Advertisement

DDOS attack

Misconfigured WS-Discovery in devices enable massive DDoS amplification

Researchers were able to achieve amplification rates of up to 15,300%. Some mitigations are possible.


Botnet Trouble / Botnet army

Secrets of latest Smominru botnet variant revealed in new attack

Researchers gained access to a Smominru command-and-control server to get details on compromised devices and scope of the attack.


Credential theft  > A thief steals a password.

How to detect and halt credential theft via Windows WDigest

Attackers can steal user credentials by enabling credential caching in the Windows authentication protocol WDigest. Here's how to stop them.


Advertisement

Two business people shake hands with a third at a meeting, surrounded by question marks.

6 questions candidates should ask at every security job interview

The cybersecurity skills shortage means security pros can be picky about where they work. Here's how to suss out bad employers.


network security / network traffic scanning

Review: Blue Hexagon may make you rethink perimeter security

This fully functional, fully trained cybersecurity tool is ready on day 1 to spot threats on whatever network it’s charged with protecting.


Email encryption  >  A key + a three-dimensional 'at' symbol bearing a series of locks.

The top 5 email encryption tools: More capable, better integrated

Most of the email encryption solution vendors have broadened the scope of their products to include anti-phishing, anti-spam, and data loss prevention (DLP).


golden egg / nest / numbers / precious value / worth / growth

Three strategies to prove security's value

How CISOs can identify and quantify security’s value in real dollars


shadow flashlight shadowy investigation

Shining light on dark data, shadow IT and shadow IoT

What's lurking in the shadows of YOUR organization? What you don't know can hurt you. Insider Pro columnist Mike Elgan looks at how your business is at risk and offers six steps to minimize it.


financ credit pos

What is PSD2? And how it will impact the payments processing industry

The EU’s revised Payment Services Directive (PSD2), which include multifactor authentication for online European payment card transactions, will have a ripple effect on the payments processing industry in the U.S. and elsewhere.


Let's Encrypt automated encryption gears
Cybersecurity Snippets

SOAPA vs. SOAR: How these security terms differ

SOAPA and SOAR are vastly different. Security orchestration, automation, and response (SOAR) tools represent a component of a security operations and analytics platform architecture (SOAPA).


Advertisement

Brexit / privacy  >  Binary data + a U.K. umbrella drifting away on a sea branded with an E.U. flag

Privacy Shield and Brexit: What now? What next?

Once the UK leaves the European Union, companies on both sides of the Atlantic will need to act to ensure compliant data flows between the UK and US under Privacy Shield.


cybersecurity controls

The 5 CIS controls you should implement first

The CIS Critical Security Controls list (formerly the SANS Top 20 controls) has been the gold standard for security defense advice. These are the tasks you should do first.


Cyber insurance  >  Umbrella hub protecting connected devices + online activities in binary world.

Implementing a successful cyber insurance program: Key steps and considerations

In a first, a Black Hat micro summit explains how insurers assess risk to write cyber insurance policies as more organizations seek to indemnify themselves against potential breach losses.


Virtual security technology focuses on the Microsoft Teams logo as someone uses her mobile phone.

Security and compliance considerations for Microsoft Teams

Admins will need to make these decisions around security and governance when porting from Office 365 Pro Plus to Microsoft Teams.


healthcare data breach / medical patient privacy security violation

6 biggest healthcare security threats for 2020

Healthcare continues to be a popular target for ransomware, cryptomining, data theft, phishing, and insider threats.