How to implement cybersecurity for modern application connectivity
The president’s recent executive order on improving the nation’s cybersecurity highlights the security threats facing our country — and it couldn’t be more timely. Ransomware …
Collaboration between network access brokers and ransomware actors deepens
In this Help Net Security podcast, Brandon Hoffman, CISO at Intel 471, discusses about the increased collaboration between network access brokers (NAB) and ransomware …
What the pipeline attack means for critical infrastructures
The big news in critical infrastructure security is the ransomware-triggered shutdown of the Colonial gasoline pipeline – the largest such pipeline in the USA. The …
Exploiting common URL redirection methods to create effective phishing attacks
“Simple” can often be harder than “complex.” When thinking about the trickiest phishing campaigns and their components, URL redirection does not immediately come to mind as …
Acting on a security risk assessment of your organization’s use of Salesforce
Salesforce isn’t rocket science, but the software has an incredible array of tools, which is why securing it demands a unique (and sometimes complex) approach. If you’re …
How modern workflows can benefit from pentesting
Pentesting, also known as penetration testing, is a security assessment, an analysis, and progression of simulated attacks on an application (web, mobile, or API) or network …
Risk-based vulnerability management has produced demonstrable results
Several years ago, risk-based cybersecurity was a largely untested and hotly debated topic. But the tests have since been administered and the debate largely settled: …
What is threat modeling and why should you care?
While there is not one exact industry wide definition, threat modeling can be summarized as a practice to proactively analyze the cyber security posture of a system or system …
Solve evolving enterprise issues with GRC technology
For this interview, we sat down with Blake Brannon, CTO at OneTrust, to discuss governance, risk management, and compliance (GRC). More than 8,000 customers, including half of …
Critical infrastructure implications of the Pulse Secure multi-factor authentication bypass
The FireEye Mandiant team has discovered multiple threat actors exploiting a zero-day vulnerability in Pulse Secure VPN appliances. The attack infrastructure is very …
Infosecurity transformation and building proactive mitigation strategies
Marcos Christodonte II, CISO at Unqork, spent his career leading information security for large, complex enterprises. His focus on information security began when he served in …
Securing vehicles from potential cybersecurity threats
Organizations in the automotive industry are no stranger to demands and mandates regarding car and passenger safety, so addressing the issue of cybersecurity of computerized, …