fragile binary cyberattack risk vulnerable

How to defend Windows networks against destructive cyberattacks

Defending against attacks intended to destroy systems rather than steal or extort requires a different approach, as Russia's cyberattacks against Ukraine demonstrate.

Global geopolitical vectors

Data residency laws pushing companies toward residency as a service

Many countries now require companies that operate within its boundaries to store data on their residents locally. Using residency-as-a-service providers is becoming an important option.

An engineer reviews strategy framework data.

Using the NIST Cybersecurity Framework to address organizational risk

NIST's CSF, used with other guidance, can help map risk to actual threats and better comply with security mandates such as the U.S.'s cybersecurity executive order.


high priority gauge

Prioritizing and remediating vulnerabilities in the wake of Log4J and Microsoft's Patch Tuesday blunder

Vulnerability disclosures often come in bunches, and unvetted patch updates can create their own problems. Here's how to assess and prioritize both.

security school education binary code classroom by skynesher getty

Education sector hounded by cyberattacks in 2021

The education and research sector recorded a 75% year-on-year increase in cyberattacks as the move to working from home enlarged the attack surface and opened up new vulnerabilities.

Russian flag overlay / mobile phone / wireless signals / data

High anxiety spreads among Russian criminal groups in wake of REvil raid

Fearful chatter reveals unprecedented concern about future criminal operations, though some doubt Russia's commitment to stopping ransomware.

hand writing on chalkboard showing myth vs fact

22 cybersecurity myths organizations need to stop believing in 2022

Security teams trying to defend their organizations need to adapt quickly to new challenges. Yesterday’s buzzwords and best practices have become today’s myths.

Red team / teamwork / collaboration / strategy

Red vs. blue vs. purple teams: How to run an effective exercise

Playing the role of an attacker can make your team better at defense if you include all the stakeholders and carefully design goals.

man looking through binocs spy hacker breach infiltrate gettyimages 164644457 by selimaksan 2400x16

A tale of two breaches: Bunnings and the South Australia government

Minimising data collection limited the data exposure from third-party compromise at one of the victims.

malware attack

MoonBounce UEFI implant used by spy group brings firmware security into spotlight

The MoonBounce rootkit implants a malicious driver in the Windows kernel to provide persistence and stealthiness.


cloud security / data protection / encryption / security transition

Attackers use public cloud providers to spread RATs

Cisco discovers malware campaign using Azure and AWS to spread Nanocore, Netwire and AsyncRATs.

CSO  >  secure mergers + acquisitions / floating puzzles pieces / abstract security mechanisms

McAfee, FireEye merger yields Trellix, a unified XDR security company

Trellix will build on existing McAfee and Fire Eye applications, machine learning and automation technology to create an XDR platform of interoperable of products for threat prevention, detection and response.

Eyeglasses rest on a binary field / code review / threat assessment / check vulnerabilities
Cybersecurity Snippets

Security hygiene and posture management: A 2022 priority

Disjointed tools and manual processes provide an incomplete and unacceptable picture of cyber-risk.

2 man with binoculars data breach research spy

What CISOs can learn about insider threats from Iran's human espionage tactics

Israel's arrest of four women recruited to spy for Iran reveals how an adversary might recruit an insider to act on its behalf.

Malicious USB dongle / memory stick / thumb drive with skull icon

BadUSB explained: How rogue USBs threaten your organization

The FBI has warned of an attack campaign that sends USB drives containing malicious software to employees. Here is what you need to know about BadUSB and mitigating its risks.