Counterfeit hardware, especially in corporate settings, is a recurring problem that often goes unnoticed. Having such gear online poses serious financial, operational, and security risks. Cybersecurity company F-Secure has released an investigative report detailing counterfeit Cisco Catalyst 2960-X series switches. The report highlights challenges facing organizations that discover counterfeit devices in their IT infrastructure.

Tricentis and three survey project collaborators recently published findings that provide new insights on global trends in open-source testing. The study focused on the open-source tool testing industry, not how or if companies and software developers test their code. The results revealed that a lack of technical skills is the major roadblock to open-source tool adoption.

For most organizations, COVID-19 has been a literal transformative agent. Our organizations have almost overnight gone from environments where teleworking was an exception, to where it's the norm. As any student of human nature will tell you, people tend to view "the new" with reservation. There's a temptation when things are new to assume the worst about them. For security pros, this means we often view new things as riskier than things we're familiar with.

With much of the workforce conducting business from home to escape the pandemic, scammers have revved up their trickery to scare victims into falling for credential harvesting schemes. Two new reports lay bare the new twists digital scammers are putting on old approaches to get you to unwittingly give up login credentials.

Open Source Software is becoming much more commonplace within organizations, bringing a different set of risks and perceived challenges compared to closed source or proprietary software. The Information Security Forum has released a report to help security professionals recognize the benefits and perceived challenges of using Open Source Software.

Microsoft and Intel researchers have found a way to combine artificial intelligence and image analysis to create a highly effective means to combat malicious software infections. The researchers call their approach "STAMINA" -- static malware-as-image network analysis -- and say it's proven to be highly effective in detecting malware with a low rate of false positives.

Outdated or abandoned open source components are persistent in practically all commercial software, putting enterprise and consumer applications at risk from security issues, license compliance violations, and operational threats, concludes the Synopsys 2020 Open Source Security and Risk Analysis Report. The report highlights trends and patterns in open source usage within commercial applications.

Warren Buffet once said, "Only when the tide goes out do you discover who's been swimming naked." You can cover over a host of sins when times are good, but bad or unsafe practices will be exposed when times are rough. Time and experience have borne out the accuracy of this witticism in the financial arena -- and we're now seeing its applicability to the intersection of infosec and COVID-19.

As COVID-19 continues to spread, states and cities across the U.S. have imposed restrictions -- from banning large gatherings to lockdowns, with citizens ordered to stay home except for essential jobs and errands, or get outdoor exercise. These steps came as infection numbers mounted, and the World Health Organization stated that COVID-19 was in fact a global pandemic.

Critical server outages cost businesses an average of $300,000 hourly, with many cases exceeding $5 million. As network demands increase and maximum uptime becomes a necessity, it is crucial to implement the proper processes and systems to ensure organizations constantly are able to mitigate the threat of outages. A host of factors can cause network or system downtime.

As companies send employees home in an effort to curb the spread of COVID-19, cybersecurity experts are warning that telecommuting could be putting company assets and data at risk. There are a number of precautions that employees working from home should consider to ensure that sensitive data isn't compromised by cybercriminals taking advantage of the health crisis.

After several years of building and testing previews, Microsoft has announced the general availability of its Azure Sphere secure IoT service. Microsoft first introduced Azure Sphere in 2018, opting to use its own version of a Linux operating system instead of Windows 10 to drive its new Azure Sphere OS to securely connect Internet of Things devices.

Eclypsium has released research that identifies and confirms unsigned firmware in WiFi adapters, USB hubs, trackpads and cameras used in Windows and Linux computer and server products from Lenovo, Dell, HP and other major manufacturers. Eclypsium also demonstrated a successful attack on a server via a network interface card with unsigned firmware used by each of the big three server manufacturers.

As most security pros know, application containers -- Docker, rkt, etc. -- and the orchestration elements employed to support them, such as Kubernetes, are used increasingly in many organizations. Often the security organization isn't exactly the first stop on the path to deployment of these tools. If it was in your shop, consider yourself one of the lucky ones.

Amazon, Apple, Google and the Zigbee Alliance are teaming up on a new Internet Protocol-based standard for smart home device connectivity. Connected Home over IP will be an open source project. A working group will define a specific set of IP-based networking technologies for device certification. The goal is to enable communication across smart home devices, mobile apps and cloud services.

Cybersecurity incident response teams have choices when it comes to communication tools: Microsoft Teams, Slack, Zoom and numerous others. Some require a subscription or commercial license -- others are free. Some are niche tools specifically designed for incident response. Some are generic business communication tools that IR teams have adapted for use during a cybersecurity incident.

Among the highlights of Amazon Web Services re:Invent are three announcements that strengthen its presence in the enterprise hybrid IT infrastructure market: AWS is teaming with Verizon to deliver 5G edge cloud computing; the first AWS Local Zone is located in Los Angeles; and AWS Outposts are generally available. These moves "close some huge competitive gaps," observed tech analyst Rob Enderle.

If you're like most security pros, chances are you're starting to get frustrated with microservices a little -- or maybe a lot. Microservice architectures -- that is, architectures that leverage REST to build a number of small, distributed, modular components -- are powerful from a software architect's point of view. Want to make a change to a component quickly? Add new functionality?

We may just be turning the calendar to November, but if you're like most retailers, you're already deep into planning for the gift-giving season. Black Friday and Cyber Monday are circled and starred as you anticipate, with a mixture of excitement and trepidation, the spike in sales and massive increase in traffic to your website and mobile app -- with good reason.

As part of National Cyber Security Awareness Month, the National Cyber Security Alliance is advising all computer users to "Protect IT" by taking precautions such as updating to the latest security software, Web browser and OS. The nonprofit public-private partnership, which works with DHS and private sector sponsors, advised computer users on ways to protect their personal data.

Developers have patched a vulnerability in Sudo, a core command utility for Linux, that could allow a user to execute commands as a root user even if that root access was specifically disallowed. The patch prevents potential serious consequences within Linux systems. However, the Sudo vulnerability posed a threat only to a narrow segment of the Linux user base, according to Todd Miller, a maintainer of the open source Sudo project.

Stopping cyberattacks requires diligent behavior. One of the themes of this year's National Cyber Security Awareness Month, or NCSAM, is that all computer users should take steps to Secure IT. That means shaking up the passphrase protocol by using not just strong passwords but strong and unique passphrases. Everyone should double login protection through multifactor authentication.

If you've ever played chess, you know that each move you make has to be the best move. At one level, this is painfully obvious -- after all, who would choose to make a terrible move instead of a better one? -- but it's illustrative of an important concept. Specifically, the core reason it's true is that each individual move in a game like chess comes with an associated "opportunity cost."

Users of a multi-cloud storage strategy may be twice as likely to face a security breach as those that use hybrid or single clouds, suggests a report from UK-based security specialist Nominet. Fifty-two percent of survey respondents who adopted a multi-cloud approach suffered a data breach over the past 12 months, compared to 24 percent of hybrid cloud users, and 24 percent of single-cloud users.

A new collaboration between Dell Technologies and Google has produced the world's first enterprise-class Chromebook. The companies have announced their partnership to bring new capabilities and services to Dell's Unified Workspace strategy. Google launched its Chrome Enterprise capabilities in 2017 to give enterprises critical features like advanced security protections and fleet management.

There is no data showing how many people actually read through click agreements, terms of service and privacy policies -- collectively "online terms" -- before clicking the alluring "accept" button. However, there's research that indicates fewer than 1 percent of people report taking the time to review online terms. Most folks consider online terms an annoying speed bump and frankly don't care.

They say that the key to good security is constant vigilance. As a practical matter, this means that it's important for security and network pros to pay attention to two things: changes in the threat landscape, so they can be on the alert for how their systems might be attacked; and changes and developments in the technologies they employ. These consequences matter quite a bit.

Many online businesses rely on Black Friday and Cyber Monday to drive their profit margins. During this four-day period, retailers will see traffic on their site skyrocket. How can retailers make sure their sites are robust and won't fail during this critical period? The answer is to ensure your site is completely bombproof and can handle the surge in load without a problem.

The Russian hacking group known for stealing sensitive emails from the Democratic National Committee during the 2016 presidential election season has been cracking into printers, phones and video decoders to gain access to corporate networks, the Microsoft Security Response Center Team reported. The group is known by a number of names including "Strontium," "Fancy Bear" and "APT 28."

It is newly minted conventional wisdom that not a single information security conference goes by without a presentation about the abysmal state of IoT security. While this is a boon for researchers looking to make a name for themselves, this sorry state of affairs is definitely not beneficial for anyone who owns a connected device. IoT device owners aren't the only ones fed up, though.