Where do federal agencies stand with zero trust implementation?
One year after the president’s executive order on improving the nation’s cybersecurity, federal agencies are making steady progress toward their zero trust security goals, …
Week in review: F5 BIG-IP RCE exploitation, URL spoofing flaws in Zoom, Google Docs
Here’s an overview of some of last week’s most interesting news, articles and interviews: Microsoft patches Windows LSA spoofing zero-day under active attack (CVE-2022-26925) …
Critical flaw in Zyxel firewalls grants access to corporate networks (CVE-2022-30525)
A critical vulnerability (CVE-2022-30525) affecting several models of Zyxel firewalls has been publicly revealed, along with a Metasploit module that exploits it. Discovered …
A 10-point plan to improve the security of open source software
The Linux Foundation and the Open Source Software Security Foundation, with input provided by executives from 37 companies and many U.S. government leaders, delivered a …
New infosec products of the week: May 13, 2022
Here’s a look at the most interesting products from the past week, featuring releases from Cohesity, ForgeRock, iDenfy, Nasuni, Orca Security, SecureAge, and Sonatype. …
The SaaS-to-SaaS supply chain is a wild, wild mess
Cloud migration and IT democratization have created a continuously growing network of interconnected business applications, integrated to digitize and automate business …
Top tech for enterprise identity governance and security
Clear Skye and Gradient Flow announced the findings of their survey exploring the state of identity governance and security in the enterprise. The survey questioned 500+ …
63% of cybersecurity pros say their stress levels have risen over the past year
Tines has released the findings from a report to shine light on mental health in the cybersecurity community. The increased pressures of the past few years, remote work, the …
How to avoid headaches when publishing a CVE
You have discovered a vulnerability. Congratulations! So, what happens next? Finding a CVE (Common Vulnerabilities and Exposures) is the first step in a process which starts …
10 best practices to reduce the probability of a material breach
ThoughtLab announced the findings of its 2022 cybersecurity benchmarking study which analyzed the cybersecurity strategies and results of 1,200 large organizations across 14 …
Researchers uncover URL spoofing flaws on Zoom, Box, Google Docs
Researchers have discovered several URL spoofing bugs in Box, Zoom and Google Docs that would allow phishers to generate links to malicious content and make it look like …
An offensive mindset is crucial for effective cyber defense
As ransomware attacks continue to increase and cybercriminals are becoming more sophisticated, the federal government has implemented a more proactive approach when it comes …