Data Protection March 22, 2019 Vulnerability Assessments Versus Penetration Tests: A Common Misconception 6 min read - Vendors, cybersecurity professionals and marketing teams often use the terms "penetration testing" and "vulnerability assessment" interchangeably, mixing two completely different security engagements.
Application Security March 14, 2019 Application Security Has Nothing to Do With Luck 3 min read - If a safe, secure product and a satisfied customer base is the pot of gold at the end of your rainbow, it's time to build application security processes into your development cycle.
Application Security March 5, 2019 Blockchain: Making the Reward Much Greater Than the Risk 5 min read - The decentralized nature of blockchain, coupled with consensus protocols, helps to address some security needs, but the consequences can be dire if security isn't fully explored.
February 27, 2019 Threat Actor Using Fake LinkedIn Job Offers to Deliver More_eggs Backdoor 2 min read - Security researchers discovered that a threat actor is targeting LinkedIn users with fake job offers to deliver the More_eggs backdoor.
Software Vulnerabilities February 20, 2019 Calling Into Question the CVSS 6 min read - X-Force Red believes vulnerabilities should be ranked based on the importance of the exposed asset and whether the vulnerability is being weaponized by criminals, not necessarily its CVSS score.
CISO January 28, 2019 Break Through Cybersecurity Complexity With New Rules, Not More Tools 4 min read - While many CISOs are tempted to invest in as many new technologies as they can find to fight emerging threats, less is more when it comes to minimizing cybersecurity complexity.
Application Security January 7, 2019 The System Development Life Cycle: A Phased Approach to Application Security 7 min read - By completing the phases of the system development life cycle (SDLC), security teams can integrate processes and technologies into the development process and improve application security.
January 4, 2019 Ursnif, Emotet, Dridex and BitPaymer Malware Families Team Up to Wreak Havoc 2 min read - Researchers discovered a link between four malware families — Ursnif, Emotet, Dridex and BitPaymer — that suggests threat actors may be combining efforts to develop more sophisticated attack vectors.
December 20, 2018 Threat Actors Utilize Spear Phishing Emails Impersonating US Department of State Employees 2 min read - Microsoft Windows Defender Research discovered an attack campaign that utilized spear phishing emails impersonating U.S. Department of State employees to gain remote access to victims' machines.
CISO December 17, 2018 How to Check for Blind Spots in Your Security Program 3 min read - An effective security program does more than merely take on the appearance of cyber resilience. Learn how to look behind the curtain of your enterprise security.