Defense-in-depth is a common security strategy that often includes a combination of endpoint security products, including next generation anti-virus (NGAV), traditional anti-virus (AV) and/or endpoint detection and response (EDR). But as attacks and breaches continue to surge, I can’t help but wonder: are these technologies missing the point?  The CyberArk Endpoint Privilege Manager and products…

Google plans to remove the “secure” label from HTTPS websites starting in September 2018, a move intended to acknowledge HTTPS as the standard for browser security. Users should expect all the sites they visit to be secured with HTTPS, the company reported last week. Earlier this year, Google announced plans to mark all HTTP sites as “not…

Cryptojacking has unquestionably gone mainstream. Despite heavy media and industry attention, organizations are struggling to meet compliance requirements in public cloud environments, according to RedLock. On the flip side, there’s evidence that companies are becoming more aware of cloud account compromises and implementing best practices to prevent attacks, but there’s still no shortage of new attack…

Host Steve Ragan reports from the show floor at RSA 2018, taking with Oliver Tavakoli, CTO at Vectra Networks, and author of the Thinking Security blog on CSOonline.com, about the types of IT security work that can be off-loaded to artificial intelligence systems.

So, you’ve been working all year long and finally decided to go on a nice vacation, taking a couple of weeks away from home, office, and everything else? That’s great! Of course, you don’t want anything at all to go wrong with your hard-earned break. To avoid disappointments — or worse — down the road,…

Last year we analyzed an incident depicted in Star Wars: Episode IV. However, we got the feeling even back then that the security failures that led to the destruction of the Death Star were only the tip of the iceberg. The Empire’s problems with information systems security are clearly of a more galactic nature. Fortunately, researchers from Lucasfilm…

Researchers have disclosed the details of two unpatched vulnerabilities that expose more than one million home routers made by South Korea-based Dasan Networks to remote hacker attacks. In a blog post published on Monday, vpnMentor revealed that many Gigabit-capable Passive Optical Network (GPON) routers, which are used to provide fiber-optic Internet, are affected by critical…

Uber last week updated the legal terms of its bug bounty program and provided guidance for good faith vulnerability research. The changes come just months after the ride-sharing giant admitted paying a couple of individuals as part of an effort to cover up a massive security incident. Uber says it has addressed nearly 200 flaws for…

You know the saying: “If it ain’t broke, don’t fix it.” Cybercriminals seem to have taken that truism to heart, because they continue to reuse the same old scams — and they never fail to find victims. Last summer, social media worldwide were flooded with reposts of fake airline giveaways. We covered it at the time,…

Startup slogans are inescapable in tech: Move fast. Break things. Minimum viable product. These are exciting ideas, for sure, but to put them to use in IT, you’ll need to tailor them to your context. For IT executives running established businesses, the risk-reward scenario is different. Thousands or millions of customers depend on your infrastructure….