enterprise
How mainstream media coverage affects vulnerability management
For better or for worse, mainstream media is increasingly covering particularly dangerous, widespread or otherwise notable security vulnerabilities. The growing coverage has …
If you haven’t yet patched the BlueKeep RDP vulnerability, do so now
There is still no public, working exploit code for CVE-2019-0708, a flaw that could allow an unauthenticated remote attacker to execute remote code on a vulnerable target …
How to write an effective data breach notification?
Data breach notifications sent by companies to affected customers are often unclear and not very helpful, University of Michigan researchers have found. The problem(s) The …
Google has been storing unhashed G Suite customer passwords
Google has discovered that it has been storing some G Suite users’ passwords in clear text and is notifying G Suite administrators that it will force a password change …
Android Q: Enhanced security for consumers and enterprises
The upcoming, newest version of Android – still only known as “Android Q” – will have many new and improved protections for user privacy. Google has …
Critical flaw allows attackers to take over Cisco Elastic Services Controllers
Cisco has patched a critical, remotely exploitable authentication bypass vulnerability in Cisco Elastic Services Controller (ESC), a popular enterprise software for managing …
Microsoft 365 updates for better enterprise data privacy
Microsoft has announced new privacy controls for Microsoft 365 enterprise customers: they will be able to revoke access to encrypted emails, block sensitive information from …
Global spending on digital transformation to reach $1.18 trillion in 2019
Enterprises around the world are making significant investments in the technologies and services that enable the digital transformation (DX) of their business models, products …
As IT security automation increases, so does the need for highly skilled staff
The adoption of automation for IT security functions is on the rise across the US, UK and APAC, the latest DomainTools/Ponemon report has shown. The report, which is based on …
Google introduces many G Suite security enhancements
Last week, the big news from Google Cloud Next 2019 was that phones running Android 7.0 or higher can be turned into a security key for G Suite account 2-step verification. …
Enterprise VPN apps store authentication and session cookies insecurely
CVE-2019-1573, a flaw that makes VPN applications store the authentication and/or session cookies insecurely (i.e. unencrypted) in memory and/or log files, affects a yet to be …
Is your organization getting physical security right?
For most organizations (and especially for tech companies), the physical security of data centers and headquarters is of the utmost importance. As Tim Roberts, a senior …