The latest security technology and best practices to secure software applications, vulnerabilities and code.

  • Three Ways to Protect Unfixable Security Risks

    How can a hospital protect an MRI machine with an unchangeable password and still connect it to the network? How can an industrial recycler safely secure its $400,000 hard drive recertification rack with control software that only runs on Windows XP? These are not uncommon risks. The devices themselves can’t be secured, but that doesn’t… Read more

  • Hiding Devices Using Port Knocking or Single-Packet Authorization (SPA)

    Invisibility sounds like something out of a fantasy novel, but if done properly, we can use it to hide computers, gateways, or individual PCs by implementing specific firewall techniques like port knocking or single-packet authorization (SPA). The effectiveness of the technique has a lot in common with the traditional fantasy concept of invisibility and will be… Read more

  • Best Facial Recognition Software for Enterprises

    Facial recognition software (FRS) is a biometric tool that uses artificial intelligence (AI) and machine learning (ML) to scan human facial features to produce a code. It compares this code with its existing database to determine if an individual will be granted or denied access to a piece of information, equipment or premises. The technology… Read more

  • Microsoft Blocks VBA Macros by Default, Temporarily Shuts Down MSIX Protocol

    Microsoft is shutting a couple of security holes, including one that has been a favored target of attackers for years and another that the enterprise software giant recently learned could be exploited to install a malicious package. At the same time, the federal government is now adding another Microsoft flaw to its list of known… Read more

  • Zoom Security Issues Are a Wakeup Call for Enterprises

    Video conferencing vendor Zoom has seen its fortunes soar amid the remote work boom of the last two years, and other cloud collaboration platforms like Microsoft Teams and Cisco Webex have seen demand skyrocket too. The sharp increase in demand put a focus on security shortcomings in Zoom’s architecture – “Zoombombing” became a thing –… Read more

  • How Hackers Compromise the Software Supply Chain

    It seems like a week doesn’t go by without a new vulnerability demonstrating the fragility of the software interdependencies that make up the software supply chain. A large part of software development leverages the benefits of open-source platforms and third-party vendors to deliver results on time. A wide range of people and organizations maintain those… Read more

  • 5 Trends in Patch Management

    The profile of patch management has risen considerably in the last year due to the number of major breaches that have taken place where basic patches had been overlooked. News stories repeatedly note that the organizations impacted by breaches had often failed to install high-priority security patches from the likes of Microsoft Exchange, Fortinet, and… Read more

  • Open Source Sabotage Incident Hits Software Supply Chain

    An astonishing incident in recent days highlights the risks of widespread dependence on open source software – while also highlighting the free labor corporations benefit from by using open source software. Marak Squires, an open source coder and maintainer, sabotaged his repository to protest against unpaid work and his failed attempts to monetize faker.js and… Read more

  • SolarWinds-Like Supply Chain Attacks will Peak in 2022, Apiiro Security Chief Predicts

    Cyberthreats against software supply chains moved to the forefront of cybersecurity concerns a year ago when revelations of the attack on software maker SolarWinds emerged. Now one security researcher – Moshe Zioni, vice president of security research for application risk management startup Apiiro – is predicting that supply chain attacks will likely peak in 2022… Read more

  • Log4Shell Exploitation Grows as Security Firms Scramble to Contain Log4j Threat

    Cybercriminals are quickly ramping up efforts to exploit the critical flaw found in the widely used Log4j open-source logging tool, targeting everything from cryptomining to data theft to botnets that target Linux systems. The cybersecurity community is responding with tools for detecting exploitation of the vulnerability, a remote code execution (RCE) flaw dubbed Log4Shell and… Read more

Top Cybersecurity Companies

Top 10 Cybersecurity Companies

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis