How to Use NeuVector with the MITRE ATT&CK Framework

Protect your container investment. Get the best coverage: Automated scanning. Unmatched DLP. Built-in compliance.

Download White Paper

How to Spot an Ineffective Security Practitioner
By rooting out ineffective security practitioners, you can keep your security teams protected and engaged in a productive manner.
Read the Full Column by Joshua Goldfarb

Working Securely From Anywhere With Zero Trust
Organizations considering ZTNA should look for these three essential components as a minimum when evaluating any solution.
Read the Full Column by John Maddison

Providing Developers Value-Focused Feedback in Security Software Development
Far too many engineers in the trenches don’t take the time to lift their heads to see context, so when good (and bad) things happen, this is a great management opportunity that you should take full advantage of.
Read the Full Column by Keith Ibarguen

How Threat Response is Evolving
Enterprises can't rely on Endpoint Protection Platforms (EPP) or Endpoint Detection and Response (EDR) tools to detect suspicious activity on a user’s system to quarantine the system or even to reimage.
Read the Full Column by Marc Solomon

The Ongoing Reciprocal Relationship Between APTs and Cybercriminals
Despite having different infrastructure, goals and methods, threat actors do not work in a vacuum. They feed off of each other.
Read the Full Column by Idan Aharoni

Understanding the Cryptocurrency-Ransomware Connection
How can organizations fight ransomware? The best solution is always prevention. Here are three tactics toward that goal.
Read the Full Column by Derek Manky

Hacking the Hire: Three Ways to Recruit and Retain Cyber Talent
When it comes to ensuring cyber talent retention, establishing the right working environment is critical to keeping people engaged and motivated to stay.
Read the Full Column by Tim Bandos

Three Ways to Keep Cloud Data Safe From Attackers
Current cloud deployments pose significant risks that could be mitigated with minor changes to infrastructure procurement and access.
Read the Full Column by Gordon Lawson

The Impact of the Pandemic on Today's Approach to Cybersecurity
As it has become clear that remote/hybrid work is here to stay, IT security practitioners must figure out how to enable a secure and resilient anywhere workforce to minimize their future risk exposure.
Read the Full Column by Torsten George

Measuring Cybersecurity Training Effectiveness
It’s important to show the effectiveness of training initiatives. Managers want to make sure that they're getting a return on their investment and justify future training budgets requests..
Read the Full Column by Jeff Orloff

Security for a Hybrid Workforce
We have had to accelerate into remote and now hybrid working models over the last year and a half. Now that we are getting back to work, there is still much to do as everything moves fast.
Read the Full Column by Laurence Pitt

Top Five Pitfalls When Considering Client Side Security
The question of the importance of the state of a client device is a debate that has been around for a few years in the security field.
Read the Full Column by Joshua Goldfarb

How to Use NeuVector with the MITRE ATT&CK Framework

Protect your container investment. Get the best coverage:
Automated scanning. Unmatched DLP. Built-in compliance.

Download White Paper

Cyberespionage Implant Delivered via Targeted Government DNS Hijacking: The newly discovered Tomiris backdoor contains technical artifacts that suggest the possibility of common authorship or shared development practices with the group that executed the SolarWinds supply chain compromise. Read More

CISA Warns of Hikvision Camera Flaw as U.S. Aims to Rid Chinese Gear From Networks: CISA is telling organizations to patch their Hikvision cameras, just as the FCC announced taking steps toward removing Chinese equipment from U.S. networks. Read Feature

Russia Detains Head of Cybersecurity Firm Group-IB: A Moscow court ordered the co-founder of Group-IB, one of Russia's leading cybersecurity firms, to be detained on charges of treason. Read Feature

China Intensified Attacks on Major Afghan Telecom Firm as U.S. Finalized Withdrawal: Four China-linked cyberespionage groups targeted a major Afghan telecom firm as the U.S. was finalizing its withdrawal from the country. Read More

COVID-19's Healthcare Feeding Frenzy for Cybercriminals: The vast increase in staff from all industries working from home, outside of their corporate network defenses and often on poorly protected home computers, has been a treasure trove for hackers. Read More

Google Announces Rewards for Tsunami Security Scanner Plugins: The search giant seeks to quickly extend the network scanner’s vulnerability detection and web application fingerprinting capabilities. Read Feature

Behavioral Analytics Provider ForMotiv Raises $6 Million: Real-time user behavior analysis platform ForMotiv this week announced it has raised $6 million in a third seed funding round. Read More

Akamai to Acquire Guardicore in $600M Zero Trust Tech Deal: Akamai adds new capabilities to help customers thwart ransomware attacks by blocking the spread of malware within an already-compromised enterprise. Read More

Microsoft Details FoggyWeb Backdoor Used by SolarWinds Hackers: Microsoft has detailed FoggyWeb, a post-exploitation backdoor that the hackers behind the SolarWinds attack have used to remotely exfiltrate data from AD FS servers. Read Feature

Colossus Ransomware Hits Automotive Company in the U.S.: The cybercriminals are demanding $400,000 to be paid in exchange for the decryption key. Read Feature

FinSpy Surveillance Spyware Fitted With UEFI Bootkitk: Security researchers at Kaspersky have spotted signs of the notorious FinSpy surveillance spyware hijacking -- and replacing -- the Windows UEFI bootloader to perform stealthy infections on target machines. Read Feature

Tokenization vs. Encryption for Data Protection Compliance: Cloud-based vaultless tokenization offers many advantages over current methods of protecting data and ensuring data compliance conformance. But it is in its infancy. It offers the potential for many new possibilities in the coming years. Read Feature

QNAP Patches Critical Vulnerabilities in QVR Software: Affecting only certain QNAP EOL devices running QVR, the security flaws can be exploited remotely to run arbitrary commands. Read More

Enterprises Warned About Zix-Themed Credential Phishing Attacks: Enterprise users have been warned that cybercriminals may be trying to phish their credentials using emails that spoof security company Zix. Read More

Trend Micro Patches Critical Vulnerability in Server Protection Solution: Tracked as CVE-2021-36745 (CVSS score of 9.8), the security hole exists because input during authentication isn’t properly validated. Read More

Cyber Insurance Firm Coalition Raises $205 Million at $3.5 Billion Valuation: Cyber insurance company Coalition has raised $205 million at a $3.5 billion valuation. The firm has raised more than $500 million to date. Read More

ImmuniWeb Launches Free Tool for Identifying Unprotected Cloud Storage: ImmuniWeb has launched a free online tool that organizations can use to identify unprotected cloud storage. Read More

US Cryptocurrency Promoter Pleads Guilty to Advising NKorea: A prominent American cryptocurrency promoter and former hacker has pleaded guilty to advising North Korea on using virtual money to avoid international controls. Read More

OWASP Top 10 Updated With Three New Categories: Broken Access Control becomes the top category with the most commonly encountered Common Weakness Enumerations (CWEs). Read More

Quad Nations Commit to Fostering a Secure Technology Ecosystem: The four countries will support new initiatives to improve the resilience of critical infrastructure against cyberattacks. Read More

Cloudflare Introduces Email Security Tools: Cloudflare announces email security solutions, including free tools for creating custom email addresses and preventing spoofing and phishing, as well as an Advanced Email Security Suite. Read More

Frustrated Researcher Discloses Three Unpatched iOS Vulnerabilities: A researcher has made public the details of three unpatched iOS vulnerabilities after he became frustrated with how Apple runs its bug bounty program. Read More

UK-Based Threat Detection Firm SenseOn Raises $20 Million: UK-based SenseOn has raised $20 million in Series A funding to scale its AI-based cybersecurity platform business. Read More

Controversial Web Host Epik Confirms Customer Data Exposed in Breach: Hackers accessed a non-public server and stole names, addresses, phone numbers, and in some cases credit card information. Read More