The Spanish philosopher George Santayana is credited with the aphorism “Those who cannot learn from history are doomed to repeat it.” This statement is particularly true when it comes to cybersecurity. Threat actors reuse well-known and previously patched vulnerabilities and attempt to take advantage of organizations making the same error over and over. So, if one does not know what has recently taken place it leaves you vulnerable to another attack.

Penetration testing and vulnerability scanning are both important practices that protect the network of a business. However, the two are very different from each other in the way they test the security and vulnerabilities of a network. Keep reading to learn more about the differences and how to decide whether one or both would best suit your needs.

Cyberattacks targeting university and government healthcare facilities are on the rise. In the first four months of 2021, the U.S. Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center tracked a total of 82 ransomware incidents targeting the healthcare sector, with nearly 60% of them affecting the U.S. market. The impact has been devastating.

On the latest episode of the Security Soapbox podcast, I spoke with Ramy Houssaini, Chief Cyber and Technology Risk Officer at BNP Paribas, about the challenges Chief Information Security Officers (CISOs) face in an increasingly complex digital landscape. Change happens quickly in the cloud, and many organizations are faced with the issue of evolving their security strategy at the same pace. This ends up leaving sensitive apps and data vulnerable to cyberattacks.

Need a USB blocker to protect sensitive files against theft to portable storage? In this article you will learn why you need to block USB devices and the best USB device management tools to prevent data loss to removable media. Looking for more tools? Check out our list of the best internet filters and the best employee monitoring software Ready to prevent data loss? Get started immediately with a free trial of AccessPatrol, CurrentWare’s USB blocking software.

It’s been just over a month since cybersecurity conferences returned in a big way with the comeback of RSA Conference after last year’s hiatus. A lot happened between 2020 and 2022 in the world, our lives, and cybersecurity, including the birth of a little no-code security automation start-up named Torq. RSAC 2022 was a great place to catch up on these changes and look forward to emerging trends and security needs.

A San Francisco-based bank recently disclosed the results of a payment fraud investigation that uncovered ATM skimming attempts at the bank’s terminals across the United States. Fraudsters installed ATM skimming devices in several branches and used them to skim customer account information. The bank was understandably concerned that the stolen data would be used to create fake debit cards and attempt cash withdrawals.

On July 12, 2022, Microsoft researchers disclosed a large-scale phishing campaign that has targeted more than 10,000 organizations since September 2021. The campaign used adversary-in-the-middle (AiTM) phishing sites to proxy the authentication process and hijack the victims’ Office 365 session cookies.

In a-near perfect world, you would instantly fix your application every time a relevant CVE was issued. (In a truly perfect world, of course, there would be no security incidents, and hence no CVEs in the first place.) But in the real world, reacting to CVEs requires a careful calculation. You need to assess whether each CVE is serious enough to warrant the rejection of a build and a delay of a release.

In the world of modern business, companies must put extra effort into creating engaging visual content to stand out from the crowd. Social media marketing, for instance, was once deemed an easy way for companies to reach additional eyes but today, marketing is a lot more competitive than simply creating a post and hoping it goes viral.