Tag: Security Boulevard

Our recommended healthcare password policies that complement and support HITRUST. Since its founding in 2007, HITRUST (Health Information Trust Alliance) champions programs that safeguard sensitive information and manage information risk for global organizations across all industries. HITRUST works with privacy,…

Read more →

Each year the World Economic Forum releases their Global Risk Report around the time of the annual Davos conference. This year’s report is out and below are notes on the “cyber” content to help others speed-read through those sections (in…

Read more →

Security Compass, a provider of tools for streamlining risk analysis, has appointed Rohit Sethi to be its CEO after receiving additional funding from FTV Capital. Security Compass founder and previous CEO Nish Balla will remain on the board of directors.…

Read more →

The post Cloud, a Year in Review and Looking Forward appeared first on CCSI. The post Cloud, a Year in Review and Looking Forward appeared first on Security Boulevard.   Advertise on IT Security News. Read the complete article: Cloud,…

Read more →

As the volume of enterprise data grows, database security is becoming more challenging than ever before. According to IDC, the volume of data worldwide will increase tenfold to 163 zettabytes by 2025, with most of that being created and managed…

Read more →

The debate over who the CISO should report to is a hot topic among security professionals, and that shows no sign of changing soon. That’s because there is still no standard or clear-cut answer. Ask CISOs themselves for their opinion,…

Read more →

The JumpCloud BitLocker and FileVault 2 Policies are key for enforcing FDE at scale across an organization’s Windows and Mac fleets. The post Understanding Policies: BitLocker and FileVault 2 appeared first on JumpCloud. The post Understanding Policies: BitLocker and FileVault…

Read more →

Our predictions and expectations - Zero Trust, artificial intelligence and machine learning driven identity security, and password-less authentication are coming with the dawn of the new decade. The close of a year is a natural time for reflection, and when it…

Read more →

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn. Permalink The post DEF CON 27, Aviation Village, Art Manion’s ‘Ideas Whose Time Has…

Read more →

via the comic delivery system monikered Randall Munroe at XKCD! Permalink The post XKCD ‘Unsubscribe Message’ appeared first on Security Boulevard.   Advertise on IT Security News. Read the complete article: XKCD ‘Unsubscribe Message’

Read more →

There are countless devices on the internet with open Telnet ports—at least 515,000 of them have easily-guessable username/password combos. The post Keep Telnet Off the Internet – Here’s Why appeared first on Security Boulevard.   Advertise on IT Security News. Read…

Read more →

If you have to expose your Windows RDP ports to the internet, follow these 3 tips to safeguard them from brute-force attacks. The post 3 Tips to Prevent Brute-Force Attacks on RDP Ports appeared first on JumpCloud. The post 3…

Read more →

Cyberattacks are becoming more prevalent, and their effects are becoming more disastrous. To help mitigate the risk of financial losses, more companies are turning to cyber insurance. Related: Bots attack business logic Cyber insurance, like other forms of business insurance,…

Read more →

IT departments need more than a password manager to keep them—and a company’s data—safe from cyberthreats All companies today are, to some extent, dependent on technology and the IT teams driving their systems and security in the background. These IT…

Read more →

How best to utilize your 2020 security budget? Here are a few recommendations from those in the know The new year is a chance for a fresh start, and for many organizations, that fresh start comes with a new budget…

Read more →

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn. Permalink The post DEF CON 27, Aviation Village, Dr. Will Roper’s and Jack Cable’s…

Read more →

via the respected information security capabilities of Robert M. Lee & the superlative illustration talents of Jeff Haas at Little Bobby Comics. Permalink The post Robert M. Lee’s & Jeff Haas’ Little Bobby Comics – ‘Exclusively’ appeared first on Security Boulevard.   Advertise on IT Security…

Read more →

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn. Permalink The post DEF CON 27, Aviation Village, Harshad Sathaye’s ‘Wireless Attacks On Aircraft…

Read more →

Qualys is a sponsor of TechSpective Microsoft kicked off the new decade with a bang. Last Tuesday was the first Microsoft Patch Tuesday of 2020, and one of the patches pushed out by Microsoft addresses a dangerous flaw in Crypt32.dll…

Read more →

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn. Permalink The post DEF CON 27, Aviation Village, Karl Koscher’s ‘An Introduction To The…

Read more →

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn. Permalink The post DEF CON 27, Aviation Village, Ken’s and Alex’s ‘A Hackers First…

Read more →

via the comic delivery system monikered Randall Munroe at XKCD! Permalink The post XKCD ‘Bad Map Projection: South America’ appeared first on Security Boulevard.   Advertise on IT Security News. Read the complete article: XKCD ‘Bad Map Projection: South America’

Read more →

IT departments are responsible for adapting to the changes a recession brings, which often involve heavy reliance on IAM tools. The post Why IAM is a Must-Have in a Recession appeared first on JumpCloud. The post Why IAM is a…

Read more →

Testing, testing. May I have your attention, please. *Ahem* Allow me to introduce myself and this new series of articles for The Ethical Hacker Network. My name is Stephanie, better known as Steph or InfoSteph in the community. I have…

Read more →

via the Comic Noggins of Nitrozac and Snaggy at The Joy of Tech® Permalink The post The Joy of Tech® ‘Trump: Step up Apple!’ appeared first on Security Boulevard.   Advertise on IT Security News. Read the complete article: The Joy of Tech® ‘Trump: Step up…

Read more →

Next up: Oracle’s latest quarterly patch batch. Hundreds of separate bugs squashed, many extremely serious. The post Oracle Spews 334 Patches, Many Critical. You Know the Drill appeared first on Security Boulevard.   Advertise on IT Security News. Read the…

Read more →

The National Institute of Standards and Technology, an arm of the U.S. Department of Commerce, has published version 1.0 of a privacy framework to help organizations think through the process of securing personal data. The NIST privacy framework consists of…

Read more →

Credit reporting agency Equifax continues to pay through the nose after the mega breach it suffered in 2017 resulted in the leak of 147 million customer records and the firing of three executives. The post Equifax Ordered to Spend $1…

Read more →

In the age of GDPR and CCPA, there seems to be more conjecture about compliance and personal privacy than there is about the weather. It’s understandable, as predicting the conditions outside seems a lot easier than devising and implementing an…

Read more →

When Clop was discovered by Jakub Kroustek in February 2019, all indicators showed that it was a new CryptoMix with the .CLOP, or in some circumstances .CIOP, extension tagged onto encrypted files. Since this discovery, the ransomware operators behind Clop…

Read more →

In August 2019, the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) released a new privacy standard set to become the benchmark for helping organizations comply with international privacy frameworks and laws. ISO/IEC 27701:2019 serves as a…

Read more →

As if security operations professionals don’t have enough on their plates, they can add a new geo-political event — the… The post Iranian Retaliatory Cyber Threats Are a Reminder of the Importance of Sound Incident Response appeared first on Siemplify.…

Read more →

Signal Sciences next-gen WAF can send and receive data to and from a wide range of security and DevOps tools via our API and integrations with various infrastructure and security tooling. The layer 7 telemetry we gather from inspecting and……

Read more →

We are excited to welcome 2020 with the release of Tufin Orchestration Suite 19-3 with new features and enhancements, including greater support of our customers’ Software-Defined Networking (SDN) initiatives, whether they implemented Cisco Application Centric Infrastructure (ACI) or VMware NSX-T…

Read more →

Outstanding reports – via Norwegian Forbrukerrådet detailing the systematic criminal behavior exhibited by Advertising Entites and their Ilk, with the resultant aglommeration of data which permits them to collect and store an ever increasing and exponentially aggregious compendiums of personal…

Read more →

What were the most significant data breaches in 2019? Will ransomware still be a threat in 2020? (Spoiler alert: It’s forecast to be worse than ever.) Which industries were attacked most? * We have put together a shortlist of overview…

Read more →

via the comic delivery system monikered Randall Munroe at XKCD! Permalink The post XKCD ‘Tattoo Ideas’ appeared first on Security Boulevard.   Advertise on IT Security News. Read the complete article: XKCD ‘Tattoo Ideas’

Read more →

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn. Permalink The post DEF CON 27, Appsec Village, Anthony “karver” Kava’s ‘How Bad Could…

Read more →

At MixMode, we can’t help but imagine the flip side of all that potential. An increasingly connected cyber landscape means an increased number of potential targets for bad actors. New tech is exciting, but it’s often inherently vulnerable to cyberattacks.…

Read more →

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn. Permalink The post DEF CON 27, Appsec Village, Guy Barnhart Magen’s ‘Crypto Failures And…

Read more →

Summary Microsoft recently disclosed a spoofing vulnerability that enables an attacker to sign a malicious executable, making it appear that the file was from a trusted, legitimate source. It also enables attackers to conduct man-in-the-middle network attacks. In the recommended…

Read more →

Financial fraud occurs every day, accumulating in trillions of dollars in losses each year. In some… The post Leveraging Machine Learning for Cross-Channel Fraud Detection appeared first on Gurucul. The post Leveraging Machine Learning for Cross-Channel Fraud Detection appeared first on…

Read more →

The RastaLabs experience   Advertise on IT Security News. Read the complete article: The RastaLabs experience

Read more →

Frederick, Md. – January 16, 2020 – Fugue, the company empowering engineers to build and operate secure cloud systems that are compliant with enterprise policies, today announced it has open sourced Regula, a tool that evaluates Terraform infrastructure-as-code for security…

Read more →

Top 20 Developer Advocates to Follow in 2020   Advertise on IT Security News. Read the complete article: Top 20 Developer Advocates to Follow in 2020

Read more →

We’re happy to announce a new decryptor for Paradise Ransomware. Paradise Ransomware, initially spotted in 2017, has been aggressively marketed as a service to interested affiliates. After infection, it checks whether the keyboard language is set to Russian, Kazakh, Belarus…

Read more →

  The post Top 5 Mistakes in Cybersecurity Vendor Management appeared first on Security Boulevard.   Advertise on IT Security News. Read the complete article: Top 5 Mistakes in Cybersecurity Vendor Management

Read more →

There’s been a lot of buzz surrounding homomorphic encryption because it comes with a lot of promise. It stands out from other encryption methods as it guarantees the encryption of data while it’s being used for computation. In this scenario,…

Read more →

Surprise! Your cyber-risk insurance may not cover losses resulting from cyberwar. Here are some tips to help ensure you’re getting your money’s worth. With the prospect of a cyberwar with the Islamic Republic of Iran somewhat looming, there is the…

Read more →

We have written a lot over the past year and beyond, and we wanted to provide you with our Top 10 lists! Take a look and gain some new knowledge for the new year!! Top 10 Blogs from 2019 Better…

Read more →

Organizations across the globe are wondering whether identity management has evolved into the battle of cloud-based vs. on-prem IAM. The post Cloud-Based vs. On-Prem IAM appeared first on JumpCloud. The post Cloud-Based vs. On-Prem IAM appeared first on Security Boulevard.…

Read more →

Web based LDAP authentication is highly sought after in modern IT organizations. Fortunately, LDAP-as-a-Service solutions are now available. The post Web-Based LDAP Authentication appeared first on JumpCloud. The post Web-Based LDAP Authentication appeared first on Security Boulevard.   Advertise on…

Read more →

Introduction to UDP The User Datagram Protocol (UDP) is one of the two main protocols that sits between the Internet Protocol (IP) layer and higher-level, specialized protocols like the hypertext… Go on to the site to read the full article…

Read more →

Protected Health Information (PHI) is the term given to health data created, received, stored, or transmitted by HIPAA-covered entities and their business associates in relation to the provision of healthcare, healthcare operations, and payment for healthcare services. This might not…

Read more →

Register Now to Learn Shellcoding from the Ground Up! In the art of binary exploitation, there is one ominous “hacker” term you will hear quite often: shellcode. What is shellcode? How can it be used, and how do exploit developers…

Read more →

Prevent different types of social engineering attacks, targeting everyone from CEOs to gamers to smart appliance users, with the right training and tools. The post From video games to government: How to steer clear of social engineering scams appeared first…

Read more →

As companies expand, the adoption of cloud services grows in parallel. Bitglass’ Cloud Adoption Report recently released in 2019, found that 86% of enterprises have deployed cloud-based tools. These cloud services come with a plethora of benefits, including scalability, agility,…

Read more →

Cisco, Ericsson, Nokia and other non-Chinese vendors have a unique opportunity to lead with security in their 5G MEC applications. The post Is 5G the Security Silver Bullet for System Integrators in the West? appeared first on Radware Blog. The…

Read more →

This research was provided by Paulo Silva and Guillaume Lopes, who are members of the Checkmarx Security Research Team. Quoting the official documentation, Solidity “is a contract-oriented, high-level language for implementing smart contracts.” It was proposed back in 2014 by…

Read more →

Many security researchers believe JavaScript attacks are a major threat to web applications. The rise of Magecart, which uses web skimming (or formjacking) to illegally capture credit card and personal information from site visitors, made the threat immediate. British Airways…

Read more →

Cloud misconfigurations are becoming a major security risk among organizations using public clouds The need for smart cybersecurity never gets a holiday. That was made clear in December, a time when many organizations slow down production or close shop for…

Read more →

Today, Microsoft released patch for CVE-2020-0601, a vulnerability in windows “crypt32.dll” component that could allow attackers to perform spoofing attacks. This was discovered and reported by National Security Agency (NSA) Researchers. The vulnerability affects Windows 10 and Windows Server 2016/2019…

Read more →

Wind River today announced it has acquired Star Lab to enable customers to secure embedded systems running Linux. Terms of the deal were not disclosed, and Star Lab will continue to operate as a subsidiary of Wind River. As more…

Read more →

For historical reasons, we were a strong VMS shop. Before they imploded, Digital Equipment treated EDU’s very kindly, offering extremely good pricing on software in exchange for hardware adoption. In essence, a college could get an unlimited right to use…

Read more →

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn. Permalink The post DEF CON 27, Appsec Village, Rafael Santos’ ‘huskyCI: Finding Flaws in…

Read more →

When a client calls us to pentest a web application that is only available in Internet Explorer. I cringe. I don’t know if it’s flashbacks from the countless hours spent getting a website compatible with IE, or the trauma from…

Read more →

Introduction to TCP The Transmission Control Protocol (TCP) is one of the most commonly-used protocols on the internet. Unlike the User Datagram Protocol (UDP), TCP is not a “fire and forget”… Go on to the site to read the full…

Read more →

Authentic8, maker of Silo, the leading web isolation platform for commercial and government organizations, is now ‘In Process’ for FedRAMP authorization. The post Authentic8 Completes FedRAMP ‘In Process’ Authorization Milestone appeared first on Security Boulevard.   Advertise on IT Security…

Read more →

Today, businesses everywhere are investing in infrastructure to support growth – whether that’s moving to the cloud or automating tasks and processes.  However, the newly introduced devices, application stacks and accounts that come with this… The post Busting Top Myths…

Read more →

Windows 10 devices are widely popular in enterprises as well as educational organizations. Windows Operating System still holds up the majority of the market share for desktops. Thanks to user familiarity, Windows desktops are here to stay.  As Windows 10…

Read more →

Introduction As modern shoppers, their expectations and mobile technologies are constantly evolving, the payments industry with newer techniques cannot fall behind. The role of the mobile point of sale is undeniable in the contemporary shopping/purchase journey scenarios. Ideally, an mPOS…

Read more →

Entities that make cloud services work together also pose a security risk. Here are four worth considering At the average-sized company today, employees use hundreds of different cloud services. All of these apps integrate with each other using APIs, roles…

Read more →

Iran vowed revenge after a U.S. airstrike ordered by President Donald Trump killed the country’s top general Qasem Soleimani earlier this month. While recent missile strikes conducted by Iran against U.S. bases in Iraq was the first public move to…

Read more →

IT organizations can automate macOS Catalina patch management to streamline operations while maximizing security. Find out how to do so here. The post macOS Catalina Patch Management appeared first on JumpCloud. The post macOS Catalina Patch Management appeared first on…

Read more →

Article by Bernard Parsons, CEO, Becrypt Whether it is an EPOS system at a fast food venue or large display system at a public transport hub, interactive kiosks are becoming popular and trusted conduits for transacting valuable data with customers.…

Read more →

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn. Permalink The post DEF CON 27, Appsec Village, YanYan Wang’s ‘Automate Pen Testing In…

Read more →

Application whitelisting or blacklisting is crucial on enterprise devices to ensure that the productive employee time is not wasted on non-work applications. As digital transformation is embraced by enterprises, by and large, having devices with unlimited access to entertainment apps…

Read more →

via Luke Kingma and Lou Patrick-Mackay at Futurism Cartoons Permalink The post Luke Kingma’s & Lou Patrick-Mackay’s Futurism Cartoons ‘Wandering CPU’ appeared first on Security Boulevard.   Advertise on IT Security News. Read the complete article: Luke Kingma’s & Lou…

Read more →

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn. Permalink The post DEF CON 27, Red Team Offensive Village, Casey (3ndG4me) Erdmann’s ‘BadSalt…

Read more →

Security researchers say healthcare providers are failing to secure mind boggling amounts of highly sensitive patient medical data. The post Billions of Medical Images Leaked in Huge Privacy Puzzle appeared first on Security Boulevard.   Advertise on IT Security News. Read…

Read more →

  At ForgeRock, we’re expanding the ease of use of our ForgeRock Identity Platform. Now, if you have ForgeRock Access Manager (AM), Identity Manager (IDM), and Directory Service (DS), your developers can take advantage of our new open source SDKs…

Read more →

There is great urgency to address security issues and protect the sanctity of our upcoming elections. In 2018, the federal government made available $380M in new funding for states to update the security of their election systems, but the reality…

Read more →

The new year is upon us, which means new challenges and new opportunities. What does the future hold for IT and security? Will there be better integration and broader adoption of new technologies, or will we continue to struggle with…

Read more →

New research estimates, after all the breach data, is tallied, that by the end of 2019, healthcare-related data breaches will cost the industry $4 billion, and respondents to a recent survey expect those numbers to only increase in the year…

Read more →

Chief information security officer, or CISO for short—it’s a very popular title lately, being added to C-suites at companies of all sizes. It seems corporate boards feel a company isn’t considered serious if it doesn’t have a CISO or similarly…

Read more →

In episode 103: The US Department of Homeland Security warns of Iranian cyber-attacks, Ring gets hit with a $5 million dollar class action lawsuit, and some quick tips on how to prevent calendar SPAM. ** Show notes and links mentioned…

Read more →

via the respected information security capabilities of Robert M. Lee & the superlative illustration talents of Jeff Haas at Little Bobby Comics. The post Robert M. Lee’s & Jeff Haas’ Little Bobby Comics ‘Data Classification Fail’ appeared first on Security Boulevard.   Advertise on IT Security…

Read more →

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn. Permalink The post DEF CON 27, Red Team Offensive Village, Nathan Sweaney’s ‘Casting With…

Read more →

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn. Permalink The post DEF CON 27, Red Team Offensive Village, Chris McCoy’s ‘Through The…

Read more →

The prevalence of migration to the cloud highlights the catch-22 of cybersecurity: the security vs. convenience tradeoff. But it doesn’t have to be this way. The post How to Rein In Your Unmanaged Cloud in 4 Steps appeared first on…

Read more →

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn. Permalink The post DEF CON 27, Red Team Offensive Village, Adrian Sanabria’s ‘Red Team…

Read more →

Thanks to Def Con 27 Volunteers, Videographers and Presenters for publishing their superlative conference videos via their YouTube Channel for all to see, enjoy and learn. Permalink The post DEF CON 27, Red Team Offensive Village, Charles Herring’s ‘Breaking NBAD…

Read more →

On the first Monday of 2020, CNBC reported that “city governments, agencies and companies from coast to coast are on high alert for ramped up cyber activity possibly emanating from Iran. …” And that was just the start of a…

Read more →

via the comic delivery system monikered Randall Munroe at XKCD! Permalink The post XKCD ‘Star Wars Voyager 1’ appeared first on Security Boulevard.   Advertise on IT Security News. Read the complete article: XKCD ‘Star Wars Voyager 1’

Read more →

Google Cloud Identity Premium extends identities used for Google services to third-party web applications. It also has some MDM features. The post Is Google Cloud Identity Premium Right for Your Org? appeared first on JumpCloud. The post Is Google Cloud…

Read more →

Ransomware and Data Exfiltration are being combined to further complicate the lives of victims. How will this new development shake out? The post The Marriage of Data Exfiltration and Ransomware appeared first on Security Boulevard.   Advertise on IT Security…

Read more →

Checking My 2010 Security Predictions in 2020!   Advertise on IT Security News. Read the complete article: Checking My 2010 Security Predictions in 2020!

Read more →

If Azure AD is not your organization’s best choice for extending Active Directory to the cloud, here are a few alternative solutions. The post How to Extend Active Directory to the Cloud without Azure appeared first on JumpCloud. The post…

Read more →

As IT admins evaluate AWS Cloud Directory, pricing is a leading concern. Let’s break down their pricing model and how it compares to functionality. The post AWS Cloud Directory Pricing appeared first on JumpCloud. The post AWS Cloud Directory Pricing…

Read more →

The CMMC model has five defined levels, each with a set of supporting practices and processes. Practices range from Level 1 (basic cyber hygiene) and to Level 5 (advance/progressive). […] The post Cybersecurity Maturity Model Certification (CMMC) Levels appeared first…

Read more →