What the pipeline attack means for critical infrastructures
The big news in critical infrastructure security is the ransomware-triggered shutdown of the Colonial gasoline pipeline – the largest such pipeline in the USA. The …
Exploiting common URL redirection methods to create effective phishing attacks
“Simple” can often be harder than “complex.” When thinking about the trickiest phishing campaigns and their components, URL redirection does not immediately come to mind as …
Acting on a security risk assessment of your organization’s use of Salesforce
Salesforce isn’t rocket science, but the software has an incredible array of tools, which is why securing it demands a unique (and sometimes complex) approach. If you’re …
How modern workflows can benefit from pentesting
Pentesting, also known as penetration testing, is a security assessment, an analysis, and progression of simulated attacks on an application (web, mobile, or API) or network …
Risk-based vulnerability management has produced demonstrable results
Several years ago, risk-based cybersecurity was a largely untested and hotly debated topic. But the tests have since been administered and the debate largely settled: …
What is threat modeling and why should you care?
While there is not one exact industry wide definition, threat modeling can be summarized as a practice to proactively analyze the cyber security posture of a system or system …
Solve evolving enterprise issues with GRC technology
For this interview, we sat down with Blake Brannon, CTO at OneTrust, to discuss governance, risk management, and compliance (GRC). More than 8,000 customers, including half of …
Critical infrastructure implications of the Pulse Secure multi-factor authentication bypass
The FireEye Mandiant team has discovered multiple threat actors exploiting a zero-day vulnerability in Pulse Secure VPN appliances. The attack infrastructure is very …
Infosecurity transformation and building proactive mitigation strategies
Marcos Christodonte II, CISO at Unqork, spent his career leading information security for large, complex enterprises. His focus on information security began when he served in …
Securing vehicles from potential cybersecurity threats
Organizations in the automotive industry are no stranger to demands and mandates regarding car and passenger safety, so addressing the issue of cybersecurity of computerized, …
Approaching zero trust security strategically
With digital transformation efforts accelerating, the attack surface expanding exponentially and conventional perimeter-based security continuing to fail, there’s never been a …
Employees don’t want to give up work flexibility after the pandemic is over
A research Qualtrics reveals what employees and customers want their experiences to look like in the future of work. Work flexibility The study finds that workforce …
Featured news
Sponsored
Don't miss
- Overlooked essentials: API security best practices
- SubSnipe: Open-source tool for finding subdomains vulnerable to takeover
- Void Banshee APT exploited “lingering Windows relic” in zero-day attacks
- SYS01 info-stealer pushed via Facebook ads, LinkedIn and YouTube posts
- ChatGPTriage: How can CISOs see and control employees’ AI use?