Organizations lag on confidence and policies to manage open source security

It's taking longer for companies to find open source vulnerabilities, and shaky policies mean only the most critical flaws are attended to. 

By David Jones • June 24, 2022

Analysts nudge businesses to decentralize cybersecurity leadership

The push is to enable employees to make informed security decisions while meeting enterprise needs with spread out security leadership. 

By Lindsey Wilkinson • June 22, 2022

What enterprise leaders can divine from software bills of materials

Cyber defense tool: Software bills of materials (SBOMs) can expose elements of risks in applications.

By Jen A. Miller • June 13, 2022

5 takeaways from the RSA Conference

The event tried to pick up where it left off 28 months ago. Can companies keep up with the accelerated pace and scale of cyber threats?

By Matt Kapko • June 13, 2022

Organizational changes required to mitigate security risks

CIOs are implementing new strategies to lower software supply chain risk, but evaluating internal operations could prove more effective.

By Lindsey Wilkinson • June 7, 2022

Attackers aim for Atlassian Confluence zero day with mass, targeted exploitation

The threat activity comes days after the company released a security fix for the on-premise vulnerability.

By David Jones • June 7, 2022

Microsoft Office zero day leaves researchers scrambling over the holiday weekend

The company warns a successful attack could allow an attacker to install programs, delete data or create new accounts. 

By David Jones • Updated May 31, 2022

Critical VMware vulnerabilities resurface after threat actors evade patches within 48 hours

Even with new patches available, CISA is concerned that threat actors will easily shake off the fixes once again.

By Matt Kapko • May 19, 2022

What cyber insurance companies want from clients

Insurers evaluate how a company leverages technology and what internal standards are in place to manage risk.

By Sue Poremba • April 28, 2022

IT leaders remain bullish on open source despite security hiccups

Enterprise adoption of open source has not cooled, but flaws have highlighted the need for a better understanding of dependencies. 

By Brian Eastwood • April 25, 2022

Threat detection accelerates in Asia, Europe, as notification trends shift

As companies boost defenses and share threat intelligence, malicious actors have less time to escalate attacks.

By David Jones • April 19, 2022

2 years later: What's next in security for the pandemic-era workforce

Organizations can expect the return-to-work model to stress a corporate infrastructure that has languished in recent years. 

By Sue Poremba • April 13, 2022

Federal authorities urged to bolster intel sharing amid nation-state threats

Current Russian cyber activity has been limited, but experts called on federal authorities to keep providing actionable intelligence as risks endure.

By David Jones • April 6, 2022

Big tech is fixing bugs faster. Will that influence trickle down?

If a customer lacks urgency in deploying a patch, a flaw can linger. 

By Sue Poremba • April 1, 2022

The security challenge for 2022: Operating under a continuous assurance model

Companies are turning to continuous assurance to answer increased compliance maturity expectations.

March 28, 2022

White House warns US of possible Russian cyberattack linked to Ukraine invasion

The warnings come after federal authorities convened more than 100 critical infrastructure organizations to share classified cyberthreat information.

By David Jones • March 21, 2022

Dinner is served: Cyber M&A feeding frenzy shows hunger for trust

Google spent $5.4 billion to acquire Mandiant, which it plans to fold into Google Cloud. It was just one of 200-plus cybersecurity deals struck last year.

By Naomi Eide • March 17, 2022

Russian state-sponsored actors target PrintNightmare, MFA settings

ESET researchers are separately warning about new data wiping malware.

By David Jones • March 16, 2022

Google swoops in to buy Mandiant for $5.4B after weeks of market speculation

The deal follows reported negotiations between Microsoft and Mandiant, after the incident response specialist sold off its FireEye products business late last year.

By David Jones • March 8, 2022

How to prepare employees for elevated cyber risk from the Ukraine crisis

The conflict is still in its early stages, which may complicate employer response. But a good place to start may be to ensure baseline preparedness.

By Ryan Golden • March 3, 2022

Ukraine war tests cyber insurance exclusions

Enterprise customers should expect higher premiums and more restrictive underwriting criteria, though a recent court ruling may force insurers to honor wartime claims.

By David Jones • March 3, 2022

New cyberattacks emerge in Ukraine targeting government and industry

Researchers say the release of new malware strains was planned for months.

By David Jones • March 1, 2022

Cyberattack on Nvidia results in data leak, credential theft

The incident took place as Russia's war in Ukraine unfolds against a backdrop of U.S. warnings to protect critical industries.

By Naomi Eide , David Jones • Updated March 1, 2022

Botnets, data wiping malware spread as Ukraine incursion begins

A new variant of Cyclops Blink is now targeting Asus routers. 

By David Jones • Updated March 18, 2022

Ukraine conflict spotlights business need for cyber resilience

In the crosshairs: critical infrastructure and companies with global operations.

By Roberto Torres • Updated Feb. 24, 2022