The EU's General Data Protection Regulation (GDPR) will take the place of the Data Protection Act of 1998, going into effect on May 25, 2018 and enforced by the U.K.'s Information Commissioner's Office. Learn more about ensuring data confidentiality, integrity and availability for GDPR.
Large and small defense contractors working on weapons and drones technology were targeted in phishing attacks against personal Gmail and corporate email accounts. Defense and civilian contractors must comply with NIST cybersecurity guidelines to protect against threats.
There are many, many Adobe Flash Player vulnerabilities (at least 1,045 reported ones listed in CVE Details), but one recent bug has been reportedly actively exploited by attackers - and there's no fix yet.
Less than 10 percent of active Google accounts use two-step verification (2SV) to secure access to their services, like Gmail. While experts commonly favor using two-factor authentication or password managers, these tools are virtually absent from the security posture of regular users.
Pawn Storm (aka Fancy Bear) has been attempting to phish webmail accounts for many years now, targeting U.S. senators and political organizations across the world, according to a recent Trend Micro report.
A survey of consumers found they need to work on their basic security hygiene. The blurring of lines between personal and work means their poor habits can potentially affect corporate security.
NIST renames Authentication to Identity Management, updating their Cybersecurity Framework & Roadmap - calling for more contextual, adaptive and risk-aligned identity security solutions.
During this time of the year, holiday shopping can mean it’s harder for people to keep track of their online transactions and accounts - recent PayPal and Amazon phishing campaigns are taking advantage of this in order to steal data from consumers.
AWS S3 bucket misconfigurations have left sensitive and even classified data exposed online - a new approach to enterprise security is essential to protect against risks posed by cloud-based applications and storage.
A number of recent malicious Google Chrome extensions that steal user data and CPU have slipped into the Chrome Web Store, disguised as ad blockers, security tools and URL shorteners. Users beware of shady extensions in the Chrome Web Store...
A new severe variation of the Not-Petya ransomware has infected mainly Russian users - here’s how it spreads and how to protect against it.
The exposure of SSH keys to public websites or code repositories can result in unauthorized admin access to your servers and systems.
Learn about KRACK (key reinstallation attacks), the serious WPA2 vulnerabilities and how it impacts authentication and certain platforms, plus caveats on how the attack can work in the real world.
There’s a new sneaky brute-force attack targeting unprotected enterprise Office 365 accounts, including those in the manufacturing, financial services, healthcare industries.
New York-based banks, insurance companies and other financial services must comply with finalized cybersecurity regulations - here’s a summary of the mandatory provisions and components of a cybersecurity program.
A new guide has been released by Duo, Healthcare Information Security - a collection of relevant articles on the latest information security themes in the healthcare industry. Download it today!
There have been countless examples of misconfigured access to Amazon S3 buckets containing massive amounts of sensitive data - here’s how you can configure granular access policies and use MFA to protect your data in the cloud.
Malicious attacks against U.K. universities have doubled in the past year - find out how to protect against ransomware and phishing attacks that target research data.
See how many healthcare data breaches have been reported so far in 2017, how many are due to hacking, what areas are lacking in security protection, how many ransomware attacks have targeted healthcare and more.
A White House advisory group, The President’s National Infrastructure Advisory Council (NIAC), has released an 11-step report urging the Administration to take action to protect against “a watershed, 9/11-level cyber attack.”
NIST releases a new version of their Security and Privacy Controls, addressing new risks posed by the latest technology - the Internet of Things, plus guidance on combining single sign-on and multi-factor authentication.
A recently patched, high-severity Windows vulnerability, CVE-2017-0199, is being used in phishing attacks to deliver malware to users - hitting 1.5 million users in Q2 of this year.
New NIST guidelines recommend using long passphrases instead of seemingly complex passwords - check out a summary of the new best practices for password security in NIST’s SP 800-63B.
Access security and identity have evolved quickly over the years - here’s what to look for in a modern two-factor authentication solution.
NIST has updated their Digital Identity Guidelines, SP 800-63-3 with final security recommendations - see the new standards that many industries, including government agencies and contractors, need to follow.