In technology, buzzwords come and go, but one of the more common terms in security these days is "next-generation (or next-gen) endpoint protection."
But what does that really mean? Solutions from all origins are now deemed "next-gen" with seemingly little basis for comparison. Is it nothing more than spin, or is...
Businesses of all types and across all industries are facing increased pressure from customers, vendors and even employees to offer secure and fast wireless access. Although offering Wi-Fi is vital, it remains vulnerable to wireless threats. Networks may unknowingly allow client connections to a malicious access...
Addressing one of the most critical application security risks, Authentication is a cornerstone capability of any application.
Ensuring a user is who they say they are is crucial to maintaining data privacy and preventing fraud and data breaches. Consequently, improperly implemented authentication, known as broken...
Microsoft removed 18 apps from its Azure cloud platform that were being used by hackers as part of their command-and-control infrastructure. The threat group, called Gadolinium, was abusing the infrastructure to launch phishing email attacks, Microsoft researchers say.
The U.S. Cybersecurity and Infrastructure Security Agency has issued a report describing how a threat actor apparently used a well-known VPN vulnerability and compromised Office 365 credentials to gain administrative privileges to a federal agency's network.
Microsoft and the Cybersecurity and Infrastructure Security Agency have issued warnings that a critical vulnerability in Windows Server dubbed "Zerologon" is being actively exploited in the wild. They urge users to immediately apply an available partial patch.
Facebook is again cracking down on fake accounts and pages linked to a Russian IRA troll farm or the country's military intelligence units that were being used for disinformation campaigns. Meanwhile, the FBI issued a fresh warning that threat actors are attempting to target U.S. voting infrastructure.
With so many cybercrime markets continuing to disappear, why haven't encrypted messaging apps stepped in to fill the gap? They might seem to be the perfect solution to admins stealing buyers' and sellers' cryptocurrency - via an exit scam - or police infiltration. But encrypted apps have their own downsides.
The U.S. National Institute of Standards and Technology this week released a long-awaited guidance update, Special Publication 800-53 Revision 5, describing "next-generation security and privacy controls" and how to use them.
Australian police say they've broken up a sophisticated SMS phishing scheme designed to collect personal details and bank login credentials. It's a rare success in the fight against unsolicited text messages.
Revisiting remote workforce security defenses, simplifying cloud access controls and pursuing risk-based vulnerability management and passwordless authentication are among the 10 security projects that all organizations should consider for this year and next, according to advisory firm Gartner.
When a crisis manifests, organizations need to respond quickly or risk insolvency. Some crises
require that companies, organizations, and government agencies enable remote workers quickly
and efficiently to ensure operational and business continuity. Such efforts to enable a remote workforce
are challenging for...
The ephemeral and dynamic nature of cloud resources makes traditional security perimeters insufficient for successful risk management. The cloud needs a new perimeter - identity. Unfortunately, the complexity of the cloud infrastructure and cloud provider identity and access management (IAM) tools makes it...
With less than 45 days to go before the November election, the FBI and CISA have issued a warning that nation-state hackers and cybercriminals may attempt to spread disinformation regarding the final vote tallies as a way to undermine confidence in the voting process.