Multiple flaws - all serious, exploitable and some already being actively exploited - came to light last week. Big names - including Cisco, Facebook, Intel and Microsoft - build the software and hardware at risk. And fixes for some of the flaws are not yet available. Is this cybersecurity's new normal?
Attackers exploiting a buffer overflow in WhatsApp's signaling software to automatically infect devices with malware - without users even having to answer their phone - and then alter call logs to hide attack traces is "a bit of a nightmare scenario," says cybersecurity expert Alan Woodward.
Serving as a "virtual CISO" offers advantages as well as challenges, says Doug Copley, who's a CISO contractor for several healthcare sector entities. He shares insights on this unusual job opportunity.
With cyberattacks, online espionage and data breaches happening at a seemingly nonstop pace, Western intelligence agencies are bringing many of their capabilities out of the shadows to help businesses and individuals better safeguard themselves and respond. We need all the help we can get.
Every day needs to be password security day - attackers certainly aren't dormant the other 364 days of the year. But as World Password Day rolls around again, there's cause for celebration as Microsoft finally stops recommending periodic password changes.
Fraud, e-hustles and social engineering attacks continues to proliferate, the FBI's latest report into the state of internet crime confirms. But over the past year, a new FBI tactic for quickly stopping fraudulent wire transfers has notched notable successes.
Microsoft says intruders targeting its email services had access to email content for a single-digit percentage of the overall affected accounts, a more serious conclusion than first thought. But the company hasn't released many details, including the total number of accounts affected.
Nearly one-quarter of the global cybersecurity workforce is now made up of women. But women still face significant compensation and other career challenges, according to a new study. Mary-Jo de Leeuw of (ISC)2 shares analysis.
The exits of the Department of Homeland Security secretary and Secret Service director are prompting discussion about the continuity of U.S. cybersecurity policy because the agencies play a key role in securing infrastructure and investigating financial cybercrime.
Email remains the top threat vector for organizations. And while the move to cloud-based solutions has significantly improved email security, environments such as Office365 have their own complexities that need to be addressed, says David Wagner, CEO of Zix Corp.
Call to action: Information security teams should "include mental health topics in their team meetings, their management reports and metrics, as well as face to face meetings," says to Thom Langford, head of security consultancy (TL)2, speaking from experience.
Cybersecurity leaders hear a lot about speaking to the board. But increasingly, these leaders are also tapped to serve on boards of directors. What business skills are most needed and often lacking? Executive recruiter Joyce Brocaglia of Alta Associates and the Executive Women's Forum explains.
What is the role of professional certification companies in the cybersecurity education ecosystem? In part one of a two-part panel discussion on the future of cybersecurity education, John McCumber of (ISC)2 and Rob Clyde of ISACA share their philosophies.