Cybersecurity
Facebook Whistleblower Fears Election Abuse
Frances Haugen, who famously blew the whistle on Facebook and its susceptibility to manipulation, has renewed concerns over the social-networking company. This time, she’s laser-focused on misinformation during the 2024 presidential election ...
One-Third Of Companies Suffered SaaS Breach This Year
SaaS breaches are on the rise, and nearly half the corporate victims have more than 2,500 employees. Those are among the sobering conclusions from a survey of security experts at 644 organizations ...
Black Hat Preview: CrowdStrike, Disinformation Lead The Narrative
As cybersecurity experts make their way to the one-armed bandits and scorching heat in Las Vegas for Black Hat USA 2024 next week, the specter of the CrowdStrike Inc. debacle looms large ...
Security and Human Behavior (SHB) 2024
This week, I hosted the seventeenth Workshop on Security and Human Behavior at the Harvard Kennedy School. This is the first workshop since our co-founder, Ross Anderson, died unexpectedly. SHB is a ...
The Importance of Patching Vulnerabilities in Cybersecurity
One of the most critical yet often overlooked aspects of cybersecurity is the timely patching of vulnerabilities. While much attention is given to sophisticated phishing attacks and the menace of password brute-forcing, ...
Palo Alto Networks and IBM Align Cybersecurity Strategies
Palo Alto Networks is acquiring the QRadar SaaS offerings from IBM, and then will migrate users to its Cortex XSIAM SOC delivered as a cloud service ...
Backdoor in XZ Utils That Almost Happened
Last week, the Internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t happen, so it won’t get much attention—but it should. There’s ...
XZ Utils Backdoor
The cybersecurity world got really lucky last week. An intentionally placed backdoor in XZ Utils, an open-source compression utility, was pretty much accidentally discovered by a Microsoft engineer—weeks before it would have ...
The 2023 Data Breach Report and the 2024 Data Breach Industry Forecast
Key findings from the "2023 Data Breach Report" from ITRC and the "2024 Data Breach Industry Forecast" by Experian. The post The 2023 Data Breach Report and the 2024 Data Breach Industry ...
Insufficient Internal Network Monitoring in Cybersecurity
This article is part of a series where we look at a recent NSA/CISA Joint Cybersecurity Advisory on the top cybersecurity issues identified during red/blue team exercises operated by these organizations. In ...
