Why is patch management so difficult to master?
This question has plagued IT and security departments for years. Each month these teams struggle to keep up with the number of patches issued by the myriad of vendors in their …
Happy birthday GDPR: IoT impact and practical tips for compliance
With the GDPR now in its third year, compliance with the EU data privacy regulation is still a significant issue for organizations to tackle, especially especially when it …
Thoughts on Biden’s cybersecurity Executive Order
Colonial Pipeline is a major American oil pipeline system that originates in Houston TX and supplies gasoline and jet-fuel to a significant portion of the US, specifically the …
How to implement cybersecurity for modern application connectivity
The president’s recent executive order on improving the nation’s cybersecurity highlights the security threats facing our country — and it couldn’t be more timely. Ransomware …
Collaboration between network access brokers and ransomware actors deepens
In this Help Net Security podcast, Brandon Hoffman, CISO at Intel 471, discusses about the increased collaboration between network access brokers (NAB) and ransomware …
What the pipeline attack means for critical infrastructures
The big news in critical infrastructure security is the ransomware-triggered shutdown of the Colonial gasoline pipeline – the largest such pipeline in the USA. The …
Exploiting common URL redirection methods to create effective phishing attacks
“Simple” can often be harder than “complex.” When thinking about the trickiest phishing campaigns and their components, URL redirection does not immediately come to mind as …
Acting on a security risk assessment of your organization’s use of Salesforce
Salesforce isn’t rocket science, but the software has an incredible array of tools, which is why securing it demands a unique (and sometimes complex) approach. If you’re …
How modern workflows can benefit from pentesting
Pentesting, also known as penetration testing, is a security assessment, an analysis, and progression of simulated attacks on an application (web, mobile, or API) or network …
Risk-based vulnerability management has produced demonstrable results
Several years ago, risk-based cybersecurity was a largely untested and hotly debated topic. But the tests have since been administered and the debate largely settled: …
What is threat modeling and why should you care?
While there is not one exact industry wide definition, threat modeling can be summarized as a practice to proactively analyze the cyber security posture of a system or system …
Solve evolving enterprise issues with GRC technology
For this interview, we sat down with Blake Brannon, CTO at OneTrust, to discuss governance, risk management, and compliance (GRC). More than 8,000 customers, including half of …