Security Boulevard

MARCH 13, 2024

While getting into “a land war in Asia” and “going in with a Sicilian when death is on the line” are classic blunders according to cult movie lore, there are classic blunders in cybersecurity we strive to avoid being victimized by - getting phished and falling prey to ransomware or business email compromise are a few that probably top the list.

DNS 49

DNS Architecture Cyber threats Phishing 49

Security Boulevard

AUGUST 30, 2021

<a href='/blog?tag=Endpoint tag=Endpoint Protection'>Endpoint Protection</a> <a href='/blog?tag=Data tag=Data Loss Prevention'>Data Loss Prevention</a> <a href='/blog?tag=File tag=File Transfers'>File Transfers</a> <a href='/blog?tag=Advanced

Social Engineering 101

Social Engineering Cybersecurity Unstructured Data Engineering 101

Troy Hunt

MARCH 2, 2020

This is going to be a lengthy blog post so let me use this opening paragraph as a summary of where Project Svalbard is at : Have I Been Pwned is no longer being sold and I will continue running it independently. Per the Project Svalbard announcement blog post, I engaged KPMG to run the merger and acquisition (M&A) process for me.

Data breaches 338

Data breaches Marketing Cyber Insurance InfoSec 338

SC Magazine

JANUARY 26, 2021

The scheme highlights the role and responsibility upper management plays in ensuring the security of their own company’s assets. But this one was “very deliberate” in that it “only sent to really a few people in that organization.”. The next most frequently targeted titles were managing director (9.7%) and CFO (4.8%).

Phishing 118

Phishing Passwords Security Awareness Social Engineering 118

eSecurity Planet

SEPTEMBER 15, 2021

Microsoft for the past few years has been among the loudest vendors calling for a security future that doesn’t include passwords. In 2018, the software giant took the step of doing away with passwords for people signing into its Edge web browser, saying instead they could use a number of alternatives. The Weakest Security Link.

Accountability 122

Accountability Passwords Authentication Phishing 122

eSecurity Planet

JANUARY 11, 2024

Ransomware remains just one of many different threats and as security teams eliminate key vectors of attack, adversaries will shift tactics. Which unmanaged devices do attackers use? Unmanaged devices consist of any device that connects to the network, cloud resources, or other assets without corporate-controlled security.

Ransomware 120

Ransomware Encryption IoT VPN 120

The Last Watchdog

NOVEMBER 9, 2020

Joe Alexander, a distinguished scientist at NTT Research, describe the astounding work he’s doing on a digital twin of a human heart that someday will crunch data to help diagnose and treat cardiac disease. The operating systems of home IoT devices today typically get shipped with minimal logon security.

IoT 279

IoT Healthcare Internet Internet 279

Thales Cloud Protection & Licensing

NOVEMBER 6, 2019

In a previous blog post ( [link] ) we explored the relationship between GPDR and applications in the cloud. Trust is generally the foundation and basis of any good relationship, but when it comes to protecting your organization, sometimes a Zero Trust mentality is your best bet. You arrive to work and check your O365 email account.

Identity Theft 109

Identity Theft Authentication Passwords Accountability 109

Duo's Security Blog

MARCH 28, 2023

Our documentary, “ The Life and Death of Passwords ,” explores with industry experts the history of passwords, why passwords have become less effective over time, and how trust is established in a passwordless future. See the video at the blog post. Humans are not the weakest link in information security. Today: Jayson E.

Passwords 73

Passwords Social Engineering Phishing Technology 73

Cisco Security

JULY 14, 2021

What can we do? And how can organizations stop it? Why is ransomware so dangerous, especially now? Data is the lifeblood of every organization, often halting operations when it’s not available. Why not just pay the ransom? So why not just pay the ransom? Ransomware is wreaking havoc. While the U.S.

Ransomware 139

Ransomware Technology Government Phishing 139

Security Affairs

APRIL 15, 2022

Cybersecurity experts would have you believe that your organization’s employees have a crucial role in bolstering or damaging your company’s security initiatives. Now is the moment to train your personnel on security best practices, if you haven’t already. Customize Your Security Training.

Cybersecurity 71

Cybersecurity Data privacy Data breaches Phishing 71

Duo's Security Blog

FEBRUARY 15, 2023

Duo Care sees our with customers as true partnerships where we work with organizations to develop an ongoing security strategy. Customer Success teams at different SaaS companies have called these meetings any number of things - but what do the meetings actually entail? Why does Duo Care enable EBRs?

Engineering 52

Engineering Accountability Information Security CISO 52

Troy Hunt

DECEMBER 20, 2017

What I'm talking about here is ensuring that when someone wants to report something of a security nature - and that could be anything from a minor vulnerability through to a major data breach - that channels exist to easily communicate the issue with the organisation involved. That's one of the things that needs to change in this industry.

Data breaches 217

Data breaches Risk Accountability Data collection 217

Security Boulevard

MAY 24, 2021

<a href='/blog?tag=Data tag=Data Security'>Data Security</a> <a href='/blog?tag=Data tag=Data Breach'>Data Breach</a> <a href='/blog?tag=Information Consequently, the challenge for most organizations now is: how do we share data safely and securely?

Data breaches 59

Data breaches Risk Government Encryption 59

Security Boulevard

NOVEMBER 15, 2022

With all these identities used across different types of machines, building and maintaining an accurate inventory is challenging, especially if you’re attempting to do so manually. This is the person (or ideally the group) responsible for the machine that needs the identity and the go-to when there’s an issue or incident with an identity.

Internet 52

Internet Internet DNS Risk 52

Webroot

AUGUST 5, 2021

In 2020 this situation was unfolding around the UK, and why CloudHappi began searching for a solution for their clients. Not unlike in the case of UK schools, IT admins will require greater access to productivity solutions without the need for physical space in which to operate.

Small Business 120

Small Business Architecture Firewall Education 120

Identity IQ

APRIL 12, 2023

Top 7 Data Security Practices for the Workplace IdentityIQ As businesses become increasingly reliant on technology, protecting sensitive information is more important than ever. Data breaches and cyberattacks can result in costly consequences, making strong data security practices essential. Financial security. Job security.

Passwords 52

Passwords Data breaches Antivirus Password Management 52

Duo's Security Blog

NOVEMBER 15, 2022

Some of us prefer to do nothing, while others like to keep their mind engaged and play a game. As fun as that sounds, if you’re a Cybersecurity Analyst, you may be doing something similar; searching through mountains of log data to find something different that could be a potential threat to your organization.

Authentication 54

Authentication Data breaches Risk Marketing 54

Security Boulevard

AUGUST 15, 2022

One of those outages brought down the company’s email server for more than a day, while another prevented their customers from accessing their software knowledge base for several hours. Meanwhile, the lack of an enforceable corporate policy meant that: Certificates were being stored in unexpected locations.

Encryption 52

Encryption Technology Software 52

Security Boulevard

JANUARY 17, 2024

Cain and Alexander DeMine Overview Remote Browser Isolation (RBI) is a security technology which has been gaining popularity for large businesses securing their enterprise networks in recent years. What is RBI and Why Use It? Why Do We Care? At this point, you may ask yourself, “I don’t really do web-based attacks.

DNS 64

DNS Penetration Testing Passwords Encryption 64

Centraleyes

DECEMBER 17, 2023

The Payment Card Industry Data Security Standard, known widely as PCI DSS, is a set of security standards intended to ensure that ALL businesses who accept, process, store, or transmit credit card data do so in a safe manner. introduces a novel approach that allows organizations to tailor their compliance measures.

Passwords 52

Passwords Computers and Electronics Software Risk 52

NopSec

AUGUST 30, 2022

In prior blogs, we’ve spelled out how an organization finds its vulnerabilities and how security teams consider threat intelligence to determine overall risk. Sure, for a very small organization with few assets to protect, remediation isn’t terribly complex. As an organization grows, however, so do the complexities.

Risk 40

Risk Technology Penetration Testing Cybersecurity 40

Digital Shadows

AUGUST 17, 2021

We’re talking about the email attack variety. Well, for starters, it continues to be a huge problem for organizations everywhere. It’s still showing up to drop ransomware and Trojans, harvest credentials, and spy on organizations like yours. Why should I care about Phish?

Phishing 52

Phishing Accountability Social Engineering Mobile 52

Security Boulevard

MARCH 31, 2022

Let’s not mince words: passwords are difficult for most organizations to manage. Though this is a type of insider threat, it is not the only one: even the most well-meaning and careful of users (including security staff!) Now that we know how RedLine got its start, we can talk about why it’s important to maintain familiarity with it.

Cybersecurity 98

Cybersecurity Social Engineering Passwords Malware 98

McAfee

MAY 14, 2020

The need to protect sensitive data has two main drivers, privacy legislation and protection of intellectual property against external breaches and insider threat. Protecting data within the four walls of an organization is no longer sufficient. Doing so closes all the gaps but has downsides. Want to find out more?

Engineering 70

Engineering Media Technology 70

Spinone

DECEMBER 28, 2018

With droves of today’s organizations moving to cloud environments at a rapid pace, there is no question that cloud infrastructure is a viable solution for today’s production workloads. A concern with literally all technical infrastructure today, whether it exists on-premises or in the cloud, is security.

Backups 69

Backups Technology Computers and Electronics Cybersecurity 69

McAfee

FEBRUARY 3, 2020

Laws such as CCPA and GDPR, not to mention vertical market regulations, make it clear how important this issue is to regulators, who take into account the security tools in use and their settings during investigations. Investigate shadow IT, unsanctioned cloud providers and THEIR security. Integrate with global SSO.

Technology 52

Technology Marketing Passwords Data collection 52

Duo's Security Blog

JULY 29, 2021

Part of our Administrator's Guide to Passwordless blog series See the video at the blog post. If you’re considering passwordless authentication for your organization today, you’ve probably been thinking for a while about a holistic authentication strategy. Detect anomalous user behavior and flag it for remediation.

Authentication 54

Authentication Passwords Accountability Manufacturing 54

McAfee

DECEMBER 17, 2020

It’s because t hese are many of the issues we face with Shadow IT , and are facing today regarding a similar security risk with connected apps. . This could be data stored in the app, like in SharePoint, or calendar information or email content. For example, the Evernote app for Outlook can be used for saving email data.

Data breaches 63

Data breaches Risk Firewall Government 63

Duo's Security Blog

MAY 23, 2023

Passwords are a weak point in modern-day secure authentication practices, with Verizon highlighting that almost 50% of breaches start with compromised credentials. What to do when your credentials are compromised How are credentials compromised in the first place? From the OAIC Notifiable Data Breaches Report 2.

Authentication 117

Authentication Passwords Data breaches Phishing 117

CyberSecurity Insiders

SEPTEMBER 21, 2021

This blog was written by an independent guest blogger. Modern organizations rely heavily on software and systems. Secure coding standards are significant, as they give some assurance that software installed on the organization’s system is protected from security flaws. Figure 1 Source: w3schools.

Authentication 79

Authentication Passwords Software Accountability 79

Security Boulevard

NOVEMBER 18, 2021

The current API top ten are Broken Object-Level Authorization , Broken User Authentication , Excessive Data Exposure , Lack of Resources & Rate Limiting , Broken Function-Level Authorization , Mass Assignment , Security Misconfiguration , Injection , Improper Assets Management , and Insufficient Logging & Monitoring.

Authentication 64

Authentication Accountability Passwords Engineering 64

ForAllSecure

JULY 21, 2020

In the inaugural episode, The Hacker Mind looks at why the West Point Military Academy, and other organizations within the DoD, is training its young cadets to hack. Transcript for EP 01: Why Is West Point Training Hackers? So what to do in your spare time. FRANK: Like a password policy problem. The answer?

InfoSec 52

InfoSec Passwords Hacking Cybersecurity 52

ForAllSecure

JULY 21, 2020

In the inaugural episode, The Hacker Mind looks at why the West Point Military Academy, and other organizations within the DoD, is training its young cadets to hack. Transcript for EP 01: Why Is West Point Training Hackers? So what to do in your spare time. FRANK: Like a password policy problem. The answer?

InfoSec 52

InfoSec Passwords Hacking Cybersecurity 52

ForAllSecure

JULY 21, 2020

In the inaugural episode, The Hacker Mind looks at why the West Point Military Academy, and other organizations within the DoD, is training its young cadets to hack. Transcript for EP 01: Why Is West Point Training Hackers? So what to do in your spare time. So what to do in your spare time. The answer?

InfoSec 52

InfoSec Passwords Hacking Cybersecurity 52

ForAllSecure

FEBRUARY 23, 2021

By that I mean the jumping over barbed wire fences, the crawling through ventilation ducts, the putting on of makeup to look like that woman from headquarters most people only see from emails -- you know, the John McClane in DIE HARD aspects of pen testing. I mean who wouldn't want to do that for a living? But that’s okay.

Penetration Testing 52

Penetration Testing InfoSec Cyber Attacks Education 52

ForAllSecure

FEBRUARY 23, 2021

By that I mean the jumping over barbed wire fences, the crawling through ventilation ducts, the putting on of makeup to look like that woman from headquarters most people only see from emails -- you know, the John McClane in DIE HARD aspects of pen testing. I mean who wouldn't want to do that for a living? But that’s okay.

Penetration Testing 52

Penetration Testing InfoSec Cyber Attacks Education 52