The MGM Cybersecurity Breach: Learnings and Prevention Measures

As many are aware, the systems of the $14 billion dollar gaming and hospitality giant MGM have been brought to a halt for nearly 5 days due to a multi-vector attack that has come to affect Caesars Entertainment as well. While the culprits of the attack are not confirmed, hacking group Scattered...

5 Security Lessons for Small Security Teams for the Post COVID19 Era

A full-time mass work from home WFH workforce was once considered an extreme risk scenario that few risk or security professionals even bothered to think about. Unfortunately, within a single day, businesses worldwide had to face such a reality. Their 3-year long digital transformation strategy w...

2020 Work-for-Home Shift: What We Learned

Goodbye, 2020 — and good riddance, right? Most of us don’t want to take too much from this year into the next — but let’s make an exception for what we learned about security in the wake of the COVID-19 pandemic. In 2021 after all, more enterprises will permanently downsize their physical spaces...

Tokyo Olympics Postponed, But 5G Security Lessons Shine

The 2020 Summer Olympics in Tokyo were officially postponed this week amid the ongoing, pandemic spread of the coronavirus that causes COVID-19. The Games will be moved to 2021, but in the meantime, technological innovation around the event will continue. More specifically, postponed or not, the...

Introducing Cisco Talos Incident Response: Stories from the Field

By Jon Munshaw. As another way of bringing our boots-on-the-ground intelligence to defenders, customers and users, we are introducing a new video series called "Cisco Talos Incident Response: Stories from the Field." In each entry, a CTIR team member will cover one specific incident or lesson tha...

WAF-Based Attacks & The Future of Security

Understand WAFs and cybersecurity. Recent WAF-based breaches with CapitalOne, Imperva, and Cloudflare offer essential lessons we can learn from where WAF technology is failing us and what can we do to improve our security. The post WAF-Based Attacks & The Future of Security appeared first on...

E-Mail Vulnerabilities and Disclosure

Last week, researchers disclosed vulnerabilities in a large number of encrypted e-mail clients: specifically, those that use OpenPGP and S/MIME, including Thunderbird and AppleMail. These are serious vulnerabilities: An attacker who can alter mail sent to a vulnerable client can trick that client...

Deliberately Insecure Web Application: OWASP WebGoat

WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. You can install and practice with WebGoat in either J2EE or WebGoat for .Net in ASP.NET. In each lesson, users must demonstrate their understanding of a security issue by...

Carry Wikileaks Lessons Into The New Year

Editor’s Note: The storm of news coverage about the release of confidential diplomatic memos by whistleblower site Wikileaks may have passed, but the story is far from over. In the meantime, organizations are left to draw their own conclusions about the lessons of the Wikileaks scandal and, then,...

6 Months of 2010 In, 6 Major Database Breaches

Here are six of the more eye-popping database-related breaches so far this year — and some lessons learned from each. Read the full article. Dark Reading...