More results...
High-risk users represent approximately 10% of the worker population and are found in every department and function of the organization, according to Elevate Security research. High-risk users represent a sizable threat to the organization Additionally…
Microsoft’s February 2023 Patch Tuesday fixes 75 vulnerabilities, nine of them rated critical, and three (all rated important) that are being exploited. “This is only the second Patch Tuesday of the year, and we have already tripled the number of weaponized threats that need to be fixed in this release,” Syxsense CEO and founder Ashley […]
The post Microsoft Patch Tuesday Includes Three Exploited Zero-Day Vulnerabilities appeared first on eSecurityPlanet.
The Cisco Global Advocate Awards are back for 2023, where we thank top customers in the EMEA region who support Cisco through advocacy and innovation. Additional ceremonies are planned for the Americas and APJC later in the year.
Another year of high-profile cyberattacks, another year of beating the cybersecurity drums. Clearly, we’re missing a few notes. Attack surface management (ASM) is a make or break for organizations, but before we get to the usual list of best practices,…
Adam Shostack, the author of “Threat Modeling: Designing for Security”, and the co-author of “The New School of Information Security”, recently launched his new book – “Threats: What Every Engineer Should Learn From Star Wars”. In this Help Net S…
Last week, the Identity Defined Security Alliance (IDSA), a nonprofit that provides vendor-neutral resources to help organizations reduce the risk of a breach by combining identity and security strategies, announced Jeff Reich as the organization’s new…
There is a definite trend of MSPs shifting into security. There are a number of very good reasons for this, including the fact that other services traditionally offered are becoming commoditized, as well as the increasing threat that SMEs and SMBs are …
In 2013, Adam Markowitz founded Portfolium, an edtech startup that matched college students and graduates with employers. “I remember the first time we were asked for a SOC 2 report, which quickly became the minimum bar requirement in our industry for proof of an effective security program,” he said. The process for creating the report […]
The post Automated Security and Compliance Attracts Venture Investors appeared first on eSecurityPlanet.
Virtual patching uses policies, rules and security tools to block access to a vulnerability until it can be patched. Zero-day threats and legacy systems are two ways that vulnerabilities can be created for which no patch may exist for some time, if ever. In those cases, security teams can block a potential attack path until […]
The post What is Virtual Patching and How Does It Work? appeared first on eSecurityPlanet.
What will it take for policy makers to take cybersecurity seriously? Not minimal-change seriously. Not here-and-there seriously. But really seriously. What will it take for policy makers to take cybersecurity seriously enough to enact substantive legislative changes that would address the problems? It’s not enough for the average person to be afraid of cyberattacks. They need to know that there are engineering fixes—and that’s something we can provide.
For decades, I have been waiting for the “big enough” incident that would finally do it. In 2015, Chinese military hackers hacked the Office of Personal Management and made off with the highly personal information of about 22 million Americans who had security clearances. In 2016, the Mirai botnet leveraged millions of Internet-of-Things devices with default admin passwords to launch a denial-of-service attack that disabled major Internet platforms and services in both North America and Europe. In 2017, hackers—years later we learned that it was the Chinese military—hacked the credit bureau Equifax and stole the personal information of 147 million Americans. In recent years, ransomware attacks have knocked hospitals offline, and many articles have been written about Russia inside the U.S. power grid. And last year, the Russian SVR hacked thousands of sensitive networks inside civilian critical infrastructure worldwide in what we’re now calling Sunburst (and used to call SolarWinds)…