The attackers allegedly stole admin credentials for Office 365 accounts, and planned to use stolen data to conduct gift card fraud.

You've no doubt heard about Marie Kondo's method of decluttering the home. Turns out, it can help security pros tackle all of those security tools piling up around the organization.

Four years, $1 million in payouts, and the identification of 950 bugs later, Shopify provides an excellent example for organizations looking to launch their own programs.

From Albany, New York, to Atlanta, Georgia, to Del Rio, Texas, cities across the US have been hit with ransomware attacks.

Still not fully clear about why your organization collects any (or all) log data? Experts offer their tips on making better use of log data and alerts to improve your security profile.

Thinking of the bot landscape as homogeneous paints an overly simplistic picture.

The following recommendations can help both end users and Web defenders mitigate credential abuse attacks.

No longer can you secure the perimeter or a centralized core and trust that nothing will get in or out. Effective security depends on an in-depth strategy - from the core to the edge.

As director of the DHS's National Risk Management Center, measuring and managing risk for critical infrastructure across 16 industrial sectors, Kolasky stands at a busy crossroads.

CTFs require participants to be creative while using their critical-thinking and problem-solving skills to ultimately arrive at a functional solution.

The 'bring your own device' movement has put security pros on high alert for a new breed of predator on the hunt to find ways to exploit the ever-expanding attack surface.

Whether it's your first investigation or 500th, review the basics of IT forensics to streamline and simplify your discovery.

The problem isn't with the code itself, experts say.

X.509 certificates help secure the identity, privacy, and communication between two endpoints, but these digital certificates also have built-in expiration and must be managed.

A lack of a security mandate in the development process has given rise to the recognized need for application security.

It's a valid question, and one many enterprises remain unsure of amid a mass migration that has transformed business over the past few years.

Virtual private networking is poised to become more automated and intelligent, especially as endpoints associated with cloud services and the Internet of Things need protection.

Of particular interest for cybercriminals is the Domain Name System, which plays a central role in orchestrating all Internet and application traffic.

Cyber security's comprehensive news site is now an online community for security professionals, outlining cyber threats and the technologies for defending against them.

Quantitative measurements - likelihood of loss, hard-dollar financial impact -- are what executives and directors need to make more informed decisions about security risks

Newly published '2019 Black Hat USA Attendee Survey' recommends users stay off social media and remain wary of products that promise to solve security problems.