Researchers from Qualys uncovered a major vulnerability in an application that allows administrators to delegate limited root access to regular users. While most major Linux distributions have released fixed versions of sudo, administrators still have to verify their systems are protected.
Over the last year, cybercriminals adjusted their attack tactics with new developments with the COVID-19 pandemic. With attention now on developing and distributing the vaccine for the novel coronavirus, attackers have shifted their focus to target the vaccine supply chain.
Andy Ellis, CSO of Akamai, joins Dennis Fisher to discuss the importance of setting priorities, how to assess your strengths and weaknesses as an organization, and the NFL draft.
Securing the 2020 election was a years-long process, and former CISA Director Chris Krebs found a number of key lessons for security teams during the effort.
The European Union’s data protection authorities have been flexing their regulatory powers under the General Data Protection Regulation over the past year, increasingly imposing larger fines and other enforcement actions.
One of the last executive orders for the outgoing Trump Administration authorized the Commerce Department to create "know your customer" rules for infrastructure-as-a-service providers.
A piece of malware called Raindrop has been found in some networks compromised by the SolarWinds attackers.
New York lawmakers are moving ahead with their own privacy legislation to regulate how private companies handle biometric data.
Attack groups are increasingly focusing their attention on cloud platforms and services as common entry points for victim networks.
Amanda Berlin of Blumira joins Dennis Fisher to talk about how she got her start in security, learning new skills on the fly, and helping customers find the things that really matter on their networks.
Email security firm Mimecast said attackers stole a certificate some of its customers use to authenticate to some of its cloud services.
A proposed rule from a trio of federal financial regulatory agencies aims to change current reporting requirements so that financial service organizations have to notify federal regulators of a security incident within 36 hours.
The latest Intel vPro processor will include built-in protections to detect and block ransomware attacks, Intel said.
Discussions on developing norms for cyber operations have resurfaced in the wake of the SolarWinds breach and subsequent intrusions, but experts say it's not a simple task.
From a vulnerability management perspective, it makes sense for defenders to be aware of which vulnerabilities have publicly available exploit code. Increasingly, much of that code is beginning to appear on GitHub.