New study shows that organizations are delaying fixing vulnerabilities in their IT environments.

Views expressed in this cybersecurity update are those of the reporters and correspondents.

Accessed on 20 February 2022, 1334 UTC.

Content provided by “”


Please click link or scroll down to read your selections.

Latest News

Key Application Security Metrics Show Few Signs of Improvement

A new study shows that organizations continued to take an inordinately long time to fix vulnerabilities and fixed fewer known issues in their environments last year than in 2020.

Free Cybersecurity Tools and Services List Published by CISA

The Cybersecurity & Infrastructure Security Agency (CISA) says this “living repository” is a mix of popular open source and free tools and services from both the private and public sectors.

NSA Issues Guidance for Selecting Strong Cisco Password Types

Poorly protected passwords in device configuration files present a risk of compromise, agency says.

Attackers Hone Their Playbooks, Become More Agile

Less malware, more interactive intrusions, and big game hunting lead to more success, with an 82% increase in ransomware-related data leaks.

Software-Developer Security Vendor Snyk Buys Cloud Security Company

Acquisition helps expand Snyk into the cloud security sector.

Russian Actors Targeting US Defense Contractors in Cyber Espionage Campaign, CISA Warns

Sensitive data stolen on US weapons development and deployment, product development, foreign partnerships, contracts, and more.

FBI: Cybercriminals Using Virtual Meeting Platforms to Wage BEC Attacks

Attackers are increasingly executing business email compromise (BEC) scams by impersonation of executives via virtual meetings.

Pixelating Text Leads to Information Leakage, Warns Firm

Blurring text isn’t enough to obscure sensitive information. An offensive-security firm releases a tool showing how information can still be exposed.

Latest Commentary

Ukraine DDoS: ‘Cyberattack’ or Not?

The country was hit by a distributed denial-of-service attack on Feb. 15, but some say that doesn’t rise to the level of “cyberattack.” Here’s why they’re wrong.

Feb 18, 2022

If the Cloud Is More Secure, Then Why Is Everything Still Broken?

The sooner we discover sources of risk, the better equipped we will be to create effective mitigations for them.

Feb 18, 2022

4 Keys to Bridging the Gap Between Security and Developers

Security personnel’s priority is protecting the organization. Developers are trying to hit tight timelines. Here’s how both groups can get get their needs met.

Feb 17, 2022

Hybrid Work Accelerated Fraud; Now, CSOs Are Taking a Seat at the Executive Table

The days of security as a second-class citizen are over.

Feb 16, 2022

3 Critical Software Development Security Trends and Best Practices

Organizations should focus on proactive, development-based approaches to security.

Feb 15, 2022

For the latest cybersecurity news and information, please check the blog sidebar, links, and twitter posts.

Russ Roberts (machine learning, artificial intelligence, IoT, and information security)