Michael Lines is working with ISMG to promote awareness of the need for cyber risk management, and the CyberEdBoard is posting draft chapters from his upcoming book, "Heuristic Risk Management: Be Aware, Get Prepared, Defend Yourself." This chapter - the last in the series - is titled "Building an Effective Defense."
Atlassian has issued a patch for its Confluence workspace collaboration tool, which is being targeted in the wild with a zero-day vulnerability that gives attackers unauthenticated remote code execution privileges. The vulnerability has a CVSS score of 10 out of 10 for criticality.
A zero-day vulnerability in Atlassian Confluence, a workspace collaboration tool that serves millions of daily active users, is being targeted in the wild. The flaw, according to the company's security advisory, gives attackers unauthenticated remote code execution privileges.
Lookout has bought password management provider SaferPass to provide carriers distributing the company's consumer app with more capabilities in a single place. Lookout wants to take SaferPass's technology beyond its existing base of consumer and SMB customers and bring it to large enterprises.
Poor security configurations, weak controls and gaps in authentication protocols are among the common initial access vectors "routinely exploited" by threat actors, the Five Eyes cybersecurity alliance says. Firms offering cybersecurity services weigh in on the gaps and implementation challenges.
In the latest "Proof of Concept," Lisa Sotto, Jeremy Grant and ISMG editors discuss the significance of Apple, Google and Microsoft supporting the FIDO protocol's passwordless sign-in standard, progress made on Biden's cybersecurity executive order and updates on U.S. cybersecurity and privacy laws.
With zero trust and cloud infrastructures at the top of security practitioners' road maps, there has been an uptick in authorization-related initiatives. Security experts discuss the challenges of authorization and describe how firms can use authorization strategies to better protect themselves.
Apple, Google and Microsoft are joining forces to back a standard that will allow websites and apps to offers passwordless sign-ins across devices and platforms. The three OS and browsing giants have put their weight behind a common passwordless sign-in standard created by the FIDO Alliance.
John Kindervag, creator of Zero Trust, and two ISMG editors discuss whether we have advanced or regressed in security technology, implementing Zero Trust security in OT environments, and how federal agencies are progressing with Zero Trust adoption a year after the cybersecurity executive order.
The number of organizations being breached is on the rise, according to Forrester's 2021 State of Enterprise Breaches report. Allie Mellen describes the trend as "disappointing" and discusses the misaligned expectations some organizations have about breaches, as well as other report findings.
As one embarks on a zero trust journey, it's best to start with a network approach, according to Amit Basu, who is vice president, chief information officer and chief information security officer at International Seaways, a New York-based tanker company.
In this edition, four ISMG editors discuss important cybersecurity issues, including how virtual currency Monero is becoming the main alternative to Bitcoin as the crypto choice for criminals, the challenges involved in an identity-centric Zero Trust approach and how to influence change in culture.
How does one decide the right approach to zero trust, and what are some important considerations to keep in mind? A panel of experts - Brett Winterford, Chirag Joshi and Jay Hira - share their in-depth views and discuss issues including how to take an identity-centric zero trust approach.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing paymentsecurity.io, you agree to our use of cookies.