Sign up for our weekly newsletter!
REGISTER NOW
News & Views
Latest Content tagged with Security Management
Page 1 / 2   >   >>
Encoding the Analyst: Why AI Security Tools Are Thinking Like an Expert – Only Faster
Justin Fier  
10/10/2019   Post a comment
Despite our best efforts, human defenders simply cannot process information at machine-speeds — and cyber-criminals are taking advantage. When human knowledge meets AI's precision, Cyber AI can augment the human at every stage of safeguarding the digital business.
Analytics Startup Claims to Turn Golden Tickets Brass
Joe Stanganelli  
9/17/2019   Post a comment
The threat of escalation attacks and forged administration levels has plagued Kerberos authentication systems for years. Data-analytics startup Qomplx claims to do the math that solves the problem.
NIST Tackles AI
Larry Loeb  
9/16/2019   Post a comment
But to prepare for something usually means you have an idea about what you are preparing for, no?
Podcast: Infrastructure Hunting – Stopping Bad Actors in Their Tracks
Podcasts  
9/13/2019   Post a comment
Being able to effectively build a threat intelligence ecosystem or threat-hunting identification response requires both user and systems sophistication and capabilities. Security, orchestration, automation and response (SOAR) is a new technology designed to provide organizations a single comprehensive platform they can use to implement an intelligence driven security strategy.
Only 1% of Malware Attacks Use a Machine's Vulnerability, the Rest Prey on Humans – Proofpoint
Larry Loeb  
9/9/2019   Post a comment
Instead of attacking computer systems and infrastructure, threat actors focus on people, their roles within an organization, the data to which they had access, and their likelihood to 'click here' or perform some other enabling action.
AV Vendor & French Gendarmerie Take Down a Transnational Worm
Larry Loeb  
8/29/2019   Post a comment
The good guys got lucky this time.
Security Assurance Is a Long-Term & Ongoing Investment
Steve Durbin  
8/14/2019   Post a comment
Establishing a business-focused security assurance program is a long-term, ongoing investment.
Who Is Phoning Home on Your Firm's Dime?
Larry Loeb  
8/1/2019   Post a comment
ExtraHop customers in 2018 and the first weeks of 2019 took a look at some third-party supplied enterprise software's behavior and were not pleased when it would, unannounced, call home for its creators.
Kubernetes Won't Get Secure Just Sitting There
Larry Loeb  
7/30/2019   Post a comment
Let's delve into containers.
Comodo Leaves AV Vulnerabilities Unpatched
Larry Loeb  
7/25/2019   Post a comment
Even though Comodo was notified by Tenable in April of the problems, no patches by have been forthcoming from the antivirus firm.
Skylight Says Cylance Can Be Bypassed; Cylance Says, 'Not So Fast, There!'
Larry Loeb  
7/23/2019   Post a comment
Skylight's findings certainly gained attention, but at what cost to the company's credibility?
Older Versions of Windows at Risk From New Zero-Day Exploit
Larry Loeb  
7/12/2019   Post a comment
Cybersecurity firm ESET discovered a Windows zero-day exploit that affects older systems like Windows 7 and Server 2008.
Manipulated Machine Learning Sows Confusion
Steve Durbin  
7/10/2019   Post a comment
Machine learning, and neural networks in particular, will become a prime target for those aiming to manipulate or disrupt dependent products and services.
MSFT Realizes That Some Things Need to Be Changed
Larry Loeb  
6/28/2019   Post a comment
There are lots of directions in which various people think the field of 'identity' is heading. While some of these directions get accepted over a time period (like Zero Trust), someone always gets stuck with having to make the tools that enable a direction's implementation to occur.
Zero Trust Doesn't Trust You at All
Larry Loeb  
6/27/2019   Post a comment
Enterprise security practitioners who deal with identity day in and day out come together to find out the current status of the field.
Defense Discovered for Defending Against BGP Hijacking & Off-Path DNS Attacks
Larry Loeb  
6/20/2019   Post a comment
Certificate Authorities are continually getting requests from threat actors who want certificates that they aren't entitled to so that their criminal schemes may be furthered.
Preempt Shows How to Sidestep EPA Authentication
Larry Loeb  
6/13/2019   Post a comment
Security firm Preempt issued an advisory that showed how to conceptually bypass the Enhanced Protection for Authentication that prevents attackers from performing a relay of NT Lan Manager messages to top-level security sessions.
Researchers Seek 'Best' Vulnerability Remediation Strategy
Larry Loeb  
6/6/2019   Post a comment
Having to find the sweet spot between two competing forces is a delicate balancing act.
Insider Threat: Research Proves Loyalty Can Be a Rare Commodity
Larry Loeb  
5/31/2019   Post a comment
The UK's Deep Secure has reported this week that the price an employee would accept to break loyalty with an organization may be a lot less than has been previously thought.
Monster Breaches Do Monstrous Damage
Larry Loeb  
5/21/2019   Post a comment
Breaches cause massive amounts of money to fix, as a new report from Bitglass shows.
Cybercrime Study Finds Increasing Costs as Well as Changing Targets & Methods
Larry Loeb  
5/3/2019   10 comments
Accenture and Ponemon Institute say that they are analyzing the latest cost numbers of cybercrime to try and help leaders to better target security investments and resources.
Bootstrapping Security Programs: How to Gradually Implement an Enterprise-Level Security Program at a Fast-Growing Startup
Marzena Fuller  
5/2/2019   3 comments
You can't expect to build an adequate security program without investment in both people and security tools.
Enterprise Attacks Increase 235%: Trojans & Ransomware Most Common
Larry Loeb  
4/26/2019   19 comments
The Malwarebytes Labs Cybercrime Tactics and Techniques Q1 2019 report found in just one year, threats aimed at corporate targets have increased by 235%. Trojans, such as Emotet, and ransomware were the most likely attacks.
EU Approves Addition of Biometrics to Tracking Database
Larry Loeb  
4/25/2019   4 comments
The Common Identity Repository (CIR) will unify a disparate set of records that exist for more than 350 million people.
Majority of Enterprise Firms Lack Active Incident Response Plans
Larry Loeb  
4/11/2019   1 comment
Report found that 77% of respondents indicated they do not have a cybersecurity incident response plan consistently in force across the enterprise.
Cisco Router Still Vulnerable to Remote Attack After Attempted Fix
Larry Loeb  
4/2/2019   7 comments
The vendor finally admitted that the security patches it had released in January for the Small Business RV320 and RV325 routers don't work.
FIN7 Resurfaces With New Malware Techniques
Larry Loeb  
3/22/2019   5 comments
The FIN7 group of cyber criminals is still going strong.
Convergence: Real Problems When it Comes to Securing the IoT/IIoT
Alan Zeichick  
3/14/2019   Post a comment
Today, enterprises are dealing with a proliferation of connected devices that probably aren't dedicated to computing – think video cameras, inventory sensors, machine tools, thermostats and environmental monitors.
Boosted Rowhammer & Cache Attacks Spell Bad News for Intel
Larry Loeb  
3/5/2019   Post a comment
Researchers from Worcester Polytechnic Institute in Massachusetts and the University of Lübeck in Germany have published a paper that is really bad news for Intel.
Digital Signatures Can Be Forged in PDF Docs
Larry Loeb  
3/1/2019   18 comments
Researchers in Germany have figured out three different ways to forge digital signatures in PDF documents.
Digital Transformation With Cloud: Answering Risks With Algorithms
Joe Stanganelli  
2/20/2019   8 comments
Cloud projects are big. Huge. So it's not perpetuating FUD to point out that cloud transformation still bears security and data-stewardship risks. But what appears too big a challenge for mere man might be no match for machine.
Take White Hats Seriously to Staunch the Flow of Zero-Days
Joe Stanganelli  
2/19/2019   10 comments
Zero-day vulnerabilities are serious, and on the rise. And IT-security teams make the problem worse when they fail to respond, or respond poorly, to responsible vulnerability disclosures.
Container Vulnerability: Still a Reality
Larry Loeb  
2/18/2019   4 comments
A security problem with runC that could allow attackers to escape Linux containers and obtain unauthorized, root- level access to the host operating system is on the move.
Google Moves to Control More of the Internet
Larry Loeb  
2/13/2019   5 comments
The company has said that its goal is only to create a faster Internet, which allows for more use and hence more searches and thus more revenue for them.
What You Need to Know About Arbitrary Code Execution Vulnerabilities
Alan Zeichick  
2/12/2019   1 comment
Despite their rather innocuous name, ACE vulnerabilities can appear in just about any software. So here's what to do...
Modern Enterprise – Stewards of Personal Data
Larry Loeb  
2/6/2019   3 comments
Get on the nine-step program if you want to assure data privacy.
A Collaborative Approach to Cybersecurity: Beyond ISACs
Cody Cornell  
2/5/2019   1 comment
When it comes to fighting cyber threats, automation and collaboration could help SOCs do more with less.
Should All IAM Be CIAM?
Joe Stanganelli  
1/30/2019   6 comments
CIAM vendors are right that traditional IAM isn't going to cut it for customer-facing solutions – but their sound premises have led to the perverse conclusion of keeping in-house IAM systems suboptimal. What if the power of CIAM could help employees realize better usability and security too?
'Steganography' Obsfucation Hides Old PDF Exploits From Antivirus Tools
Larry Loeb  
1/28/2019   20 comments
EdgeSpot has found two new obsfucation methods to hide old PDF exploits from various antivirus tools.
Four Enterprise Identity & Access Management Trends to Watch in 2019
Alan Zeichick  
1/25/2019   25 comments
For CISOs, Identity and Access Management, or IAM, is a must-have for the security tool box. However, the technology is rapidly evolving. Here are four important trends to watch this year.
DNS Tampering Prompts Homeland Security Warning
Larry Loeb  
1/24/2019   10 comments
Despite the partial federal government shutdown, DHS has managed to issue a warning to the public about possible tampering with DNS addresses that appear to have originated in Iran.
Enterprises Are Getting Smarter When It Comes to Patching Vulnerabilities – Study
Larry Loeb  
1/22/2019   11 comments
A joint analysis from Kenna Security and the Cyentia Institute finds that enterprises are getting better at patching vulnerabilities, specifically by focusing on critical flaws as opposed to trying to fix very problem that is published.
Exposed Oklahoma Server Shows On-Premises Data Is Vulnerable, Too
News Analysis  
1/18/2019   16 comments
Over the last year, vulnerable, cloud-based databases have shown that dangers of trusting data to others. However, an exposed government server in Oklahoma proves that attackers can find on-premises data, too.
Intel Patching SGX Flaw That Can Lead to Escalation of Privileges
Larry Loeb  
1/18/2019   4 comments
A security researcher has found another flaw in Intel's SGX software than can allow an attacker to escalate administrative privileges within an infected machine.
A Diverse Security Workforce Is a Stable Security Workforce
News Analysis  
1/17/2019   2 comments
In an era when enterprises are scrambling to keep up with security demands, a new industry survey from ISF finds that having more diverse skills on the InfoSec team is one way to ensure a more stable workforce.
Fancy Bear's LoJax C&C Servers Still Functioning in the Wild
News Analysis  
1/17/2019   Post a comment
A new report from NetScout's ASERT Team found that two command-and-control servers associated with Fancy Bear's LoJax malware are still active.
Cyber Attacks, Climate Change Are Top Global Risk for Businesses & Governments
News Analysis  
1/17/2019   Post a comment
The World Economic Forum ranks climate change, economic instability, cyber attacks and data thefts as some of the top concerns facing businesses around the globe.
Justice Department Indicts 2 Ukrainian Nationals With Hacking SEC
News Analysis  
1/16/2019   1 comment
The Justice Department has charged two Ukrainian nationals with hacking into the SEC's EDGAR systems and accessing sensitive company reports and other data before the information was made public.
Federal Judge: Police Can't Force Suspects to Unlock Devices Using Biometrics
Larry Loeb  
1/16/2019   1 comment
A federal judge in California finds that police can't force suspects to unlock their smartphones or other mobiles using biometrics. The court found biometrics are protected much the same way passwords are.
Page 1 / 2   >   >>




Latest Articles
Operational technology (OT) has long been hiding in the factories and sites of industrial installations, but things are changing.
By combining, two threat actors leveraged their own specific areas of expertise into one highly efficient – and private &ndash tool.
BlackBerry Cylance threat researchers Anuj Soni, Jordan Barth and Brian Marks recently discovered obfuscated malware code that was embedded within WAV audio files.
This October we visited the trade fair it-sa, which counts as one of the more important IT security exhibitions in the world. They hosted more than 750 security vendors from 25 countries who presented their solutions for the international market.
Palo Alto Network's Unit 42 has found the first cryptocurrency miner malware that spreads like a worm through the use of Docker containers.
Information Resources
upcoming Webinars
Top Tips for Blocking pwned [email protected]$$wOrds in Your Organization
Tuesday, October 29, 2019
12 p.m. New York/ 4:00 p.m. London
Podcasts
Podcast: Infrastructure Hunting – Stopping Bad Actors in Their Tracks
Being able to effectively build a threat intelligence ecosystem or threat-hunting identification response requires both user and systems sophistication and capabilities. Security, orchestration, automation and response (SOAR) is a new technology designed to provide organizations a single comprehensive platform they can use to implement an intelligence driven security strategy.
Podcast: Digital Transformation, SD-WAN & Optimal Security
Dan Reis chats to Cybera's Josh Flynn about how to achieve digital transformation without sacrificing security.
Podcast archive
Flash Poll
Video
In a wide-ranging interview, Cisco security boss Gee Rittenhouse talks about how machine learning, AI, blockchain and other emerging technologies ...
CloudPassage's new technology, called Container Secure, involves a five-step process to ensure seamless security in container deployments from the ...
You can't so much as go to a coffee shop today without hearing the word 'blockchain.' Hearing about a useful blockchain is less common, but ...
Last year, 60 million companies changed owners worldwide. That turnover makes it incredibly difficult to avoid doing business with entities (e.g., ...
Keith Furst of Data Derivatives interviews Daniel Wagner, author of a new book, Virtual Terror: 21st Century Cyber Warfare. They discuss the ways ...
All Videos
Sponsored Video
Sage Wagner, senior security pre-sales engineer with RiskSense, provides a demo of the company's latest technology 'RiskSense Solution,' a ...
Janus Technologies is launching a line of products that protect against the many threats to enterprises' sensitive data. David Schultz, vice ...
This new video will inspire companies to reimagine their business for success in a world where connectivity is more than a commodity. Sponsored Video
All Videos
like us on facebook
Security Now
About Us     Contact Us     Help     Register     Events     Supporting Partners     Twitter     Facebook     RSS
Copyright © 2019 Light Reading, part of Informa Tech,
a division of Informa PLC. All rights reserved. Privacy Policy | Cookie Policy | Terms of Use
in partnership with