Outlining the wider organization’s proactive role in fortifying the security program allows the security team to focus on the most pressing issues that only they can solve.

Intel works closely with academic researchers on hardware flaws and coordinates efforts with other vendors to roll out fixes for emerging vulnerabilities. That wasn’t always the case.

Mimecast’s acquisition of Code42 helps the company move into insider risk management, joining key rival Proofpoint and others in the space.

The fake updates are part of a phishing and fraud surge that is both more voluminous and more targeted that the usual activity around national news stories.

The Andariel group is targeting critical defense, aerospace, nuclear, and engineering companies for data theft, the FBI, NSA, and others said.

Though IE was officially retired in June 2022, the vulnerability ramped up in January 2023 and has been going strong since.

How your organization can leverage the disruptive CrowdStrike update to become more resilient.

A software engineer hired for an internal IT AI team immediately became an insider threat by loading malware onto his workstation.

Our critical systems can be protected from looming threats by embracing a proactive approach, investing in education, and fostering collaboration between IT and OT professionals.

DDoS cyberattack campaign averaged 4.5 million requests per second, putting the bank under attack 70% of the time.

Cookies aren’t going away, after all. After years of saying it will do so, Google has decided to not remove third-party cookies from Chrome.

Small businesses are increasingly being targeted by cyberattackers. Why, then, are security features priced at a premium?

With every new third-party provider and partner, an organization’s attack surface grows. How, then, do enterprises use threat intelligence to enhance their third-party risk management efforts?

Cybersecurity startup Zest Security emerged from stealth with an AI-powered cloud risk resolution platform to reduce time from discovery to remediation.

The threat group uses its “Stargazers Ghost Network” to star, fork, and watch malicious repos to make them seem legitimate, all to distribute a variety of notorious information-stealers-as-a-service.

The good news: Only organizations far behind on standard Windows patching have anything to worry about.

Players can only access the game by first joining its Telegram channel, with some going astray in copycat channels with hidden malware.

CrowdStrike vows to provide customers with greater control over the delivery of future content updates by allowing granular selection of when and where these updates are deployed.

The more we use the cloud, the more maintaining browser security becomes crucial.

Russia has cast aside its focus on civilian infrastructures and is instead targeting Ukraine’s military operations in myriad ways.

The cohort’s variety of individual tools covers just about any operating system it could possibly wish to attack.

Accenture researcher undercut WHfB’s default authentication using open source Evilginx adversary-in-the-middle (AitM) reverse-proxy attack framework.

A painful recovery from arguably one of the worst IT outages ever continues, and the focus is shifting to what can be done to prevent something similar from happening again.

An exploit sold on an underground forum requires user action to download an unspecified malicious payload.

A unified standard is essential for realizing the full potential of SBOMs in enhancing software supply chain security.

Here’s a dose of reality from those on the frontlines and how they’re coping.

Newly discovered “FrostyGoop” is the first ICS malware that can communicate directly with operational technology systems via the Modbus protocol.

The Israeli security startup’s technology helps organizations map existing accounts and credentials to existing employees to identify those that should be removed.