Many Mac users reported in the past few weeks that a process named “mshelper” had been eating up a lot of CPU power and draining their batteries. It turns out that the process is associated with a piece of malware designed to mine for Monero (XMR) cryptocurrency. Researchers at Malwarebytes have analyzed the mshelper malware and while…

Senator Ron Wyden (D-Ore.) on Tuesday asked the chief information officer at the U.S. Department of Defense (DoD) to take immediate action to ensure that the organization’s websites use HTTPS. The senator noted that some of the DoD’s websites, such as the ones belonging to the NSA, the Army, and the Air Force, do use…

Security practitioners are being told that they have to get smarter about how they use data. The problem is that many data scientists are lost in their world of math and algorithms and don’t always explain the value they bring from a business perspective. Dr. Kenneth Sanford, analytics architect and sales engineering lead at Dataiku,…

Defense-in-depth is a common security strategy that often includes a combination of endpoint security products, including next generation anti-virus (NGAV), traditional anti-virus (AV) and/or endpoint detection and response (EDR). But as attacks and breaches continue to surge, I can’t help but wonder: are these technologies missing the point?  The CyberArk Endpoint Privilege Manager and products…

Modern smartphones have successfully combined the functionality of a phone, camera, music player, public transit pass, and even a wallet for many years now. Naturally, this makes you wonder about the security of the data they store. Let’s figure out how well smartphones protect users’ most valuable information and how their main security mechanism — a…

While the upcoming GDPR compliance deadline will mark an unprecedented milestone in security, it should also serve as a crucial reminder that compliance does not equal security.  Along with the clear benefits to be gained from upholding the standards enforced by GDPR, PCI DSS, HIPAA, and other regulatory bodies often comes a shift toward a…

Google plans to remove the “secure” label from HTTPS websites starting in September 2018, a move intended to acknowledge HTTPS as the standard for browser security. Users should expect all the sites they visit to be secured with HTTPS, the company reported last week. Earlier this year, Google announced plans to mark all HTTP sites as “not…

Experience is a valuable teacher, especially when you’re able to learn lessons from others who have taken similar journeys. That’s why we recently polled some of our most successful mobile security customers. They had valuable stories to share about the process they underwent evaluating and implementing mobile security solutions. We wanted to know the backstory:…

Cryptojacking has unquestionably gone mainstream. Despite heavy media and industry attention, organizations are struggling to meet compliance requirements in public cloud environments, according to RedLock. On the flip side, there’s evidence that companies are becoming more aware of cloud account compromises and implementing best practices to prevent attacks, but there’s still no shortage of new attack…