Collaborate Disseminate
What’s a secret? That’s a good question. But if you’re here, you probably already understand what a secret is, with regards to software engineering. You also understand that once code has been merged, detecting and fixing security related defects in co… Continue reading How to help developers keep secrets out of code
The National Security Agency (NSA) has published two cybersecurity information sheets (CSIs) with recommendations for National Security System (NSS) and Department of Defense (DoD) workers and system administrators on securing networks and responding t… Continue reading NSA Issues Cybersecurity Guidance for Remote Workers, System Admins
Verizon this week published its 2020 Data Breach Investigation Report (DBIR). The report is based on insights from thousands of incidents and it’s more detailed and more thorough than ever.
read more
Continue reading Industry Reactions to Verizon 2020 DBIR: Feedback Friday
A Russian military court convicted a former senior counterintelligence officer and a cybersecurity firm executive of treason Tuesday, concluding a case that initially aroused speculation of a manufactured effort to punish the source of leaks about Russ… Continue reading Russia’s Ex-Cybersecurity Chief Gets 22-Year Sentence in Jail
The U.S. House of Representatives’ Committee on Energy and Commerce has released a report identifying strategies for the prevention and mitigation of cybersecurity incidents.
read more
Continue reading House Releases Cybersecurity Strategies Report
Organizations are getting better at detecting intrusions on their own, but it still takes them a long time to do it, according to a new report published on Tuesday by endpoint security firm CrowdStrike.
read more
Continue reading Organizations Still Slow to Detect Breaches: CrowdStrike
The U.S. National Institute of Standards and Technology (NIST) announced on Tuesday that its Computer Security Division has decided to withdraw eleven outdated SP 800 publications.
read more
Continue reading NIST to Withdraw 11 Outdated Cybersecurity Publications
Adversaries have patience and expect to persevere over any and all obstacles that stand in front of them. Their toolkit is not limited and if at first they don’t succeed they’ll try again until they complete their mission. The enterprise’s challenge: find and disrupt them before they fulfill their mission and prepare for the next… Continue reading Attack Campaigns: Connecting the Dots to Disrupt the Adversary – sponsored
It’s no secret, password secrets haven’t held up for quite some time against attacks targeting consumers and enterprise organizations. Breach after breach, credential compromise seems to be the path of least resistance. Why bother attempting to exploit a remote server against an unknown or even known vulnerability, when phishing a human will do just fine?… Continue reading User Authentication Gets Flexible – sponsored
It’s no secret, password secrets haven’t held up for quite some time against attacks targeting consumers and enterprise organizations. Breach after breach, credential compromise seems to be the path of least resistance. Why bother attempting to exploit a remote server against an unknown or even known vulnerability, when phishing a human will do just fine?… Continue reading User Authentication Gets Flexible – sponsored