview. [...]
In 2022, Expect More Supply Chain Pain and Changing Security Roles
If 2021 was the Year of Supply Chain Pain, 2022 will be the Year of Supply Chain Chronic Pain (or something worse than pain). This past year, the pain was felt in two significant ways: through the supply chain disruptions caused by COVID-19, and through the many security breaches …
Next-Gen Maldocs & How to Solve the Human Vulnerability
Malicious email attachments with macros are one of the most common ways hackers get in through the door. Huntress security researcher John Hammond discusses how threat hunters can fight back. [...]
Not with a Bang but a Whisper: The Shift to Stealthy C2
DoH! Nate Warfield, CTO of Prevailion, discusses new stealth tactics threat actors are using for C2, including Malleable C2 from Cobalt Strike's arsenal. [...]
Are You Guilty of These 8 Network-Security Bad Practices?
Tony Lauro, director of Security Technology & Strategy at Akamai, discusses VPNs, RDP, flat networks, BYOD and other network-security bugbears. [...]
Pandemic-Influenced Car Shopping: Just Use the Manufacturer API
Jason Kent, hacker-in-residence at Cequence, found a way to exploit a Toyota API to get around the hassle of car shopping in the age of supply-chain woes. [...]
How Decryption of Network Traffic Can Improve Security
Most industry analyst firms conclude that between 80-90 percent of network traffic is encrypted today. Jeff Costlow, CISO at ExtraHop, explains why this might not be a good thing. [...]
How to Defend Against Mobile App Impersonation
Despite tight security measures by Google/Apple, cybercriminals still find ways to bypass fake app checks to plant malware on mobile devices. Dave Stewart, CEO of Approov, discusses technical approaches to defense against this. [...]
Online Merchants: Prevent Fraudsters from Becoming Holiday Grinches
Black Friday and Cyber Monday approach! Saryu Nayyar, CEO at Gurucul, discusses concerning statistics about skyrocketing online fraud during the festive season. [...]
3 Top Tools for Defending Against Phishing Attacks
Phishing emails are now skating past traditional defenses. Justin Jett, director of audit and compliance at Plixer, discusses what to do about it. [...]
Rooting Malware Is Back for Mobile. Here’s What to Look Out For.
Hank Schless, senior manager of security solutions at Lookout, discusses AbstractEmu, mobile malware found on Google Play, Amazon Appstore and the Samsung Galaxy Store. [...]
Top 10 Cybersecurity Best Practices to Combat Ransomware
Immutable storage and more: Sonya Duffin, data protection expert at Veritas Technologies, offers the Top 10 steps for building a multi-layer resilience profile. [...]
Invest in These 3 Key Security Technologies to Fight Ransomware
Ransomware volumes are up 1000%. Aamir Lakhani, cybersecurity researcher and practitioner at FortiGuard Labs, discusses secure email, network segmentation and sandboxing for defense. [...]
Security Tool Guts: How Much Should Customers See?
Yaron Kassner, CTO of Silverfort, delves into the pros and cons of transparency when it comes to cybersecurity tools’ algorithms. [...]
« newer articles | page 2 | older articles »