Mimecast, a Boston-based email security firm, claims to have discovered a new email exploit. The exploit itself centers on the fact that an attacker who sends an HTML-based email linking to an external CSS file can "edit any text in...
Automation is everywhere, yet consistently used at the wrong times and in the wrong ways, leading to a rise in breaches and millions of unfilled security analyst positions. What are the different types of automation? How does human...
Kaspersky Labs announced new research this morning that shows some links between the massive Shamoon attack that took down 35,000 computers in Saudia Arabia to a new attack against a target in Europe
The NCIRP provides a consistent and common approach and vocabulary to enable the whole community to work together to manage cyber incidents seamlessly. The NCIRP directly responds to private sector requests for clarity on the roles...
Earlier this morning, as part of a story on Cylance's claims that AV-Comparatives was using deceptive testing methodologies and pirated software, Salted Hash revealed details on a new test Cylance commissioned with AV-TEST. We reached...
The total number of cybersecurity attacks fell by 35 percent in the last quarter of 2016, according to a new report, but the attacks became more targeted and sophisticated. Instead of general-purpose exploit kits and broad scanning,...
Machine learning has moved enterprise security forward, allowing for visibility inside the network in order to better understand user behavior. However, malicious actors are using what is done with machine learning on the inside in...
Anti-virus software is getting worse at detecting both known and new threats, says a new report. Average detection rates for known malware went down a couple of percentage points slightly from 2015 to 2016, while detection rates for...
Josh Lefkowitz of Flashpoint shares his experience leading the pivot from threat intelligence to business risk intelligence and explains the enterprise benefit for security leaders
Three years after Target missed alerts warning them abut a massive data breach, the amount of threat information coming in from security systems is still overwhelming for many companies, due to lack of expertise and integration issues....
There’s a trend in security operations to work to close the gap between discovering a breach after the damage has been inflicted, and delving deeper into the infrastructure to evaluate the “What/Where/When/How” in an effort to advance...