The value of PII and how it still fuels malign activities in the digital ecosystem
The COVID-19 pandemic engendered new vulnerabilities in the digital ecosystem for threat actors to exploit, resulting in items like vaccines, fraudulent vaccine certificates, …
Security matters when the network is the internet
In the past, network security was too often viewed as a separate issue to the design of the network itself, which led to solutions being either poorly thought out or hastily …
Why ransomware is such a threat to critical infrastructure
A recent spike in large-scale ransomware attacks has highlighted the vulnerabilities in the nation’s critical infrastructure and the ease with which their systems can be …
Sharing knowledge and moving towards securing all the things!
Originally a software developer (for 17 years), Tanya Janca, CEO of We Hack Purple, switched to security seven years ago. She founded the company to share as much knowledge as …
How to harden Kubernetes systems and minimize risk
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) released a report which details threats to Kubernetes environments and …
Managing digital certificates still a challenge, automation lagging
Managing digital certificates, especially expirations and renewals, continues to be a challenging process for businesses of all sizes, a study of over 300 IT professionals in …
Most organizations are at an elevated risk of attack
The risk of cyberattacks has increased in the last year. According to a Trend Micro survey, 80% of global organizations report they are likely to experience a data breach that …
Open source software plays an important role in the success of leading organizations
DataStax unveiled research findings that show how leading organizations are winning with data, and how others can close the gap. Through insights from over 500 technology …
Scoping cloud environments: Tips and best practices
The PCI Security Standards Council (PCI SSC) and the Cloud Security Alliance (CSA) issued a joint bulletin to highlight the importance of properly scoping cloud environments. …
Report: The State of Pentesting 2021
In The State of Pentesting 2021 report we dive into data from 1,602 pentests performed in 2020 on Cobalt’s Pentest as a Service (PtaaS) platform. We also survey 601 …
Week in review: Clever Office 365 phishing, 2021 CWE Top 25, Patch Tuesday forecast
Here’s an overview of some of last week’s most interesting news, articles and podcasts: Patch bypass flaw in Pulse Secure VPNs can lead to total compromise …
Patch bypass flaw in Pulse Secure VPNs can lead to total compromise (CVE-2021-22937)
The patch for a vulnerability (CVE-2020-8260) in Pulse Connect Secure VPN devices that attackers have been exploiting in the wild can be bypassed, security researcher Rich …
Featured news
Resources
Don't miss
- When trusted AI connections turn hostile
- Identifying risky candidates: Practical steps for security leaders
- Humanoid robot found vulnerable to Bluetooth hack, data leaks to China
- F5 data breach: “Nation-state attackers” stole BIG-IP source code, vulnerability info
- Microsoft patches three zero-days actively exploited by attackers