In the News | SANS Institute

TechBeacon: Go beyond policy: 5 keys to data protection compliance
Security Week: Hackers Scanning for Citrix Systems Affected by Recent Vulnerabilities
Dark Reading: Attackers Scan for Vulnerable BIG-IP Devices After Flaw Disclosure
Help Net Security: Better cybersecurity hinges on understanding actual risks and addressing the right problems
CIO Dive: Technology training, certifications demand withstands pandemic slump
Dark Reading: Cybercrime Infrastructure Never Really Dies
Fox News: Sextortion is evolving during the coronavirus pandemic, report says
SC Media UK: Early launch today for government-backed cyber training as students go online
CNN Business: Virtual cybersecurity school teaches kids to fix security flaws and hunt down hackers
Dark Reading: Securing Your Remote Workforce: A Coronavirus Guide for Businesses
infosecurity magazine: SANS Offers Free Kit to Secure Home Workers
ZDNet: Free resource to help parents keep kids safe online as schools move to eLearning
The Daily Swig: Coronavirus response: How security certification and training orgs are tackling the global disruption
infosecurity magazine: SANS: Gender Still Biggest Challenge for Many Women in Cyber
CSO: How to write an effective information security policy
Data Center Knowledge: Palo Alto Partnership May Boost Confidence in Google Cloud’s Chronicle
The Washington Post: The Cybersecurity 202: Americans should not be confident about security of 2020 election, experts say
Security Boulevard: More CEOs Ditching Social Media Over Security Concerns
CSO: 9 CCPA questions every CISO should be prepared to answer
SearchSecurity: CISOs face a range of cybersecurity challenges in 2020
CSO: Winning the war for cybersecurity talent
SearchCompliance: Lack of data visibility obstructs value, storage costs and compliance
dvids: For the Army and DoD there are no 'losers' at SANS NetWars
CSO: Short on security expertise? You can still choose the right solutions
infosecurity magazine: Festive Virtual Hacker Conference Returns
CSO: 10 ways to kill your security career
infosecurity magazine: Capture the Flag Competition Aims to Trace Missing Persons
CSO: 5 keys to protect your supply chain from cyberattacks
Dark Reading: The Real Reasons Why the C-Suite Isn't Complying with Security
CSO: The CISO’s newest responsibility: Building trust
The Parallax: Harris poll backs Google plan to improve password security
SearchCompliance: Protect customer data with these 5 essential steps
Forbes: Teenage Hackers Wanted: Could Your Kid Be The Next £20M Cybersecurity Superhero?
SearchCloudSecurity: Research shows cloud security vulnerabilities grow
Forensic Focus: Interview: Lodrina Cherne, Product Manager, Cybereason
Dark Reading: 7 Stats That Show What it Takes to Run a Modern SOC
Data Center Knowledge: Why the WhatsApp Security Flaw Should Make Enterprise IT Nervous
infosecurity magazine: 75% of Security Awareness Pros Are Part Time
The Kojo Nnamdi Show: To Combat A Talent Shortage, Cybersecurity Companies Seek Diverse Candidates
SC Magazine: Women in Security: Women to Watch
Intelligent CIO: Editor’s Question: How important is cybersecurity education for young people for closing the cyberskills gap?
California Apparel News: Retailers Take on the Fight Against Organized Crime
CSO: 6 signs the CIO-CISO relationship is broken — and how to fix it
SearchSecurity: SANS security awareness credential paves new career path
Patch: Hartford: Winners Of The 2019 Girls Go Cyberstart Competition Honored
Dark Reading: The 2019 State of Cloud Security
Bank Info Security: Trump Order Aims to Boost Federal Cybersecurity Workforce
Dark Reading: The Cybersecurity Automation Paradox
CSO: Google expands cloud security capabilities, including simpler configuration
Dark Reading: A New Approach to Application Security Testing
Dark Reading: Threat Hunting 101: Not Mission Impossible for the Resource-Challenged
WSJ Pro: Cyber Daily: Hope, Hype and AI; Defense Department Could Get Cyber Budget Boost
SearchCompliance: AI cybersecurity benefits are real, but not automatic
EnergyWire: Pentagon to utilities: Uncle Sam wants you
infosecurity magazine: #RSAC: The Most Dangerous New Attack Techniques & How to Counter Them
BankInfoSecurity: Why CISOs Need Partners for Security Success
HealthITNews: RSA 2019: SANS shares top new security threats – and what to do about them
SecurityBoulevard: RSA 2019: Day 4 Recap: Keynote Highlights, Capture the Flag, Public Interest Tech and More
ITWorldCanada: Cyber Security Today - How to create corporate security awareness and a warning on nation-state attacks
infosecurity magazine: W. Va. Partners with SANS to Bring Girls into Cyber
U.S.News & World Report: 10 Ways to Keep Your Cryptocurrency Safe
CIO: 7 ways to ensure IT gets the credit it deserves
SearchHRSoftware: Attackers seek gold in HR data security breaches
ExecutiveGov: Gov't Launching First Employee Reskilling Academy for Cybersecurity
FOX8: Genealogist urges users to take consumer DNA kits with a grain of salt
Army.mil: Cyber Soldier attains 'most prestigious credential in the IT Security industry'
govloop: WHITE HOUSE LAUNCHES CYBER PROGRAM FOR NON-IT FEDS
fedscoop: Cybersecurity Reskilling Academy created by White House for federal employees
Federal News Network: Federal Cyber Reskilling Academy to retrain federal employees as cyber defense analyst
SearchSecurity: Is network traffic monitoring still relevant today?
Dark Reading: Why the CISSP Remains Relevant to Cybersecurity After 28 Years
Security Boulevard: Security Awareness: 5 Creative Ways to Train Employees on Cybersecurity
Dark Reading: Understanding SOCs' 4 Top Deficiencies
Forbes: Lance Spitzner: How To Secure The Human Operating System
CSO: What is enterprise risk management? How to put cybersecurity threats into a business context
CSO: 7 best practices for working with cybersecurity startups
Army.mil: 'Tiger Stance' focuses on realistic, state-of-the-art cyber task force training
InformationWeek: How Mid-Size Firms Can Overcome DevOps Challenges
FCW: Army cyber protection teams upgrade training with a 'real' city
Federal News Radio: In ‘Cybertropolis,’ Army begins to move its cyber training exercises into the physical world
WSJ: U.S. Officials Push New Penalties for Hackers of Electrical Grid
Maryland Department of Labor: Department of Labor EARN Maryland Program Recognized Nationally for Innovation, Effectiveness
betanews: Endpoints leave industrial IoT vulnerable... Err, what's an endpoint?
CSO: 5 tips for getting started with DevSecOps
Dark Reading: Creating a Defensible Security Architecture
SearchSecurity: How to use the OODA loop to improve network security
Security Boulevard: Language Matters When It Comes to a Data Breach
WSJ: The Search for Women Who Want Cybersecurity Careers
Harvard Business Review: Internet Insecurity
Forensic Magazine: Q&A: Mobile Forensics Expert Discusses Highlights of Digital Work
CSO: Who wants to go threat hunting?
FCW: China's penetration of U.S. supply chain runs deep, says report
infosecurity magazine: #RSAC: The Five Most Dangerous New Attacks According to SANS
eWeek: Security Experts Warn of New Cyber-Threats to Data Stored in Cloud
IT Security Guru: SANS Experts Share Five Most Dangerous New Attack Techniques
CIODive: RSAC: 3 key cyberthreats to watch in 2018
CSO: Two incident response phases most organizations get wrong
informationsecuritybuzz: SANS Experts Share Five Most Dangerous New Attack Techniques
Fifth Domain: RSA - Future cyber threats will come from inside the architecture
NBC News: Jobs in cybersecurity are exploding. Why aren't women in the picture?
USA Today: Cybersecurity – Dissecting Data
HelpNetSecurity: What’s new at RSAC 2018?
CDW: Endpoint Security Evolves to Address Smarter, Fiercer Threats
SearchSecurity: Secure DevOps: Inside the five lifecycle phases
IDGConnect: Testing the waters: The value of ethical hacking for business
CBR: Gov't to put new cybersecurity measures in place for smart devices
CNN: China has found a new way to block banned words
Bank Info Security: How IoT Affects the CISO's Job
infosecurity magazine: Microsoft Vulnerabilities Accelerate in 2017
AP News: Woman at Top of Her Game Seeks Girls With a Cyber-Aptitude
CSO: Video with Rob Lee-SANS DFIR Curriculum Lead: The people you call when you've had a breach
TechRepublic: How one hacker stole $226K worth of cryptocurrency from Oracle servers
Dark Reading: Oracle WebLogic Exploit Used in Cryptocurrency Mining Campaign
ArsTechnica: Oracle app server hack let one attacker mine $226,000 worth of cryptocoins
CSO: Oracle WebLogic hackers pick Monero mining over ransomware
IT World Canada: Patching Meltdown/Spectre: Take your time, or get to it fast?
FE News: It's Time to Go Back to Basics to Address Cybersecurity Skills Shortages
PaymentsSource: PayThink Users are compromising most security tech
isBuzzNews: SANS Cybersecurity Trends And Predictions For 2018
statescoop: Missouri CISO honored with national award for work in cybersecurity
Defense Systems: Army pushes recruiting and retaining cyber talent
FCW: IRS pushes back on data protection criticisms
Dark Reading: Getting the Most Out of Cyber Threat Intelligence
SearchSecurity: Considerations for developing a cyber threat intelligence team
SearchSecurity: Is data-centric security worth the implementation challenge?
information age: What is the biggest threat to data? Ransomware of course
The Manufacturer - UK: Cyber security in industrial control systems
FCW: Can the U.S. Stop Malware and Buy it at the Same Time?
Search Security: Security Teams Must Embrace DevOps Practices or Get Left Behind
Data Center Knowledge: What Europe's New Data Protection Law Means for Data Center Operators
Dark Reading: Adobe's Move to Kill Flash Is Good for Security
SearchSecurity: What tools were used to hide fileless malware in server memory?
Dark Reading: SIEM Training Needs a Better Focus on the Human Factor
Rise Up Radio San Diego - OnWard To Opportunity: Video SANS CyberTalent Program for Veterans
SearchSecurity Germany: ICS: Industrielle Steuerungsanlagen als Ziel von Ransomware
SecurityWeek: ICS Security Pros Increasingly Concerned About Ransomware: Survey
eSecurity Planet: How Not to Handle Incident Response: Automobile Association Exposes 117,000 Customers' Data
SearchSecurity: NotPetya ransomware trend moving towards sophistication
Threatpost: Complex Petya-Like Ransomware Outbreak Worse Than Wannacry
The Verge: Alexa's new calling feature means it's really time to set up two-factor authentication
CIO Insight: Security Awareness Programs Need Full-Time Staff
The Washington Post: Russia has developed a cyberweapon that can disrupt power grids, according to new research
SearchSecurity: How mobile application assessments can boost enterprise security
Dark Reading: How to Succeed at Incident Response Metrics
Computerworld: The top 5 mobile security threats
Dark Reading: Securing the Human a Full-Time Commitment
ZDNet: New awareness study reveals what you need for the best security programs
CSO: Few firms will be ready for new European breach disclosure rules, fines
CSO: Companies Ramp Up Recruiting Veterans as Cybersecurity Urgency Grows
DarkReading: 7 Steps to Fight Ransomware
SearchSecurity: Improving the cybersecurity workforce with full spectrum development
CSIS Report: IoT, Automation, Autonomy, and Megacities in 2025
NBC Today: US infrastructure is at ‘red alert’ for hacking, expert says
Dark Reading: What Your SecOps Team Can (and Should) Do
Austin Business Journal: 5 reasons Austin businesses should hire 'good' hackers
SC Magazine: Watching the detectors: Government demands
Signal: Girding the Grid For Cyber Attacks
eweek: Ransomware Heads List of 7 Most Dangerous New Cyber-Attack Techniques
ZDNet: The seven most dangerous attack techniques: A SANS Institute rundown
PCWorld: The 7 security threats to technology that scare experts the most
SC Magazine: Ransomware, IoT combo lead SANS list of dangerous attack techniques
Business News Daily: Are IoT Devices Putting Your Organization at Risk?
CSO: Compliance focus, too much security expertise hurts awareness programs
Dark Reading: How I Would Hack Your Network (If I Woke Up Evil)
The Agenda: Confronting Cyber Conflict: Video with Robert M. Lee
WSJ: Yahoo Faces SEC Probe Over Data Breaches
Dark Reading: The 3 C's Of Security Awareness
gtm: The Real Cybersecurity Issues Behind the Overhyped ‘Russia Hacks the Grid’ Story
CBS News: Video: Russian hacks into Ukraine power grids may be a sign of things to come
WSJ: Attack Crashes Nearly 1M Deutsche Telekom Internet Routers
Wired: SF’s Transit Hack Could’ve Been Way Worse—And Cities Must Prepare
Dark Reading: Time For Security & Privacy To Come Out Of Their Silos
tech better: Trends and Strategies in Cybersecurity: A Q&A With John Pescatore
SearchSecurity: Want a board-level cybersecurity expert? They're hard to find
SC Magazine: Watch your endpoints, says SANS whitepaper
Dark Reading: Why Enterprise Security Teams Must Grow Their Mac Skills
Dark Reading: How To Build A Strong Security Awareness Program
Forensic Focus: Malware Can Hide, But It Must Run
CSO: Cybersecurity 'ninjas' value challenges, training and flexible schedules over pay
HealthITSecurity: Reviewing File Transfer Protocol Healthcare Cybersecurity Risks
CSO: Evolving risks and business technologies shift focus in security budgets
CSO: Performance, management and privacy issues stymie SSL inspections, and the bad guys know it
CSO: Awareness training: How much is too much?
eSecurity Planet: How to Mitigate Fourth-Party Security Risks
fedscoop: EPA releases limited summary of cybersecurity report
fedscoop: Interior falls short in logical access control standards - report
The Parallax: How to Send Money Securely
MotherBoard: What Are the Risks of Hacking Infrastructure? Nobody Really Knows
SearchSecurity: How InfoSec professionals can improve their careers through writing
SANS State of App Sec report: It's not just about dev teams
Energy Wire: Utilities look back to the future for hands-on cyberdefense
EnergyWire: Grid hack exposes troubling security gaps for local utilities
thirdCertainty: Underwriters, InfoSec officers must close gap on risk management
fedscoop: Survey: Health industry cyber pros moving beyond compliance
Law Enforcement Technology: Hidden Mobile Apps: The ultimate game of hide-and-seek for law enforcement
fedscoop: 'We're lucky someone wasn't killed: A look at the patent office's Christmas outage
CIO: Confusion over cyber insurance leads to coverage gaps
Cybernance: Who'll Be the Gap Closer in Cyber Insurance?
Forensic Magazine: The Dangers of Hidden Apps on Forensic Investigations
CSO: Concerns about security, information sharing up among industrial control system security pros
SecurityWeek: ICS Security Not Improving, Despite More Attacks
The Cybersecurity Podcast: Hackers Infiltrated Ukraine's Power Grid. What's Next? With Rob M. Lee
Security Intelligence: The Evolving State of the Mobile Endpoint
energy central: How to build NERC CIP compliance: a new course by the SANS Institute
Archer Energy Solutions: Secret malware targets critical systems that move your world
the energy connective: What Utilities Are Still Learning About the Ukraine Cyberattacks
CSM Passcode: Hard lessons for Energy Dept., power sector after Ukraine hack (+video)
SearchSecurity: Senate asks President Obama for a cyber act of war definition
TechRebublic: LAPD hacks iPhone 5s, proves they don't need Apple backdoor
TechRepublic: Cyber threat hunting: How this vulnerability detection strategy gives analysts an edge
CSO: Consider the Panama Papers breach a warning
TechRepublic: Apple demands to know how FBI cracked San Bernardino iPhone
Forbes: Calling All Women: The Cybersecurity Field Needs You And There's A Million Jobs Waiting
Forbes: Meet The Ex-Army Hackers Trying To Save America From Blackouts
ComputerPowerUser: Q&A With Ed Skoudis: A Lifelong Hacker Spending Time Training Cyber Warriors In CyberCity
FCW: Why Mobile Data Security Matters
WSJ: Cybersecurity Training, Military Style
Bloomberg: In the Age of Cybercrime, the Best Insurance May Be Analog
FP: With Power Plants Getting Hacked, Senate Looks For Ways To Keep The Lights On
ComputerWorld: Experts warn that 'chip off' plan to access terrorist's iPhone is risky
TechBeacon: 5 emerging security technologies set to level the battlefield
CSO: Cybersecurity no longer merger afterthought
Dark Reading: 7 Attack Trends Making Security Pros Sweat
ZDNet: Why the connected car is one of this generation's biggest security risks
New York Times: Utilities Cautioned About Potential for a Cyberattack After Ukraine’s
Baseline: IT Security Teams Are Stretched to the Limit
BBC: Ukraine cyber-attacks 'could happen to UK'
Security Insider: Ausbildung und Zertifizierung von IT-Security-Experten
Marketplace: Hacking competitions burnish cybersecurity resume
Funkschau: Interview zu Continuous Monitoring
channelinsdier: 12 Key Facts About the True Costs of Data Breaches
ItBusinessEdge: Why Mobile Apps Are Not Getting More Secure
SECTANK: Windows 10 liefert mit 'Credential Guard' wichtige Sicherheitsfeatures
FierceITSecurity: Data breach impact can linger for years, could cost more than $100M, says SANS study
CSO: Preparation lowers long-term post-breach costs
fedscoop: Interior Department FISMA audit reveals shortcomings in emergency planning
CNN: Hackers could secretly tap into corporate meetings
CSO: How much at risk is the U.S.'s critical infrastructure?
Wired: Everything We Know About Ukraine's Power Plant Hack
ITBusinessEdge: The IoT, IPv6 and DDoS: A Dangerous Mix
CNN: Scary questions in Ukraine energy grid hack
Foreign Policy: Did Russia Knock Out Ukraine's Power Grid?
The Washington Post: Russian hackers suspected in attack that blacked out parts of Ukraine
Motherboard: Malware Found Inside Downed Ukrainian Grid Management Points to Cyberattack
Forbes: 30 under 30 in Enterprise Technology: Robert M. Lee
Security Insider: Wie lief der Angriff auf das Stromnetz der Ukraine?
The Dallas Morning News: Breach of power: Foreign hackers prove capable of crippling U.S. electric grid
datensicherheit.de: Smartphone-Forensik: Interessantes Feld für Cyber-Untersuchungen
FierceITSecurity: CISOs face challenges talking to boards about cyber risks
TechRepublic: SSH getting a security tune-up from NIST and IETF
Computerwoche: Wie Ihr Security-Training erfolgreich wird
Dark Reading: Introducing 'RITA' for Real Intelligence Threat Analysis
SearchSecurity: Supply chain security: Controlling third-party risks
CIO: Closing the cybersecurity talent gap, one woman at a time
BSI: Informationen zum ausgewählten Dokument
eWeek: Businesses Lack Resources to Defend Against Cyber-Attacks
CSO: Is the board's involvement in cybersecurity really that critical?
ITPRO: Parking fine clerk graduates as world-leading cybersecurity talent
CBS News: In the dark over power grid security with Larry Pesce, SANS Instructor
SearchNetworking: Amid ongoing threats, network security training gains appeal
Forensics Magazine: Cautionary Tales from Digital Forensics
infosecurity: To Stop APTs You Need Anticipatory Active Defenses
SearchSecurity: How to perform a forensic acquisition of a virtual machine disk
DFI News/Forensics Magazine: Incident Response Doesn’t Need to Wait
TechRepublic: The Windows 10 privacy debacle: Five big issues to consider
Security News Desk: You think your confidential data is deleted, but is it?
Dark Reading: The Truth About DLP & SIEM: It’s A Process Not A Product
WSJ: Phishing Schemes Target IT Workers at Critical Infrastructure Companies
SC Magazine: Unique 8 week SANS Cyber Academy kicks off next week
Campus Technology: Data Security in Higher Ed – A Moving Target
DataKonText: Incident Response - lieber Vorbeugen als Nachsorgen
SearchSecurity: Accidental insider threats and four ways to prevent them
CSO: CISOs facing boards need better business, communication skills
DFI News/Forensics Magazine: Privacy, Attribution and Liability Law for the Digital Investigator
DFI News/Forensic Magazine: Digital Investigators Think About the Law
SearchNetworking: Horror stories in the consumer market have cast a shadow over the Internet of Things. Are enterprise IoT deployments even more at risk?
CSO: Neiman Marcus case a reminder to check your cyber coverage
DFI News/Forensic Magazine: Digital Professionals Keeping an Eye on the Law
infosecurity: SANS Announces Recruitment Fair for Top Infosec Candidates
IT Administrator: Penetration Tests in drahtlosen Umgebungen
The Daily Record: Omaha's Solutionary Joins SANS Institute To Create Cybersecurity Jobs for Veterans
Dark Reading: How I Learned To Love Active Defense
CSO: Regulators seek to limit security software exports
SearchCloudSecurity: Using a VMware firewall as part of a defense-in-depth strategy
DFI News/Forensic Magazine: Detecting a Data Breach
CSO: Electronic Frontier Foundation celebrates 25 years of defending online privacy
IT-Director: Riskante Penetrationstests
Military Times: Cybersecurity degrees are job magnet
SC Magazine: SANS launches aptitude test for would-be cyber sleuths
infosecurity: SANS Cyberskills Self-Assessment Addresses Skills Shortage
SearchSecurity: Why security operations centers are the key to the future
CNN: FBI investigating whether Cardinals Hacked Astros
IT Job Magazin: SANS Institut bildet weltweit Cyber-Spezialisten aus
SNL: Experts warn utilities to watch for cyberattacks via substation break-ins
CNN Video: Rob Lee Discusses the OPM.GOV Hack
CNN: Mac attack! Nasty bug lets hackers into Apple computers
NetworkWorld: Experts divided on security implications of DOJ's deal with Box
WUSA9: CBS (DC) Video - 1.1 million CareFirst members in D.C.-area potentially breached
DFI News/Forensic Magazine: The Cybercriminal Takedown: Part 2 With John Bambenek
DFI News/Forensic Magazine: Internet Takedowns and Incident Response: Q&A With John Bambenek
SearchSecurity: Accidental insider threats and four ways to prevent them
DFI News/Forensics Magazine: On the Road to Vegas ... CEIC 2015 That Is
Smart Grid Today: SECURITY EXPERTS: Utility IT, OT still miles apart
Medical Product Outsourcing: Device Insecurity
SearchSecurity: Open source threat model aims to make enterprise safer with less work
CBS News Video: Strengthening the nation's defense against hackers
infosecurity: DDoS, Lizard Squad and Preparing for Cyber-War
SC Magazine: Obama's 'unclassified emails' accessed by Russian hackers
Motherboard: Did Iran Launch a Cyberattack Against the US? Probably Not, New Report Says
Dark Reading: 6 Most Dangerous New Attack Techniques in 2015
SearchSecurity: Pescatore on security success: Breach prevention is possible
SC Magazine: RSA 2015: Experts discuss six dangerous attack techniques
TheDailyDot: Security companies accused of exaggerating Iran's cyberthreats against the U.S.
threatpost: Active DoS Exploits for MS15-034 Under Way
SearchSecurity: Accidental insider threats and four ways to prevent them
Security Insider: Traumjob Pen Tester : Mit ‚kriminellem‘ Gespür Sicherheit schaffen
Computerworld: Experts boost threat level, call for patching critical Windows bug ASAP
DarkReading: Microsoft Zero-Day Bug Being Exploited In The Wild
threatpost: Ransomware Teslacrypt Still Targeting Gamers
SearchSecurity: Patch Tuesday, exploit Thursday: Windows HTTP.sys flaw under attack
SC Magazine: SANS Institute launches Cyber Academy
SECTANK: Perspektiven in der Sicherheitsberatung (III) – Trainings: „Qualität hat ihren Preis“
SearchSecurity: SANS: Enterprises overconfident in ability to detect insider threats
MicroScope: Lack of soft skills harming security awareness programmes
Fox News: Cyber jihadists could target US TV stations, experts warn
SearchSecurity: New cyberthreats: Defending against the digital invasion
SC Mag: Zone of protection: Hacker havens
CSMonitor: Obama's cyber sanctions order adds punch to fight against foreign hackers (+video)
SC Magazine: Me and my job: Johannes Ullrich, SANS Technology Institute
SecurityInsider: Internet Storm Center sucht Anomalien im Web Traffic
SearchSecurity: Using NIST 800-125-A to understand hypervisor security threats
CBC News: CyberCity: Model town on front line of digital terrorism
SC Mag: eBook – APTs: New, improved and smarter than ever
SearchSecurity: For threat intelligence programs, ROI evaluation proves tricky
ComputerWorld Artikel: Industriekontrollsysteme ausser Kontrolle
Today Show Video (w/ SANS Instructor James Lyne) – Are free Wi-Fi hotspots secure?
SearchSecurity: How to prevent firewall failures with proper testing and maintenance
Washington Post: As governor, Jeb Bush used e-mail to discuss security, troop deployments
Business Insider: Experts are skeptical that Hillary Clinton's 'homebrew' email server could withstand cyberattacks
threatpost: New Technique Complicates Mutex Malware Analysis
1to1 media: Healthcare's Cybersecurity Threat
The Daily Beast: Hillary's Secret Email Was a Cyberspy's Dream Weapon
Computerworld: Partly cloudy with a chance of hacking?
SearchSecurity: DDoS defense planning falls short
SecurityWeek: Netatmo Weather Stations Expose Wi-Fi Passwords: Researcher
New York Times: Data Breach at Anthem May Lead to Others
SearchCloudSecurity: Implementing VMware border router ingress and egress filtering
U.S. News & World Report: Choose the Right Online IT Training
WSJ: CIOs Eye Obama Cybersecurity Push with 'High Level of Interest'
SearchSecurity: Mini risk assessments: Simplifying protection of critical assets
TheDailyDot: Hospitals prepare for the fight against hackers
FierceCIO: 2014 cyberattack victims in the crosshairs again, warns SANS' Eric Cole
Forensic Magazine: Off-the-shelf Nation-state Attacks
CSO: Obama proposes new 30-day data breach notification law
USA Today: Key industries train to thwart cyber attacks
realtimes: what lies in wait: security threats in 2015
CSO: 5 lessons to help security pros craft a New Year's resolution
SearchCloudSecurity: Understanding VMware ESXi hypervisor security features
CSO: Why the board of directors will go off on security in 2015
infosecurity: SANS Warns of Shellshock Attacks on NAS Kit
SearchSecurity: Using secure network tiers to bolster network security rules
WSJ: CIOs and CISOs Can Learn From the Massive Sony Data Breach
infosecurity: Cyber-Security SANS Frontières: An Interview with Lance Spitzner
NetworkWorld: 5 ways to escape password hell
SearchSecurity: Using crypto-free zones to thwart advanced attacks
Forbes: America's Critical Infrastructure Is Vulnerable To Cyber Attacks
SearchSecurity: Operational challenges as cybersecurity gets sensored
CSO: Apple's iWorm fix still leaves major hole
CU Info Security: White House Hack: A Lesson Learned
Forbes: Operational Resilience - Not Just Technology Security - Drives Competitive Advantage
WSJ: Sabotage Investigation Highlights Poor Network Monitoring at Utilities
CSO: Did researchers help hackers in releasing USB drive exploit?
CSO: Three scary, but true, security tales
Ars Technica: Shellshock fixes beget another round of patches as attacks mount
CSO: Six key defenses against Shellshock attacks
SearchSecurity: Attackers already targeting Bash security vulnerability
HealthCare Info Security: Ramping Up Medical Device Cybersecurity
SearchSecurity: How to build complex passwords and avoid easy breaches
CSO: Why retailers like Home Depot get hacked
SearchSecurity: The case for NAC-based continuous monitoring for attack detection
InformationWeek: HealthCare.gov Breach: The Ripple Effect
SearchSecurity: Apple two-factor authentication fail leaves iCloud users vulnerable
Bloomberg TV: Is This How Jennifer Lawrence Got Hacked
SearchCloudSecurity: Following iCloud hack, experts say enterprise data likely at risk
Dice: 4 Interview Qs for Network Penetration Testers
HealthCare Info Security: Breach Response: Are We Doing Enough?
DevOps: Internet of Things (IoT) poses challenges for DevOps and security
Security that works: Three must-have enterprise security fundamentals
ZDNet: In wake of hacks, incident response efforts weak in enterprise
Government Technology: Crooks are Winning Cyber War, Experts Say
IT World Canada: SQL injection attacks can be stopped, says security expert
CSO: Defensive tactics against sophisticated cyberspies
Associated Press: T1red of p@sswords? Y0u @re N*t @lone!
CSO: Today's top skill sets in security -- and why they're in demand
Dark Reading: Security Pro File: Spam-Inspired Journey From Physics To Security
Dark Reading: New OpenSSL Flaw Exposes SSL To Man-In-The-Middle Attack
NetworkWorld: New OpenSSL vulnerability called not as serious as Heartbleed
BizTech: Q&A: A Word With Security Expert John Pescatore
eWeek: Health Care Sector Faces Rising Pressure to Bolster Data Security
CNBC: Cyberwarfare: Protecting 'soft underbelly' of USA
Careers Info Security: Why InfoSec Pay Shows Lackluster Gains
SearchSecurity: John Pescatore: Evasion techniques aiding advanced targeted attacks
CSO: Open campus, security nightmare
CSO: A security awareness short list from SANS
SearchSecurity: John Pescatore: BYOIT, IoT among top information security trends
infosecurity: Infosecurity Europe 2014: Worst Security Threats go Undetected, Warns Dr Eric Cole
CSO: In a world of complexity, focus on the basics
ComputerWeekly: Cyber threat detection paramount, says SANS fellow
SearchSecurity: Good information security leadership demands focus on shared knowledge
CSO: Tech titan funding just a start in securing critical open-source projects
FederalNewsRadio: Listen to Interview with Alan Paller on Heartbleed
Security Bistro: What’s Needed Now: Supply Chain Integrity Testing
PC Advisor: Think tank challenges Heartbleed handwringing
CSO: Here are the options with Heartbleed-flawed networking gear (Hint: there aren't many)
infosecurity: SANS’ Eric Cole Gets Infosecurity Europe Hall of Fame Nod
Bloomberg: NSA Said to Exploit Heartbleed Bug for Intelligence for Years
SearchSecurity: 'Heartbleed' OpenSSL vulnerability: A slow-motion train wreck
Forbes: Avoiding Heartbleed Hype, What To Do To Stay Safe
ZDNet: Businesses need to inform users about Heartbleed exposure
The Register: Not just websites hit by OpenSSL's Heartbleed – your PC and phone may be in peril too
ZDNet: Smart malware campaign attacks only Android
FierceCIO: Rise of the CSO: a CIO's power threat or job savior?
CSO Magazine: Info sec industry still struggles to attract women
WSJ: How Utilities Can Shore up Windows XP Security
CIO Insight: The Complicated Relationship Between CIOs and CSOs
InfoWorld: A clear-eyed guide to Mac OS X's actual security risks
Network World: Focus on fundamentals to reduce data breaches, expert advises
CSO Magazine: CyberLocker's success will fuel future copycats
Signal Magazine: Resolving the Critical Infrastructure Cybersecurity Puzzle
CSO Magazine: SANS seeks feedback in salary survey
SC Magazine: RSA 2014: Experts discuss the most dangerous new attack techniques
Security Week: Linksys Router Worm Spreading
Forbes: New Cyberthreat Report By SANS Institute Delivers Chilling Warning To Healthcare Industry
Healthcare Info Security: Study: Endpoint Vulnerabilities Common
WSJ: Medical Devices Can Lead to Breaches
Energy.Gov: Securing the Nation’s Grid
SearchSecurity: Cyberthreats: Know thy enemy in 2014
Washington Post: Senate cybersecurity report finds agencies often fail to take basic preventive measures
NY Post: Yahoo e-mail customers’ names, passwords stolen
SC Magazine: Attacker extorts coveted Twitter username in elaborate social engineering scheme
FCW: Is cybersecurity the right job for you?
Security Week: Cyber Attack Leverages Internet of Things
Design News: Fuzzing Framework Fights Control Hackers
Federal News Radio: Target Breach interview with Johannes Ullrich
Careers Info Security: Top 10 InfoSec Careers Influencers
CSO Magazine: Rising impact of Target breach indicates deeper hack into systems
CBC News: Snapchat hack shows vulnerable side of smartphone apps
threatpost: Probes Against Linksys Backdoor Port Surging
Nextgov: The Ten Worst Hacks of 2013
Nextgov: Awards Recognize Best in Government Cybersecurity
Security Week: Alleged NSA Payment to RSA Raises New Fears of Gov't Undermining Crypto Security
Network World: Take the 10th annual SANS Institute Holiday Hacking Challenge
CSMonitor: Target data theft: worrying sign of cyber thieves' sophistication
threatpost: Facebook Phishing Campaign Employing Malicious Tumblr Pages
ComputerWorld: 300 victims report fake support calls to security org
Nextgov: Master's Accreditation Benefits Federal Cyber Pros
Course Review: SANS SEC 760 Advanced Exploit Development for Penetration Testers
CSO Magazine: Can we use Big Data to stop healthcare hacks?
internet evolution: IT Security Pros Click Into CyberWar
SC Magazine: The coming Internet of Things
Nextgov: Cybersecurity Experts Will Face Off in Mock NetWars
WSJ: U.S. Gives Companies Cybersecurity Guidelines to Protect Critical Infrastructure
HealthITSecurity: CISO focuses on compliance, collaboration for SANS summit
Federal News Radio: DHS, SANS Institute join forces to give agencies cyber primer
NetworkWorld: New GIAC certification advances industrial cyber security
Certification Magazine: New GIAC cert aimed at protecting industry and infrastructure
CSO Magazine: What the Internet of Things means for security
Security Bistro: The Global Industrial Cyber Security Professional Certification (GICSP) is Launching in November
NBC News: Cyber defenders are in short supply as hacking wars escalate
Control Engineering: Cyber security experiment reveals threats to industrial systems
eWeek: Cyber-Security in 2013: Software, People Still Have Vulnerabilities
ComputerWorld: Shutdown could delay government's patching of IE, Windows and .NET flaws
ComputerWorld: Adobe hack shows subscription software vendors lucrative targets
TechRepublic: Researchers reverse-engineer the Dropbox client: What it means
MIT Technology Review: Dropbox and Similar Services Can Sync Malware
CSO Magazine: CSOs: Stop flogging the threats and start providing solutions
Business News Daily: Here Comes Windows 8.1 — Should You Upgrade?
FCW: Why .gov went dark
Infosecurity: Former DHS Secretary Launches Council on Cybersecurity
Infosecurity: SANS: Internet of Things Must Drive Fresh Security Approaches
Security Bistro: Thinking About How to Secure the Internet of Things (IoT)
How to make a bazillion dollars in 2014 from Windows XP
HealthITSecurity: Engaging users to augment healthcare security training
Course Review: SANS SEC573 Python for Penetration Testers
NPR: U.S. Worries NSA Leaker's Files Could Be Hacked
So, You Wanna Be a Penetration Tester?
CSO Magazine: 5 questions with Alissa Torres, SANS Instructor and Incident Handler at Mandiant
WSJ: The Morning Download: Gas Industry Lobbies Against Cyber Standards
NetworkWorld: Security analytics will be the next big thing in IT security
CyberCity: Training Ground For The Navy SEALs Of Online Defense
CNN: America's next threat: Cyberterrorism?
Ecommerce Times: Market Jitters Hint at Social Hacks' High Threat Level
CSO Magazine: Social engineering in penetration tests: 6 tips for ethical (and legal) use
TechTarget: Trusted platform module aids Windows mobile device security
Nextgov: New Tool Can Help Agencies Assess Cyber Skills
AutomationWorld: An Education in Cyber Security
Government Technology: Colorado Embraces New IT Security Philosophy
New York Times: Luring Young Web Warriors Is a Priority. It’s Also a Game.
NetworkWorld: New course teaches techniques for detecting the most sophisticated malware in RAM only
Cybersecurity's Skills Deficiency: Paller: 'There's No Pipeline' of Deep-Knowledge Pros
InformationWeek: China Hack Attacks: Play Offense Or Defense?
SearchSecurity: Emerging threats include kinetic attack, offensive forensics: RSA 2013
CRN: 5 Most Dangerous New Hacking Techniques
Control Engineering: Michael Assante and Tim Conway offer security suggestions for plant operators
Bank Info Security: CISOs Building Credibility
New York Times: Some Victims of Online Hacking Edge Into the Light
CSO: How Colorado's CISO is revamping the state's information security -- on a $6,000 budget
Fox News: Cyber Experts Needed, But There's a Skills Gap
LA Times: Hackers target Western news organizations in China
NBC News: Cyber watchdogs worry about worker shortage
3 terrifying, but true, security tales
4 Ways to Spot an Internet Scam
A Tiny City Built To Be Destroyed By Cyber Terrorists, So Real Cities Know What’s Coming
AirForceTimes: Cybersecurity personnel to have new mission
Businessweek: The Battle to Protect Confidential Data
BYOD offers tricks and treats for enterprises, say analysts
CIO: SANS NetWars tests cybersecurity pros against peers
CNN: Scammers create fake donation websites for Sandy victims
Comprehensive Cybersecurity: Securing the Human Operating System
Course Review: SANS FOR408 Computer Forensic Investigations – Windows In-Depth
CSO: It's time to start patching the Human OS
Dark Reading: ‘CyberCity’ Faces Its First Attacks Next Month
Dice: Did Fried Brain Cells Bag John McAfee?
Forbes: The Cloud's Not-So-Secret Weak Link
Forensics: When is Data Truly Lost?
GCN: NetWars helps develop the future of cybersecurity
Hackers claim 12 million Apple IDs from FBI
InfoWorld: Eric Cole: Interview with a remarkable security guru
Inside a Forensics Investigation
IT Security Police: 'Step Away From That IE'
NetWars Tournament of Champions Tests the Skills of the Nation’s Top Cyber Security Practitioners
NetworkWorld: Want to develop cybersecurity skills? Try SANS Institute's NetWars
New Cyber Group Aims To Spread Basic Security
Potential for Sandy scams prompts warnings
SearchSecurity: Custom, targeted malware attacks demand new malware defense approach
SearchSecurity: NetWars CyberCity missions to improve critical infrastructure protection
Tool Scans for RTF Files Spreading Malware in Targeted Attacks
Washington Post: CyberCity allows government hackers to train for attacks
Whitelisting Traffic: A practical Exercise for Network Defenders
SANS CyberCon 2012: It's A Secret
Forbes: Spammers Are Using Facebook To Impersonate Your Friends
NY Post: White-hat cyberbug bounty nets cash
CIO: How to Secure Data by Addressing the Human Element
Lack of Cyber Career Paths and Training Standards Stymies Security
Google Switches On Browser Spy Cam in Chrome
Microsoft provides workarounds for Oracle vulnerability
DNS Changer: Cyber Criminals, Internet Access And The FBI
Washington Post: Cybersecurity chief urges action by Congress
DNSChanger apocalypse: Like Y2K, but even snoozier
CSO: Alan Paller on cutting through the bull
DNS Changer virus threat passes; no significant outages
Thousands risk Internet shutdown as U.S. fix expires
Botnet infections in the enterprise have experts advocating less automation
FBI Could Shut Off Servers
The AC/DC lesson: Why IPv4 will be with us a long time
Best practices for data encryption, Part 1
SANS Digital Forensics and Incident Response Summit
SearchSecurity: Password database inventory required following LinkedIn breach
InfoWeek: LinkedIn Password Breach: 9 Facts Key To Lawsuit
CSO: Advanced persistent threats can be beaten, says expert
Understanding and defeating APT, Part 2: Fighting the 'forever war' against implacable foes
Understanding and defeating APT, Part 1: Waking up to the who and why behind APT
How Ethical Hackers Make Computers Safer
SearchSecurity: Kaspersky Flame malware poses little threat to businesses
NetworkWorld: New approaches to combat 'sources of evil' and other security issues
Old remedies don’t work on new threats; SANS panel will discuss alternative medicine
Despite increased infosec spending, breaches and frustration are on the rise
3 Incident Response Essentials with Rob Lee
Interview with Ed Skoudis: SANS Cyber Guardians hack to help America win the cyberwar
Interview with SANS' Ed Skoudis: America losing the cybersecurity war to hackers
Vermont Tech student takes first place in computer skills tournament
Pitting Education Against Cyber Attacks
CIO: Mobile Malware: Beware Drive-by Downloads on Your Smartphone
SC Magazine: The six most dangerous infosec attacks
Ed Skoudis: RSA Conference Flash Talks 2012
Air Force aims to turn cyber into a career
SC Magazine: SANS builds digital certificate checker
The 10 Biggest Online Security Myths - And How to Avoid Them
CIO: How to Make Time for Continuing Education and Career Development
Mobile Device Security Expert Q&A Part II: Start treating phones as computers
Mobile Device Security Expert Q&A Part I: Where BYOD policy goes wrong
InformationWeek: 7 Ways To Toughen Enterprise Mobile Device Security
A Career in Forensics: 5 Key Steps
Implement user security awareness training
Forbes: Conversations On Cybersecurity: The Trouble With China, Part 1
Smart phones getting out of control? SANS hosts first Mobile Device Security Summit
REMnux 3 review – a treasure chest for the malware-curious
ComputerWorld Artikel: Industriekontrollsysteme ausser Kontrolle
Computerworld: Partly cloudy with a chance of hacking?
Forbes: Avoiding Heartbleed Hype, What To Do To Stay Safe

SANS in the News