Apple's latest desktop operating system, High Sierra, has a massive vulnerability that allows anyone to create, without a password, a "root" account that has access to all files on the computer. It's the third authentication-related fumble found in High Sierra since its general release in September.
When Arbor Network's Paul Bowen looks at the IoT threat to healthcare, he's concerned about how medical devices are conceived, created and connected. And he says device manufacturers are dangerously behind the maturity curve when compared to threats actors.
Give crooks credit for topicality: They remain loathe to miss a trick. Indeed, hardly any time elapsed after Uber came clean about the year-old breach it had concealed before crack teams of social engineers unleashed appropriately themed phishing messages designed to bamboozle the masses.
Download this guide that provides tactical guidelines to assist Federal agencies in complying with the DHS Binding Operational Directive (BOD) 18-01 requirements.
This guide details:
Required Actions Overview
Required Actions - Email Security
Required Actions - Web Security
Status of Implementation
To meet the DHS Binding Operational Directive (BOD) 18-01, Federal agencies were required to submit an agency plan of action to improve email and web security by November 15th.
If this deadline came and went without submission - we have you covered.
Download this guide to creating an effective agency plan of...
A House committee is urging HHS to act soon on a recommendation made by its cybersecurity task force: Develop a description of the cyber risks of components of medical devices. But a task force member says Congress should be pressing HHS to take action on all of the panel's recommendations, not just one.
Security experts are awaiting more details from Intel about two classes of vulnerabilities in its chips that could put organizations' most trusted data at risk. Millions of computers are affected, and computer manufacturers must prepare and distribute customized patches.
Recent versions of Windows have a security problem: They're not random enough, CERT/CC warns. The problem centers on certain uses of ASLR, which is designed to block return-oriented programming techniques and code reuse attacks.
It's frightening what criminals can buy on the dark web. But it's even scarier that they may be buying your own security certificates to use against you. Venafi recently sponsored a six-month investigation into the sale of digital code signing certificates on the dark web. Conducted with the Cyber Security Research...
Our increased dependence on machines is so profound that even the definition of machine is undergoing radical change. The number and type of physical devices on enterprise networks has been rising rapidly, but this is outstripped by the number of applications and services they host.
At the same time, cloud adoption...
Identity and Access Management (IAM) programs are becoming increasingly essential to securing critical systems and data; last year, companies spent $7 billion on IAM, most on protecting user credentials, but almost nothing protecting keys and certificates, the credentials that identify and authorize machine-to-machine...
As certificate counts within the average organization rise to tens of thousands, it has become exponentially harder to manage them effectively. Many organizations turn to their certificate authorities (CAs) to protect the keys and certificates that each CA issues. The basic tools CAs provide are certainly a step up...
Is your organization exposed to an attack that misuses SSH keys?
You know that your organization is using SSH to safeguard privileged access. But you may not realize that your SSH keys could be vulnerable to insider and cyber threats.
The majority of those we surveyed didn't. Results from a 2017 study show that...
Dozens of lively discussions sprung up among the healthcare CISOs, legal experts and leaders from government agencies and technology vendors at Information Security Media Group's Healthcare Security Summit in New York. So what are some of the key takeaways?