WHY IT MATTERS: Digital Transformation

The best protection against being hacked is well-informed developers. Make your development team into security experts today.

In 2011, Chinese spies stole the crown jewels of cybersecurity—stripping protections from firms and government agencies worldwide. Here’s how it happened.

The DIACC is pleased to publish the first iteration of the Directory of Products That Assess Identification Documents & Verify Identity. This Directory is designed to provide an overview of providers’ solutions which use government issued photo identification cards, combined with biometric facial scans, to establish Digital Identity.

Each of these distinct attacks had two things in common: China and Super Micro Computer Inc., a computer hardware maker in San Jose, California. They shared one other trait; U.S. spymasters discovered the manipulations but kept them largely secret as they tried to counter each one and learn more about China’s capabilities.

IT Security Certification Roadmap charting security implementation, architecture, management, analysis, offensive, and defensive operation certifications.

MITRE started ATT&CK in 2013 to document common tactics, techniques, and procedures (TTPs) that advanced persistent threats use against Windows enterprise networks. ATT&CK was created out of a need to document adversary behaviors for use within a MITRE research project called FMX.

As remote work increases access management tool adoption, and security controls shift to identity, the ability to secure access with AM strategies aligned with continuous adaptive risk and trust assessment is paramount. Cost optimization for IT spending (e.g., AM) will also increase during 2021.

The purpose of the PCTF Authentication Component is to assure the on-going integrity of login and authentication processes by certifying, through a process of assessment, that they comply with standardized Conformance Criteria.Click here to edit the content

Several stories here have highlighted the importance of creating accounts online tied to your various identity, financial and communications services before identity thieves do it for you. This post examines some of the key places where everyone should plant their virtual flags.

Make no mistake, the knowledge of hacking is different from a hacker. A hacker is a person, not the skill. And the use of any knowledge is a personal choice and that choice isn’t universal. The same way some politicians are corrupt, some hackers are corrupt. The same way some politicians are good, some hackers are good also. You may be a Satoshi Nakamoto or an Albert Gonzalez, it is your choice. There is nothing wrong with the hacker knowledge. It is all about you. What You’ll Learn

Attackers look for the path of least resistance. Recently, that path has shifted from enterprise networks to you and your devices for two reasons. First, as we have built more secure software and systems, it has made it harder to …

How to get off of people search sites like Pipl, Spokeo, and WhitePages.

The growing cyber skills shortage drives security organizations to look for ways to mitigate the pain and danger that short-staffed security teams can experience. In its report, Security Organization Dynamics, Gartner outlines this ongoing challenge and notes how, “Persistent security skills shortages have forced security leaders to explore new ways of obtaining and managing security capabilities.”

Gartner points out that hiring may not be the only option for filling the gap, cautioning that, “Few, if any, enterprises can afford to perform all security functions in-house. Consider selective outsourcing of functions, especially those that are operationalized or ad hoc.”

Internet infrastructure giant Akamai last week released a special State of the Internet report. Normally, the quarterly accounting of noteworthy changes in distributed denial-of-service (DDoS) attacks doesn’t delve into attacks on specific customers. But this latest Akamai report makes an exception in describing in great detail the record-sized attack against KrebsOnSecurity.com in September, the largest such assault it has ever mitigated.