Five years ago, cybersecurity executive Dave Merkel called upon enterprises to shed their "peacetime" mindsets and adopt a "wartime" stance against persistent cybercriminals and nation-state actors. How have they risen to that challenge?
The British government continues to delay deciding whether it will ban Chinese networking gear from its national 5G rollout, as the Trump administration demands. But with future trade deals on the line as the U.K. navigates its "Brexit" from the EU, Britain cannot afford to anger either Beijing or Washington.
The NSA took the unusual step Tuesday of announcing what it calls a "severe" vulnerability in Microsoft's Windows 10 operating systems ahead of Microsoft's Patch Tuesday security update. The flaw could allow attackers to execute man-in-the-middle attacks or decrypt confidential data within applications.
U.S. Attorney General William Barr is ratcheting up the pressure on Apple to unlock two iPhones belonging to a Saudi national who carried out a deadly shooting in December. The attorney general is labeling the shooting as an act of terrorism and says Apple is hampering a counterterrorism investigation.
Microsoft this week issues the final, free security updates for its Windows 7 operating system, as well as Windows Server 2008 and 2008 R2. But with one-third of all PCs continuing to run Windows 7, experts are urging organizations to immediately move to a more modern operating system.
Proof-of-concept code has been released to exploit a severe Citrix vulnerability present in tens of thousands of enterprises. Citrix says it's developing permanent patches but that enterprises should use its mitigation guidance. In the meantime, attackers are hunting for vulnerable machines.
Corporate network security breaches, which can prove costly to remediate and expose a company to lawsuits, are frequently the result of vulnerabilities that could have been fixed for a relatively low cost. A a brute force penetration test is a critical first step in finding those vulnerabilities.
Six months after Facebook agreed to a landmark privacy settlement with the U.S. Federal Trade Commission that resulted in a $5 billion fine, a federal judge is still considering objections from advocacy groups that claim the deal doesn't go far enough.
British regulators have fined Dixons Carphone $653,000 for a breach that exposed millions of payment card details and personal data due to point-of-sale malware. The retailer's lack of security contributed to a "careless loss of data," the Information Commissioner's Office says.
Is it possible that a nation-state actor such as Iran could create a cybersecurity incident that compromises the U.S. power grid? Bernie Cowens, most recently CISO at the nation's largest electric utility, says that's unlikely because the power grid is more cybersecure than you might think.
The security company Check Point has revealed several vulnerabilities in TikTok, the popular Chinese video app that has raised concerns lately from the U.S. military and lawmakers. The issues are fixed, and TikTok says it doesn't appear the issues were exploited for a breach.
Organizations in Asia, like those in the United States and around the world, are preparing for potential cyberattacks tied to Iran in the wake of the U.S. killing of Iranian Major General Iranian Major General Qasem Soleimani last week.
A ransomware attack has held London-based foreign currency exchange firm Travelex hostage since New Year's Day, the company confirmed Tuesday. It appears that the Sodinokibi group is behind the attack and is asking for millions from the company.
The FBI has sent a letter to Apple asking for help in accessing encrypted data from two iPhones belonging to a deceased shooter. The bureau's move may be a prelude to another legal fight between the FBI and Apple over strong encryption.
Complex, manual processes and disparate, disconnected tools make it difficult for security and IT teams to mount a cohesive response. Bryce Schroeder of ServiceNow discusses a more effective approach to vulnerability response.