Manage

Manage

Learn to apply best practices and optimize your operations.

• White hat Dave Kennedy on purple teaming, penetration testing

  Russia and other nation-states use application control bypass techniques because they don't "trigger any alarms," the chief hacking officer says. Continue Reading

• Kurt Huhn discusses the role of CISO in the Ocean State

  A strategy focused on widespread training and education leads to progress against one of the state's biggest threats, says the Rhode Island CISO. Continue Reading

• CISOs face third-party risk management challenges

  Security professionals understand all too well what's at stake, and that's why more companies look to tighten up security with third parties. Continue Reading

• How can GravityRAT check for antimalware sandboxes?

  A remote access Trojan -- dubbed GravityRAT -- was discovered checking for antimalware sandboxes by Cisco Talos. Learn how this technique works and how it can be mitigated. Continue Reading

• SamSam ransomware: How is this version different from others?

  Sophos recently discovered a SamSam extortion code that performs company-wide attacks using a range of vulnerability exploits. Discover how this version differs from past variants. Continue Reading

• How can live chat widgets leak personal employee data?

  Project Insecurity researchers found live chat software leaking personal employee data. Learn how attackers can use this leaked information and data to hurt organizations.Continue Reading

• BlackTDS: How can enterprise security teams avoid an attack?

  Proofpoint researchers found a bulletproof hosting evolution, BlackTDS, this is believed to be advertised on the dark web. Learn what security teams should know with Nick Lewis.Continue Reading

• Android Trojan: How is data being stolen from messaging apps?

  Trustlook Labs discovered an Android Trojan stealing data from messaging apps. Learn what mobile security pros should look for to detect this malware with expert Nick Lewis.Continue Reading

• Why a unified local government security program is crucial

  When considering a local government cybersecurity program, companies must understand the dangers of not having one. Matt Pascucci explains why a program designed to monitor the public sector is crucial.Continue Reading

• GoScanSSH: How does this malware work and differ from others?

  A group of malware was discovered targeting public SSH servers. However, it avoided certain IP addresses. Discover how this is possible and how the malware works with Nick Lewis.Continue Reading

• PulseNet: How do improper authentication flaws affect it?

  GE reported an improper authentication flaw in its PulseNet network management software for critical infrastructures. Discover how this flaw works with Judith Myerson.Continue Reading

• Secure encrypted virtualization: How is this technology exploited?

  Researchers claim to have found a new attack against VMs that affects SEV technology. Expert Judith Myerson explains what this attack is and how it can be exploited.Continue Reading

• WPA3 protocol: Should enterprises implement the changes?

  The Wi-Fi Alliance released the updated WPA3 protocol, adding security enhancements to the Wi-Fi access process. Learn why enterprises should update with Judith Myerson.Continue Reading

• How SOC metrics improve security operation centers' performance

  With the use of security operations centers comes the need for effective security metrics to gauge SOC performance and improve security posture. Learn more with expert Nick Lewis.Continue Reading

• What is VPNFilter malware and how can users protect themselves?

  A new threat named VPNFilter was discovered by cybersecurity researchers after home and office routers were compromised. Learn how this malware works with Judith Myerson.Continue Reading