Advertisement

Jason Lee, Chief Information Security Officer, Zoom

CISO Jason Lee on Zoom's response to its pandemic security challenges

A year into his role, Lee discusses how he and Zoom's security team addressed security and privacy issues amid rapid growth and public scrutiny.


login credential - user name, password - administrative controls - access control - single sign-on

4 tips to prevent easy attacker access to Windows networks

The Colonial Pipeline attackers likely got in using old, compromised VPN credentials. This advice will force attackers to work much harder.


A multitude of arrows pierce a target. [numerous attacks / quantity / severity]

7 best practices for enterprise attack surface management

Follow this advice to minimize vulnerabilities and give threat actors fewer opportunities to compromise your organization's network and devices.


Advertisement

API security alerts displayed on monitors amid binary code / application security

Government-mandated SBOMs to throw light on software supply chain security

The US government will soon require vendors to provide a software bill of materials to help ensure integrity of an application's components.


hsm shredder

IT asset disposal is a security risk CISOs need to take seriously

Sensitive company and personal data often leaves organizations on disposed devices. An auditable chain of custody that shows data destruction is essential for any ITAD program.


A group discussion takes place in a glass conference room, in a busy office workspace.

Tabletop exercises explained: Definition, examples, and objectives

A tabletop exercise is an informal, discussion-based session in which a team or discusses their roles and responses during an emergency, walking through one or more example scenarios.


technology debt drowning in debt piggy bank by romolo tavani hudiem getty images

7 ways technical debt increases security risk

Shoddily developed and deployed projects can leave your enterprise vulnerable to attacks. Here's how to stop technical debt from sending your organization to the cyber-poorhouse.


Digital bugs amid binary code. [security threats / malware / breach / hack / attack]

10 old software bugs that took way too long to squash

As these examples show, vulnerabilities can lurk within production code for years or decades—and attacks can come at any time.


Cybersecurity awareness  >  A man with a binary blindfold finds his way through question marks.

Report: Active Directory Certificate Services a big security blindspot on enterprise networks

Microsoft's Active Directory PKI component commonly have configuration mistakes that allow attackers to gain account and domain-level privileges.


healthcare data breach / medical patient privacy security violation

5 biggest healthcare security threats for 2021

Healthcare organizations can expect ransomware, botnets, cloud misconfigurations, web application attacks, and phishing to be their top risks.


Advertisement

A hook is cast at laptop email with fishing lures amid abstract data.

4 steps to prevent spear phishing

Your users are in the crosshairs of the best attackers out there. Follow these steps to better protect them.


CSO  >  Searching for vulnerabilities  >  Magnifying lens in a virtual interface idnetifies weakness

Thousands of publicly accessible VMware vCenter Servers vulnerable to critical flaws

With proofs of concept public, attackers are likely exploiting this vulnerability weeks after patches were released.


ransomware breach hackers dark web

Unique TTPs link Hades ransomware to new threat group

New research exposes details of Gold Winter threat group that links it to the infamous Hades ransomware.


Insider threats  >  Employees suspiciously peering over cubicle walls

Security firm COO indicted for allegedly aiding hospital's attackers: What CSOs should know

A grand jury has indicted Securolytics COO Vikas Singla for allegedly helping attackers access Gwinnett Medical Center's phone system and printers. This breach of trust presents a dilemma for CISOs.


Microsoft Windows security  >  Windows laptop + logo with binary lock and key

Best new Windows 10 security features: Improvements to Intune, Windows Defender Application Guard

Here's what you need to know about each security update to Windows 10 as they roll out from Microsoft. Now updated for the 21H1 feature release.