Improving communication between security teams and the rest of the organization can greatly improve an enterprise's security posture.
Researchers have discovered two new flaws in the Dragonfly handshake in the WPA3 WiFi security standard.
Deepfakes aren't just weird political videos. Enterprises should be concerned about how deepfakes could impact their reputation and financial health and include them in incident response plans.
As organizations grapple with soaring costs of cyberattacks, many are asking insurance companies for help reducing risks. But insurance providers are also hedging their bets because cyber insurance is so risky.
Financial services organizations and many other enterprises have hesitated to go all in the cloud, citing concerns about depending on a third-party to protect the data, and the Capital One breach may encapsulate their fears. But the fact is, the cloud provides security benefits, so long as proper controls are put in place.
The breach of Capital One data on Amazon Web Services is a insider threat story. Defending from malicious insiders is a different ballgame than from outsiders.
VxWorks is the operating system no one has ever heard of, but it is widely used in industrial control systems, robotics and automation, industrial control systems, and Internet of Things. The URGENT/11 group of vulnerabilities in these devices can be exploited remotely.
Zero day vulnerabilities exploited in the wild is never good news, but if the user's machine is running the latest version of the operating system, the chances are good that the attack won't be successful against that machine, according to a Microsoft security engineer.
What a week for BlueKeep watchers. Chinese-language slide deck appears on GitHub with details on how to use the BlueKeep vulnerability, Immunity includes a working exploit in its penetration testing kit, and the WatchBog cryptocurrency-mining botnet now has a scanner looking for vulnerable Windows machines with Remote Desktop enabled.
The Kazakhstan government's efforts to intercept HTTPS connections and eavesdrop on secure traffic is a dangerous policy, experts say.
Law enforcement officials and lawmakers asking the technology industry to provide backdoors into encryption products is not anything new, but U.S. Attorney General William Barr did something past officials hadn't done before: Barr specified that the backdoors and workarounds should be in encrypted messaging apps.
Equifax settled the various lawsuits from federal and state regulators and consumers related to its 2017 data breach for up to $700 million. Hefty price tag not withstanding, the data for 147-million victims is still out there and there's not much consumers can do about it.
Four years after an intrusion, Slack has discovered new details about the incident and moved to reseat many users' passwords.
There has been a lot of discussion about protecting voting systems so that ballots can’t be changed or manipulated over the past two years, but the attacks Microsoft warned about are not related to the voting process.
The EFF's Privacy Badger browser extension is now blocking Google Analytics through a change to detect cookie sharing.