enterprise
NIST updates guidance for cybersecurity supply chain risk management
The National Institute of Standards and Technology (NIST) has updated its guidance document for helping organizations identify, assess and respond to cybersecurity risks …
Stealthy APT group plunders very specific corporate email accounts
An eminently sophisticated and stealthy APT group is going after specific corporate email accounts and has, on occasion, managed to remain undetected in victim environments …
Good end user passwords begin with a well-enforced password policy
In this interview with Help Net Security, Lori Österholm, CTO at Specops Software, explains what makes passwords vulnerable and suggests some password best practices and …
TLStorm 2.0: Critical bugs in widely-used Aruba, Avaya network switches
Armis researchers have discovered five critical vulnerabilities in the implementation of TLS communications in multiple models of network switches. Collectively dubbed TLStorm …
Meteoric attack deploys Quantum ransomware in mere hours
A group wielding the Quantum Locker ransomware is hitting targets in a blitzkrieg-like manner, going from intial compromise to domain-wide deployment and execution in under …
How to improve the efficiency of enterprise backup
In this video for Help Net Security, Eric Seidman, Senior Director Product Marketing at Veritas Technologies, talks about improving the efficiency of enterprise backup in …
Cybersecurity is getting harder: More threats, more complexity, fewer people
Splunk and Enterprise Strategy Group released a global research report that examines the security issues facing the modern enterprise. More than 1,200 security leaders …
Windows Autopatch: Managed enterprise patching for Windows and Office
While IT administrators are mentally preparing themselves for yet another Patch Tuesday, Microsoft has announced Windows Autopatch: a new service that aims make the second …
How to improve enterprise password security?
In this video for Help Net Security, Darren Siegel, Product Specialist at Specops Software, talks about the importance of password security and what makes them vulnerable. He …
CISA adds Spring4Shell to list of exploited vulnerabilities
It’s been almost a week since the Spring4Shell vulnerability (CVE-2022-22965) came to light and since the Spring development team fixed it in new versions of the Spring …
Log4Shell exploitation: Which applications may be targeted next?
Spring4Shell (CVE-2022-22965) has dominated the information security news these last six days, but Log4Shell (CVE-2021-44228) continues to demand attention and action from …
Spring4Shell: New info and fixes (CVE-2022-22965)
In this video for Help Net Security, Ax Sharma, Senior Security Researcher at Sonatype, talks about the latest developments regarding Spring4Shell, the unauthenticated RCE …