Nine out of 10 respondents to CRA survey say purple teams “very effective” in defending against ransomware and other advanced attacks.

Mitre Engenuity previewed its new ATT&CK Adversary Emulation Fundamentals Certification program — and SC Media was there to sit through the course’s first module.

Winkler, a former intelligence analyst with NSA, a social engineer, systems hacker, and scuba diver and author, told Cybereason Chief Security Officer Sam Curry during a CISO Stories podcast that he is passionate about security and trying to rise the tide.

FIN7 actors set up the fake pentesting company Bastion Secure as a front to conceal its cybercriminal hacking, say researchers. And it's hiring.

CompTIA's latest version of its cloud services and web apps PenTest+ now places more emphasis on vulnerability hunting in cloud and hybrid network environments and web applications.

Said the cyberspace operations principal at SAIC: "Operators have information overload, which leads to decision paralysis. If I'm going to deliver a tool or a data feed or visualization to an end user, I'm going to deliver what they need to see. We’re reducing noise.”

CISA said the departments of Homeland Security, Labor and Interior will be the first federal agencies to participate in a program that will allow outside security researchers to legally test selected federal systems for security weaknesses.

Preventing breaches begins with understanding and protecting your attack surface. For most enterprises, their attack surface is huge. To help wrangle it, security professionals have struggled for years to use tools such as network mapper (nmap) or vulnerability scanners to discover and test the security of internet-exposed assets; these typically present a path of least […]

Phishing is everywhere.  Couple that with a new remote workforce, video conferencing, and corporate messaging, now phishing and vishing are everywhere.  Why?  There are many reasons, including: Increased use of personal computers and phones to conduct our work remotely Increase in phishing emails targeting remote workers Increase in vishing calls to our personal phones targeting […]

In one of my previous roles, I had the great opportunity to travel around the world meeting customers to understand their challenges in vulnerability management.  The two biggest challenges they wanted solved were: Help me prioritize which of these vulnerabilities are most critical, and Help me close the loop with my patching solutions to remediate […]