Fresh from the feed

Articles in this issue include: - Six infosec tips I learned from Game of Thrones - Dissecting the newly-discovered desire for control and privacy - Incident response and failure of the "Just Fix It" attitude - How to learn information security - Who are you? The impact of security breaches on authentication - Thecus N5550 NAS Server inside and out - Report: Hack In The Box Amsterdam 2014 - Ensuring the integrity of Rostelecom’s Wi-Fi network - What inspired you to start hacking? - Beyond Heartbleed: Closing SSL implementation gaps within our own networks - Ironclad incident response - Hands-on fun at HacKid 2014 - Are you ready for the day when prevention fails? - Why privacy engineering is needed

Articles in this issue include: - Privacy by design: What it is and where to build it - Harnessing artificial intelligence to build an army of virtual analysts - Building and implementing an incident response program from scratch - Take it to the boardroom: Elevating the cybersecurity discussion - Cyber security control maturity: What it is, and why you should care - Have I been hacked? The indicators that suggest you have - Demanding accountability: The need for cyber liability - Adding the cloud to your rainy day plan - The slings and arrows of encryption technology

Articles in this issue include: - Securing the future: Best practices for keeping corporate information safe during an M&A - Executive hot seat: Ron Green, Executive VP, CISO at MasterCard - 7 tips to get the absolute best price from security vendors - How CISOs can bridge the gap between their organizations’ IT and security needs - Risk management: Risks are lurking everywhere - Report: Infosecurity 2016 - Internet of Fail: How modern devices expose our lives - Executive hot seat: Sumedh Thakar, Chief Product Officer at Qualys - Security: Missing from DevOps thinking? - The life of a social engineer: Hacking the human - What 17 years as an infosec trainer have taught me

Articles in this issue include: - SCADA cybersecurity: A long history of errors - Healthcare security: Combating advanced threats - Do nott let your security education and awareness to take the back seat - The devil is in the details: What your metadata says about you - ICS cybersecurity: Futurism vs the here and now - Will cybersecurity change with a change in administration? - Review: IS Decisions UserLock - "Build security in from the start" for app developers - Executive hot seat: Lior Frenkel, CEO at Waterfall Security Solutions - Narrowing the attack surface: A strategic approach to security - Black Friday sales and enterprise data: Compromised information on the dark web - Commonly overlooked threat vectors - Kaspersky Lab sets up a global ICS-CERT - A checklist for people who understand cyber security

Articles in this issue include: - How to leverage the benefits of open source software in a secure way - Antivirus 2017: Security with a hint of surveillance - Evolving PKI for the Internet of Things - 7 real-world steps to security nirvana - The HTTPS interception dilemma: Pros and cons - Deception security doesnt have to be onerous or expensive - Report: BSides Ljubljana 0x7E1 - 5 spring cleaning tips for your Identity and Access Management program

Articles in this issue include: - The death of passwords: Cybersecurity fake news? - Breaking the secure enough mindset - Cyber hygiene: The more you know - What's an IT architect, and could you become one? - Report: Infosecurity Europe 2017 - Is your dragline dragging in security threats? - Businesses finally realize that cyber defenses must evolve - A simplified guide to PCI DSS compliance

Articles in this issue include: - Building a successful information security monitoring program in an age of overwhelming data - AI for cybersecurity: Promises and limitations - Report: Black Hat USA 2017 - Designing security policies to fit your organization’s needs - KPN CISO paints a greater security picture - Has healthcare misdiagnosed the cybersecurity problem? - Review: Acunetix 11 - Why end-to-end encryption is about more than just privacy - Journey to the cloud: Automated, continuous, visible - How to catch a phish

Articles in this issue include: - Achieving zero false positives with intelligent deception - Expected changes in IT/OT convergence and industrial security - Testing machine learning products requires a new approach - Why do we need a risk-based approach to authentication? - Healthcare organizations and the cloud: Benefits, risks, and security best practices - A deep dive into blockchain and Bitcoin

Articles in this issue include: - The importance of career pathing in the cybersecurity industryy - Securing healthcare organizations: The challenges CISOs facey - Fingerprinting HTTP anomalies to dissect malicious operationsy - How to keep cryptominers from opening up your IT container boxesy - Report: Black Hat USA 2018y - Vulnerability research and responsible disclosure: Advice from an industry veterany - Managing migration mayhem: A roadmap for successy - For the love of a good IT book: The No Starch Press storyy - Overcoming the threat of ransomware with zero-day recoveryy - Infosec and the future: Dr. Giovanni Vigna on lessons learned over 25 yearsy

Articles in this issue include: - How to make the CFO your best cybersecurity friend - Review: Specops Password Policy - Break out of malware myopia by focusing on the fundamentals - Securing our future in the age of IoT - Blind spots and how to see them: Observability in a serverless environment - There are no real shortcuts to most security problems - Bridging the priority gap between IT and security in DevOps - Are you ready? A good incident response plan can protect your organization - Privacy laws do not understand human error: Securing unstructured data in the age of data privacy regulations - The future of OT security in critical infrastructure

Articles in this issue include: - What's your company's risk exposure? - The modern threat landscape and expanding CISO challenges - Product showcase: Veriato Cerebral user & entity behavior analytics software - Building a modern data registry: Go beyond data classification - What happened to trust and transparency in cybersecurity? - Prioritising risks in a climate of geopolitical threats - An intelligence-driven approach to cyber threats - Is curiosity killing patient privacy? Combatting insider threats in the healthcare contact center - Protecting applications against DFA attacks - The SEC demands better disclosure for cybersecurity incidents and threats

Articles in this issue include: - Identifying evasive threats hiding inside the network - Inside the NIST team working to make cybersecurity more user-friendly - Report: Black Hat USA 2019 - Healthcare blind spot: Unmanaged IoT and medical devices - What the education industry must do to protect itself from cyber attacks - Solving security problems: Security advice for those with limited resources - Review: Specops uReset - True passwordless authentication is still quite a while away - Six criteria for choosing the right security orchestration vendor - Ensuring supply chain security: 5 IT strategies for choosing vendors wisely - Have you thought about the often-overlooked mobile app threat?

Articles in this issue include: - Could audio warnings augment your ability to fight off cyberattacks? - Your supplier’s BEC problem is your BEC problem - Product Showcase: SpyCloud Active Directory Guardian - Unmask cybercriminals through identity attribution - Phishing attacks are a complex problem that requires layered solutions - Winning the security fight: Tips for organizations and CISOs - Want to build a SOC? Here is what you need to know beforehand - Product showcase: Alsid for AD - When is the right time to red team? - IoT is an ecosystem, as secure as its weakest link

Articles in this issue include: - A case for establishing a common weakness enumeration for hardware security - Things to keep in mind when raising capital for your cybersecurity venture - Burner phones are an eavesdropping risk for international travelers - Hardware hacks: The next generation of cybercrime - California’s IoT cybersecurity bill: What it gets right and wrong - 7 signs your cybersecurity is doomed to fail in 2020 - How to test employee cyber competence through pentesting - Smart cities are on the rise: What are the dangers? - Modern security product certification best practices - Why outsourcing your DPO is an effective insurance policy

Articles in this issue include: - Let us be realistic about our expectations of AI - Full-time bug hunting: Pros and cons of an emerging career - Crowdsourced pentesting is not without its issues - Changing the mindset of the CISO: From enforcer to enabler - Review: Specops Key Recovery - Is the future of information security and tech conferences virtual? - Cybersecurity is a board level issue: 3 CISOs tell why - The top four Office 365 security pain points - On my mind: Transitioning to third party cloud services

Articles in this issue include: - Physical cyber threats: What do criminals leave when they break in? - Review: Group-IB Fraud Hunting Platform - The transportation sector needs a standards-driven, industry-wide approach to cybersecurity - Tips for boosting the “Sec” part of DevSecOps - When it comes to vulnerability triage, ditch CVSS and prioritize exploitability - Homomorphic encryption: Myths and misconceptions - How to motivate employees to take cybersecurity seriously - Enable secure remote workspaces without trashing your entire IT infrastructure - Protecting productivity within the disappearing perimeter - Closing the data divide: How to create harmony among data scientists and privacy advocates - Database encryption: Protecting the crown jewels - Can we put a stop to cyber harassment? - Preparing for the CMMC onslaught - For SOC teams, the analytics and automation hype is real - Three ways MITRE ATT&CK can improve your organizational security

Articles in this issue include: - Why threat hunting is obsolete without context - Review: Group-IB Threat Hunting Framework - Navigating the waters of maritime cybersecurity - Defending against Windows RDP attacks - The evolution of the modern CISO - Understanding the cloud shared responsibility model - Why is patch management so difficult to master? - Preventing security issues from destroying the promise of IoT - Reformulating the cyber skills shortage - Cybersecurity industry analysis: Another recurring vulnerability we must correct - For CISOs and artificial intelligence to evolve, trust is a must - Quantum computing is imminent, and enterprises need crypto agility now - When the adversarial view of the attack surface is missing, digital transformation becomes riskier

Articles in this issue include: - How to develop a skilled cybersecurity team - Securing your WordPress website against ransomware attacks - The warning signs of burnout and how to deal with it - How to prevent corporate credentials ending up on the dark web - Risky business: Steps for building an effective GRC program - ​A ​remedial approach to destructive IoT hacks - Zero trust: Bringing security up to speed for the “work-from-anywhere” age - What is the HIPAA Security Rule? Three safeguards to have in place - Why automated pentesting won’t fix the cybersecurity skills gap - What are the post-pandemic security concerns for IT pros and their organizations - Vulnerability management is facing three core problems: Here’s how to solve them - How building a world class SOC can alleviate security team burnout - Top tips for preventing SQL injection attacks

Articles in this issue include: - Review: Hornetsecurity 365 Total Protection Enterprise Backup - 7 threat detection challenges CISOs face and what they can do about it - How to set up a powerful insider threat program - Top 5 security analytics to measure - How to avoid security blind spots when logging and monitoring - Photo gallery: Cyber Week 2022 - Review: Enzoic for Active Directory - An offensive mindset is crucial for effective cyber defense - The SaaS-to-SaaS supply chain is a wild, wild mess - How the blurring of the supply chain opens your doors to attackers—and how you can close them

My social media feed is now a hellish stream of puerile AI slop. Am I stubborn to want to hang on to reality? Recently, a friend sent me a video of a man dressed as a pickle. Following a high-octane car chase, the pickle flung himself out of the car and flailed down the highway. It was stupid and we laughed. But it also wasn’t real. When I pointed out to my friend that the video was AI-generated, she was taken by surprise, noting she’s usually pretty good at spotting them. She was also frustrated: “I hate having to be on the constant lookout for AI trash,” she lamented in the chat. And I feel that. Becoming an AI detective is a job I never wanted and wish I could quit. Continue reading...