Category: Security Boulevard

Here are the top stories of recent weeks: 250 Million Customers Exposed in Microsoft Data Leak Mitsubishi Electric Claims China is Responsible for Recent Breach NSA Steps in to Offer Cloud Security Guidance to Businesses  London Street Pedestrians to Be…

Read more →

Whenever we hear about major cyber security attacks such as data breaches, it’s typically larger enterprises that are the victims. That makes sense, considering those events can potentially impact a lot of people and therefore are more likely to grab…

Read more →

Cryptojacking, also known as crypto mining, is an online threat hidden on a computer or a mobile device, using its resources to mine for cryptocurrencies. While doing so, cryptojacking takes over control of all types of technical devices and considerably…

Read more →

Irena Mroz, VP and Co-founder of Nucleus Cyber, and Cyber Work podcast host Chris Sienko discuss all things internal threats, from intentional and malicious attacks to poor employee practices and… Go on to the site to read the full article…

Read more →

Is 2020 the year that AI technology takes hold in SMBs? According to a study from Zix-AppRiver, the answer is yes. Nearly 9 out of 10 SMBs report they have a high interest in adopting AI this year; for businesses…

Read more →

In episode 105 for January 27th 2020: What are the new forms of fraud and cybercrime being found on the Dark Web? We discuss this fascinating topic with Emily Wilson, VP of Research at Terbium Labs. ** Show notes and…

Read more →

2019 was quite a year in cyberspace. As highlighted last month in my year-end top story blog, the top cybersecurity theme was all about the ways that ransomware targeted state and local governments and hospitals. In fact, we are still…

Read more →

via the comic delivery system monikered Randall Munroe at XKCD! Permalink The post XKCD ‘Networking Problems’ appeared first on Security Boulevard.   Advertise on IT Security News. Read the complete article: XKCD ‘Networking Problems’

Read more →

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn. Permalink The post DEF CON 27, Voting Village – Kartikeya Kandula’s ‘Unclear Ballot Automated…

Read more →

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn. Permalink The post DEF CON 27, Voting Village – Joseph Marks’ Panel Discussion appeared…

Read more →

Learn about the requirements for a Universal Directory replacement that allows admins to employ a modern directory service for all their IT needs. The post Universal Directory Replacement appeared first on JumpCloud. The post Universal Directory Replacement appeared first on…

Read more →

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn. Permalink The post DEF CON 27, Voting Village – Panel Discussion With Kevin Collier,…

Read more →

via Daniel Stori, crafting comics at turnoff.us Permalink The post Daniel Stori’s ‘To Save The DevOps World’ appeared first on Security Boulevard.   Advertise on IT Security News. Read the complete article: Daniel Stori’s ‘To Save The DevOps World’

Read more →

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn. Permalink The post DEF CON 27, Voting Village – Kate Trimble’s ‘Ideas Whose Time…

Read more →

In the world of malware, Ryuk ransomware has gone from a rookie to a pro at a disturbing speed. Here we take a look at what Ryuk ransomware is, how it spreads, and how to protect your business from it. The post Ryuk Ransomware — Malware of…

Read more →

Finastra, a leading global Fintech company, has entered a partnership with the Synopsys Software Integrity Group to bring security to its app ecosystem. The post Synopsys adds world-class security to Finastra’s banking app ecosystem FusionFabric.cloud appeared first on Software Integrity…

Read more →

Jack Danahy, SVP, Security for Alert Logic reflects on the message and lessons shared by Coach Dan McCarney–a former Division 1 college football coach–and how those lessons can be applied to the world of cybersecurity. The post Security Lessons from…

Read more →

via the comic delivery system monikered Randall Munroe at XKCD! Permalink The post XKCD ‘Solar System Changes’ appeared first on Security Boulevard.   Advertise on IT Security News. Read the complete article: XKCD ‘Solar System Changes’

Read more →

The Rise of Third-Party Scripts Modern web applications have become increasingly reliant on external code, services and vendors that execute JavaScript code in the browser… often referred to as third-party scripts. As a close-to-home example shown below, Akamai executes dozens……

Read more →

Today is Data Privacy Day, commemorating the Council of Europe Treaty known as Convention 108, the first legally binding international treaty on data protection signed on January 28, 1981. This “holiday” was originally celebrated in Europe where it is known……

Read more →

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn. Permalink The post DEF CON 27, Voting Village – Kimberly Young McLear PhD ‘Organizational…

Read more →

Veracode recently commissioned Forrester Consulting to conduct research on the Total Economic Impact™ of using a cloud-based application security (AppSec) solution versus an on-premises solution. To collect information on the benefits and risks associated with the solutions, Forrester interviewed four…

Read more →

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn. Permalink The post DEF CON 27, Voting Village – Marian Schneider’s ‘Voting Systems Are…

Read more →

The only way to break the endless cycles of data breaches is to learn from the past. Businesses are best prepared to take on future cybersecurity threats when they reflect on what they’ve dealt with so far and make an…

Read more →

As warfare extends to cyberspace, U.S.-based organizations can use email and web isolation to protect users from common tactics used by Iranian-backed threat actors. The post Menlo Security Protects Organizations from Iranian Retaliation appeared first on Security Boulevard.   Advertise…

Read more →

For too long, the sole emphasis of security vendors in the cybersecurity industry has been on detection. Once the attack has been reported to the end user, it seems the job is done. The next steps—the complex task of investigating…

Read more →

Iran’s next move could be one of low-intensity conflict that could have a big impact on our cyber infrastructures The level of angst and concern of a hot-war between Iran and the United States has largely been quelled, as time…

Read more →

Organizations should be aware of an important update to TLS. TLS 1.2 is the most recent update that builds on top of TLS 1.0 and TLS 1.1 to increase network security. Updating your browsers and OS to TLS 1.2 is…

Read more →

Mergers and acquisitions (M&A) can stimulate growth, provide opportunities to obtain a competitive advantage, increase market share, and even consolidate supply chains to reduce overhead costs. For example, when DORMA and Kaba merged in 2015 to form dormakaba, it allowed…

Read more →

K-12 schools struggle to fit Active Directory in their mixed-platform IT environments today, but that’s not the only reason they should replace AD. The post 5 Reasons K-12 School Districts Should Replace Active Directory appeared first on JumpCloud. The post…

Read more →

As part of an effort to help chronically underfunded government agencies combat state-sponsored cyberattacks, WhiteHat Security, a unit of NTT, has decided to offer free of charge two services it provides for discovering vulnerabilities before and after application code is…

Read more →

A Microsoft customer support database was discovered by researchers, open to the public internet. No encryption, no passwords, no nothin’. The post Microsoft Leaks 250M Customer Details in Azure Fat-Finger Faux Pas appeared first on Security Boulevard.   Advertise on IT…

Read more →

via the Comic Noggins of Nitrozac and Snaggy at The Joy of Tech® Permalink The post The Joy of Tech® ‘The Fine Print On Apple’s Privacy’ appeared first on Security Boulevard.   Advertise on IT Security News. Read the complete article: The Joy of Tech® ‘The…

Read more →

After a series of ransomware attacks hit cities last year, finally some good news: Las Vegas was able to stop a ransomware cyber-attack in its tracks. When the cyber-attack was detected, the city responded by taking down its computer network…

Read more →

This report summarizes Contrast Labs’ analysis of real world application attack and vulnerability data from December 2019. By providing continuous insight and detection from inside applications, Contrast can identify and trend the way that attackers pursue applications and combine that…

Read more →

  What can help you find what needs protecting in the crowded sea of apps going through your network? Shadow IT Discovery has the answer, with solutions that offer ease of use and visibility into the vulnerabilities present throughout your…

Read more →

Today we shared the news that StackRox supports the Anthos platform (download joint solution brief), extending the reach of our hybrid and multicloud security approach. Anthos and the StackRox Kubernetes Security Platform share a lot of common principles in delivering…

Read more →

Define your data leakage prevention (DLP) policies to weigh convenience against caution, and prioritize security when sharing, monitoring and managing information Data leakage is defined as unintentional or unauthorized transfer of sensitive information to unsanctioned outsiders. In our hyper-connected world,…

Read more →

More money than ever is being allocated to cybersecurity, yet the biggest issue most organizations will face in 2020 will be aligning cybersecurity and IT operations processes rather than mastering an individual technology. A recent survey of 400 IT leaders…

Read more →

via the inimitable Kate Cox – reporting at ArsTechnica of the most egregious political missteps by Mark Zuckerberg & Company. Carry-on, nothing to see here… ‘Following months of criticism for its decision to allow candidates for political office to tell…

Read more →

As more organizations adopt multi-factor authentication policies, many want to know the benefits of using push notifications for MFA. The post Using Push Notifications for MFA appeared first on JumpCloud. The post Using Push Notifications for MFA appeared first on…

Read more →

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn. Permalink The post DEF CON 27, Voting Village – Sherri Ramsay’s ‘2020 Ready Or…

Read more →

via Luke Kingma and Lou Patrick-Mackay at Futurism Cartoons Permalink The post Luke Kingma’s & Lou Patrick-Mackay’s Futurism Cartoons ‘Salaryman’ appeared first on Security Boulevard.   Advertise on IT Security News. Read the complete article: Luke Kingma’s & Lou Patrick-Mackay’s Futurism Cartoons ‘Salaryman’

Read more →

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn. Permalink The post DEF CON 27, Voting Village – Tod Beardsley’s ‘Securing Voting Systems…

Read more →

This is an excerpt from Out of the Wild: A Beginner’s Guide to Package and Dependency Management, a Sonatype Guide. This is the first of three installments. The post What is a Package Dependency Manager? appeared first on Security Boulevard.  …

Read more →

With Microsoft struggling to maintain dominance over IT infrastructure, admins are questioning whether AD is still the choice for small businesses. The post Active Directory for Small Businesses appeared first on JumpCloud. The post Active Directory for Small Businesses appeared…

Read more →

Clause 6 of ISO 27001 is one of the most important aspects for compliance, as it covers the actions you must take to address information security risks. Everything else you do to meet the Standard’s requirements informs or revolves around…

Read more →

It’s not often we get to make an announcement quite this exciting: IntelliGO Networks has been acquired by ActZero, a Palo Alto-based artificial intelligence company! You can check out the press release here. This partnership means incredible things for our…

Read more →

Cybersecurity and compliance professionals agree that third-party cyber risk management is vital to organizations. Without having the right security policies and procedures in place, your organization could be vulnerable to a third-party cyberattack. This could spell disaster, both in terms…

Read more →

As awareness around privileged access management builds, enterprises should also put thought into architecting an effective PAM program with a risk-based approach While privileged access management (PAM) has garnered significant attention in recent years, a few challenges still persist that…

Read more →

DevSecOps has become a real thing over the last few years. The big shift has been making security tools that developers can use. ShiftLeft has been one of the leaders in this movement, recognizing that security had to shift left…

Read more →

The last half of 2011 was for me an my team a really, really tough time. As I hinted to in this post, by August 2011 we were buried in Oracle 11 & application performance problems. By the time we were…

Read more →

If your business accepts credit card payments, then you need to comply with PCI-DSS standards. PCI-DSS stands for Payment Card Industry Data Security Standard. These are sets of rules established to protect against credit card fraud, hacking, and other security…

Read more →

Managing keys to assets and data in cloud deployments have become a key concern for many organizations. As explained by Kenneth Hui, a Solutions Architect at Rubrik, paraphrasing Kerckhoffs Principle, poor key management is “like having a state of the…

Read more →

Recently, news came out about a vulnerability (CVE-2020-0674) in Microsoft’s Internet Explorer scripting engine based on how the browser handles memory. More specifically, within the JScript component of the scripting engine is an unspecified memory corruption vulnerability. What this means…

Read more →

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn. Permalink The post DEF CON 27, Aviation Village, Zoltan Madarassy’s ‘Behind The Scenes Of…

Read more →

via El Reg’s Kieren McCarthy – reporting from San Francisco – CA, comes an excoriating analysis of the corrupt sale of the TLD commonly known as .ORG*, and actions thereabouts. Read it and weep for your Interwebs. ‘Let’s check in…

Read more →

via the Comic Noggins of Nitrozac and Snaggy at The Joy of Tech® Permalink The post The Joy of Tech® ‘Happy To See You’ appeared first on Security Boulevard.   Advertise on IT Security News. Read the complete article: The…

Read more →

In his recent CSO Online article, 7 Security Incidents That Cost CISOs Their Jobs, writer Dan Swinhoe looks at some of the most high profile breaches in recent history that resulted in the CISO either leaving or being fired. In…

Read more →

Companies are expected to spend up to $55 billion dollars on efforts to comply with the California Consumer Privacy Act (CCPA), which is still working out its final rules after going into effect this month. The post Staying CCPA Compliant…

Read more →

Our recommended healthcare password policies that complement and support HITRUST. Since its founding in 2007, HITRUST (Health Information Trust Alliance) champions programs that safeguard sensitive information and manage information risk for global organizations across all industries. HITRUST works with privacy,…

Read more →

Each year the World Economic Forum releases their Global Risk Report around the time of the annual Davos conference. This year’s report is out and below are notes on the “cyber” content to help others speed-read through those sections (in…

Read more →

Security Compass, a provider of tools for streamlining risk analysis, has appointed Rohit Sethi to be its CEO after receiving additional funding from FTV Capital. Security Compass founder and previous CEO Nish Balla will remain on the board of directors.…

Read more →

The post Cloud, a Year in Review and Looking Forward appeared first on CCSI. The post Cloud, a Year in Review and Looking Forward appeared first on Security Boulevard.   Advertise on IT Security News. Read the complete article: Cloud,…

Read more →

As the volume of enterprise data grows, database security is becoming more challenging than ever before. According to IDC, the volume of data worldwide will increase tenfold to 163 zettabytes by 2025, with most of that being created and managed…

Read more →

The debate over who the CISO should report to is a hot topic among security professionals, and that shows no sign of changing soon. That’s because there is still no standard or clear-cut answer. Ask CISOs themselves for their opinion,…

Read more →

The JumpCloud BitLocker and FileVault 2 Policies are key for enforcing FDE at scale across an organization’s Windows and Mac fleets. The post Understanding Policies: BitLocker and FileVault 2 appeared first on JumpCloud. The post Understanding Policies: BitLocker and FileVault…

Read more →

Our predictions and expectations - Zero Trust, artificial intelligence and machine learning driven identity security, and password-less authentication are coming with the dawn of the new decade. The close of a year is a natural time for reflection, and when it…

Read more →

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn. Permalink The post DEF CON 27, Aviation Village, Art Manion’s ‘Ideas Whose Time Has…

Read more →

via the comic delivery system monikered Randall Munroe at XKCD! Permalink The post XKCD ‘Unsubscribe Message’ appeared first on Security Boulevard.   Advertise on IT Security News. Read the complete article: XKCD ‘Unsubscribe Message’

Read more →

There are countless devices on the internet with open Telnet ports—at least 515,000 of them have easily-guessable username/password combos. The post Keep Telnet Off the Internet – Here’s Why appeared first on Security Boulevard.   Advertise on IT Security News. Read…

Read more →

If you have to expose your Windows RDP ports to the internet, follow these 3 tips to safeguard them from brute-force attacks. The post 3 Tips to Prevent Brute-Force Attacks on RDP Ports appeared first on JumpCloud. The post 3…

Read more →

Cyberattacks are becoming more prevalent, and their effects are becoming more disastrous. To help mitigate the risk of financial losses, more companies are turning to cyber insurance. Related: Bots attack business logic Cyber insurance, like other forms of business insurance,…

Read more →

IT departments need more than a password manager to keep them—and a company’s data—safe from cyberthreats All companies today are, to some extent, dependent on technology and the IT teams driving their systems and security in the background. These IT…

Read more →

How best to utilize your 2020 security budget? Here are a few recommendations from those in the know The new year is a chance for a fresh start, and for many organizations, that fresh start comes with a new budget…

Read more →

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn. Permalink The post DEF CON 27, Aviation Village, Dr. Will Roper’s and Jack Cable’s…

Read more →

via the respected information security capabilities of Robert M. Lee & the superlative illustration talents of Jeff Haas at Little Bobby Comics. Permalink The post Robert M. Lee’s & Jeff Haas’ Little Bobby Comics – ‘Exclusively’ appeared first on Security Boulevard.   Advertise on IT Security…

Read more →

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn. Permalink The post DEF CON 27, Aviation Village, Harshad Sathaye’s ‘Wireless Attacks On Aircraft…

Read more →

Qualys is a sponsor of TechSpective Microsoft kicked off the new decade with a bang. Last Tuesday was the first Microsoft Patch Tuesday of 2020, and one of the patches pushed out by Microsoft addresses a dangerous flaw in Crypt32.dll…

Read more →

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn. Permalink The post DEF CON 27, Aviation Village, Karl Koscher’s ‘An Introduction To The…

Read more →

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn. Permalink The post DEF CON 27, Aviation Village, Ken’s and Alex’s ‘A Hackers First…

Read more →

via the comic delivery system monikered Randall Munroe at XKCD! Permalink The post XKCD ‘Bad Map Projection: South America’ appeared first on Security Boulevard.   Advertise on IT Security News. Read the complete article: XKCD ‘Bad Map Projection: South America’

Read more →

IT departments are responsible for adapting to the changes a recession brings, which often involve heavy reliance on IAM tools. The post Why IAM is a Must-Have in a Recession appeared first on JumpCloud. The post Why IAM is a…

Read more →

Testing, testing. May I have your attention, please. *Ahem* Allow me to introduce myself and this new series of articles for The Ethical Hacker Network. My name is Stephanie, better known as Steph or InfoSteph in the community. I have…

Read more →

via the Comic Noggins of Nitrozac and Snaggy at The Joy of Tech® Permalink The post The Joy of Tech® ‘Trump: Step up Apple!’ appeared first on Security Boulevard.   Advertise on IT Security News. Read the complete article: The Joy of Tech® ‘Trump: Step up…

Read more →

Next up: Oracle’s latest quarterly patch batch. Hundreds of separate bugs squashed, many extremely serious. The post Oracle Spews 334 Patches, Many Critical. You Know the Drill appeared first on Security Boulevard.   Advertise on IT Security News. Read the…

Read more →

The National Institute of Standards and Technology, an arm of the U.S. Department of Commerce, has published version 1.0 of a privacy framework to help organizations think through the process of securing personal data. The NIST privacy framework consists of…

Read more →

Credit reporting agency Equifax continues to pay through the nose after the mega breach it suffered in 2017 resulted in the leak of 147 million customer records and the firing of three executives. The post Equifax Ordered to Spend $1…

Read more →

In the age of GDPR and CCPA, there seems to be more conjecture about compliance and personal privacy than there is about the weather. It’s understandable, as predicting the conditions outside seems a lot easier than devising and implementing an…

Read more →

When Clop was discovered by Jakub Kroustek in February 2019, all indicators showed that it was a new CryptoMix with the .CLOP, or in some circumstances .CIOP, extension tagged onto encrypted files. Since this discovery, the ransomware operators behind Clop…

Read more →

In August 2019, the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) released a new privacy standard set to become the benchmark for helping organizations comply with international privacy frameworks and laws. ISO/IEC 27701:2019 serves as a…

Read more →

As if security operations professionals don’t have enough on their plates, they can add a new geo-political event — the… The post Iranian Retaliatory Cyber Threats Are a Reminder of the Importance of Sound Incident Response appeared first on Siemplify.…

Read more →

Signal Sciences next-gen WAF can send and receive data to and from a wide range of security and DevOps tools via our API and integrations with various infrastructure and security tooling. The layer 7 telemetry we gather from inspecting and……

Read more →

We are excited to welcome 2020 with the release of Tufin Orchestration Suite 19-3 with new features and enhancements, including greater support of our customers’ Software-Defined Networking (SDN) initiatives, whether they implemented Cisco Application Centric Infrastructure (ACI) or VMware NSX-T…

Read more →

Outstanding reports – via Norwegian Forbrukerrådet detailing the systematic criminal behavior exhibited by Advertising Entites and their Ilk, with the resultant aglommeration of data which permits them to collect and store an ever increasing and exponentially aggregious compendiums of personal…

Read more →

What were the most significant data breaches in 2019? Will ransomware still be a threat in 2020? (Spoiler alert: It’s forecast to be worse than ever.) Which industries were attacked most? * We have put together a shortlist of overview…

Read more →

via the comic delivery system monikered Randall Munroe at XKCD! Permalink The post XKCD ‘Tattoo Ideas’ appeared first on Security Boulevard.   Advertise on IT Security News. Read the complete article: XKCD ‘Tattoo Ideas’

Read more →

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn. Permalink The post DEF CON 27, Appsec Village, Anthony “karver” Kava’s ‘How Bad Could…

Read more →

At MixMode, we can’t help but imagine the flip side of all that potential. An increasingly connected cyber landscape means an increased number of potential targets for bad actors. New tech is exciting, but it’s often inherently vulnerable to cyberattacks.…

Read more →

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn. Permalink The post DEF CON 27, Appsec Village, Guy Barnhart Magen’s ‘Crypto Failures And…

Read more →