Top IT Security Bloggers

  • Adobe, Microsoft Push Critical Updates

    Krebs on Security
    Adobe has issued security updates to fix weaknesses in its PDF Reader, Cold Fusion and Flash Player products. Microsoft meanwhile today released 16 update bundles to address dozens of security flaws in Windows, Internet Explorer and related software.
  • Internet Explorer zero-day exploit used in targeted attacks in South Korea

    Symantec Security Response Blogs
    Microsoft has patched an Internet Explorer zero-day vulnerability (CVE-2016-0189), which was exploited in targeted attacks in South Korea.






    Twitter Card Style: 
    summary



    read more
  • Threat Update on Remote Root Vulnerability in HID Door Controllers

    Trend Micro - Cloud Security Blog
    There’s been a recent development in the threat environment around the Remote Root Vulnerability in HID Door Controllers that we wanted to alert customers to. You might recall on March 30, 2016, our Zero Day Initiative published an advisory around a vulnerability that Ricky “HeadlessZeke” Lawshae with our DVLabs group discovered. This was for a...
  • Microsoft Patch Tuesday – May 2016

    Symantec Security Response Blogs
    This month the vendor is releasing 16 bulletins, eight of which are rated Critical.






    Twitter Card Style: 
    summary




    read more
  • Uninstall Apple® QuickTime to Protect Your PC From Security Vulnerabilities

    Trend Micro - Cloud Security Blog
    Recently, Apple made an announcement that everyone should be familiar with. They announced that they are no longer supporting QuickTime for Microsoft Windows. In particular, they’re not going to fix any more security vulnerabilities in it. There are already two known security vulnerabilities with QuickTime for Windows now. Trend Micro’s Zero Day Initiative reported them...
  • Google employees’ details breached in vendor’s email bungle

    Sophos - Naked Security
    Somebody at a third-party benefits management company accidentally emailed taxpayer IDs to a benefits manager at another company.
  • High-demand cybersecurity skill sets

    Network World - Networking Nuggets and Security Snippets
    Back to one of my pet issues, the global cybersecurity skills shortage.According to ESG research, 46 percent of organizations say they have a “problematic shortage” of cybersecurity skills in 2016 (note: I am an ESG employee). By comparison, 28 percent of organizations claimed to have a “problematic shortage” of cybersecurity skills in 2015. That means we’ve seen an 18 percent year-over-year increase.So, there is a universal shortage of infused talent, but where are these deficiencies most acute? According to a survey of 299 IT and cybersecurity professionals:
    33% of organizations say they have a shortage of cloud security specialists.  This makes sense, as it combines the shortage of cybersecurity skills with evolution of cloud computing. Other ESG research also indicates that large organizations are creating jobs for cloud security architects, so demand is especially high. Cybersecurity professionals should think about pursuing a cloud security certification from CSA or SANS as part of their career development plan.  There are more jobs than people, and enterprise organizations are tripping over each other to hire talent as quickly as they can. 
    28% of organizations say they have a shortage of network security specialists. To me, this really reinforces how bad the cybersecurity skills shortage is, since network security is the “motherhood and apple pie” core cybersecurity skills needed by all organizations. Still, there are numerous changes in networking (i.e. SDN/NFV, micro-segmentation, attribute-based access controls, etc.) that will require strong network security skills. Networking professionals may want to consider a career change to capitalize on this opportunity.    
    27% of organizations say they have a shortage of security analysts. No surprise here. Security analyst skills (i.e. threat analysts, SOC personnel, incident responders, etc.) take years to develop, so organizations are constantly poaching talent from one another. Recently, I heard that big cloud and social networking services such as Amazon, Facebook and Google have been especially aggressive in their hiring efforts. Recognizing that they can’t compete, CISOs are recruiting at the entry level, investing in training and mentoring programs, and asking new hires to give them a few good years.
    26% of organizations say they have a shortage of data security specialists.  This one may surprise some folks but not me. Data security tends to include major projects like discovery and classification, granular policy development, and esoteric skills like key management. Overall, data security is one of the most under-appreciated disciplines in the cybersecurity body of knowledge. There aren’t enough good technologies, and there aren’t enough skilled people. Data security may not be the sexiest cybersecurity skill set, but employers are paying top dollar and there aren’t many candidates in this area. Cybersecurity professionals who specialize in this area may have job security for life. 

    Cybersecurity education tends to follow an extremely broad curriculum. Some institutions (like my alma mater, University of Massachusetts) don’t even break out cybersecurity on its own but rather treat it as a subset of computer science. Yes, we need cybersecurity generalists, but ultimately specialization matters. Employers need specific skills to fill gaps while cybersecurity professionals can accelerate their careers with training and skills development in high-demand areas. To read this article in full or to leave a comment, please click here
  • The Panama Papers can now be searched online

    Graham Cluley
    Don't delight too much in the discomfort of Mossack Fonseca and its wealthy clients. You could be next.
  • Lego robot outfitted with Play-Doh finger hacks swipe-screen security

    Sophos - Naked Security
    Forget telltale finger grease prints: researchers have come up with a robot that mimics the swipe touch gestures we use to get into our phones.
  • Reddit moderators consider ban on links to sites that block adblockers

    Sophos - Naked Security
    Moderators of Reddit's r/technology subreddit are contemplating banning links to websites that force users to disable their adblockers to view content.

Editor's Recommendations

Solution Centres

Events

View all events Submit your own security event

Latest Videos

More videos

Blog Posts

Media Release

More media release

Market Place