Expert analysis
Without clear guidance, SEC’s new rule on incident reporting may be detrimental
The SEC has instituted a set of guidelines “requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material …
Out with the old and in with the improved: MFA needs a revamp
From AI to ZTA (zero-trust architecture), the technology responsible for protecting your company’s data has evolved immensely. Despite the advances, cybercriminals repeatedly …
Attribute-based encryption could spell the end of data compromise
The future of data privacy is the end of compromise. With the world producing data at astounding rates, we need ways to put data to the best use while protecting against …
Security considerations during layoffs: Advice from an MSSP
Navigating layoffs is complex and difficult for many reasons. Not only do human resources and direct managers bear the onus of responsibility when conducting exit …
3 ways to combat rising OAuth SaaS attacks
OAuth attacks are on the rise. In December, the Microsoft Threat Intelligence team observed threat actors misusing OAuth apps to take over a cloud server and mine …
Flipping the BEC funnel: Phishing in the age of GenAI
For years, phishing was just a numbers game: A malicious actor would slap together an extremely generic (and usually poorly-written) email and fire it out to thousands of …
Cloud security predictions for 2024
As we reflect on the cybersecurity landscape and the trajectories of threat vectors, it’s evident that we’re on the cusp of a paradigm shift in cloud security. …
Purple teaming and the role of threat categorization
Organizations constantly work to ensure optimal threat detection and prevention across their systems. One question gets asked repeatedly: “Can we detect the threats we’re …
Top LLM vulnerabilities and how to mitigate the associated risk
As large language models (LLMs) become more prevalent, a comprehensive understanding of the LLM threat landscape remains elusive. But this uncertainty doesn’t mean progress …
If you prepare, a data security incident will not cause an existential crisis
Why is it that when a company becomes aware of a potential data security incident, the team working on it (and others who are made aware that “something” is going on) have an …
January 2024 Patch Tuesday forecast: A Focus on Printing
Update: January 9, 15:08 ET – January 2024 Patch Tuesday is now live: Microsoft fixes critical flaws in Windows Kerberos, Hyper-V (CVE-2024-20674, CVE-2024-20700). Happy …
Why you need to extend enterprise IT security to the mainframe
Organizations with mainframes face a unique challenge: extending consistency across the entire enterprise, including mainframe environments. The ongoing issue lies in the …
Featured news
Resources
Don't miss
- Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411)
- Casio UK site compromised, equipped with web skimmer
- Man charged with stealing $65 million by exploting DeFI protocols vulnerabilities
- Why logs aren’t enough: Enhancing SIEM with AI-driven NDR
- Aim for crypto-agility, prepare for the long haul