Malicious PDF Analysis

Security Affairs

In the last few days I have done some analysis on malicious documents, especially PDF. Then I thought, “Why not turn a PDF analysis into an article?” SecurityAffairs – PDF analysis, hacking). The post Malicious PDF Analysis appeared first on Security Affairs.

Analysis: Facebook Breach's Impact

Data Breach Today

The latest edition of the ISMG Security Report features an analysis of the latest developments in Facebook's massive data breach and expert analysis of the potential for nation-state interference in the U.S. midterm elections

2018 Health Data Breach Tally: An Analysis

Data Breach Today

Hacking Incidents Still Dominate, But Fewer Huge Incidents Than in Years Past Major health data breaches added to the official federal tally in 2018 impacted more than twice as many individuals as the incidents added to the list 2017.

UK Cyberattack Investigations: An Analysis

Data Breach Today

The latest edition of the ISMG Security Report features an analysis of the results of over 1,000 cyberattack investigations in the U.K. Also: an update on the proposed NIST privacy framework and a report on voter registration information for sale on the dark web

Avoiding Critical Security Risk Analysis Mistakes

Data Breach Today

Privacy attorney Adam Greene provides tips for avoiding mistakes when conducting a HIPAA security risk analysis and spells out the essential steps to take

Analysis: Health Data Breach Tally Trends

Data Breach Today

Here's an analysis of the latest statistics and the reasons behind the trends

“Collection #1” Data Breach Analysis – Part 1

Security Affairs

Today I’d like to write a quick partial analysis that I’ve been able to extract from those records (I grabbed data from public available pasties website). PARTIAL Analysis of Collection #1. Collection #1 PARTIAL Analysis on used passwords. PARTIAL Analysis on most leaked domain.

Government Spending on Cybersecurity: An Analysis

Data Breach Today

Around the world, many CIOs at various levels of governments expect an increase in cybersecurity spending in 2019, according to new research from Gartner. Alia Mendonsa, co-author of the report, analyzes the results of a global survey

“Collection #1” Data Breach Analysis – Part 2

Security Affairs

The cyber security expert Marco Ramilli continues its analysis of the data leak known as Collection #1, he shared some interesting views on data The cyber security expert Marco Ramilli continues its analysis of the data leak known as Collection #1, he shared some interesting views on data.

Analysis: Anthem Data Breach Settlement

Data Breach Today

Some terms of the recent $115 million settlement in the class action lawsuit against health insurer Anthem tied to a 2015 cyberattack appear underwhelming for the victims, says attorney James DeGraw, who explains why

ISO 27001: Gap analysis vs. risk assessment

IT Governance

What is a gap analysis? An ISO 27001 gap analysis gives organisations an overview of what they need to do to meet the Standard’s requirements. Download now >> The post ISO 27001: Gap analysis vs. risk assessment appeared first on IT Governance Blog.

White House National Cyber Strategy: An Analysis

Data Breach Today

Security Experts Examine Administration's Document and Rhetoric A national cybersecurity strategy document released by the White House last week - along with comments from a top Trump administration official that the U.S.

Analysis: Verizon's Breach Report 2018

Data Breach Today

Verizon's latest Data Breach Investigations Report shows that half of data breaches in 2017 worldwide were orchestrated by organized cybercriminal groups, says Verizon's Ashish Thapar, who offers an in-depth analysis of the findings

Malware Analysis for Blue Teams

Data Breach Today

At a time when security professionals are faced not only with a barrage of threats, but with a myriad of threat intelligence data sources, it can be challenging to know when to stop an investigation. Join DomainTools Senior Security Engineer Tarik Saleh to learn essential methodologies from a blue team perspective

Risk Analysis Requirement Survives 'Meaningful Use' Revamp

Data Breach Today

But current program requirements for conducting a security risk analysis would stick CMS Proposes Major Overhaul of EHR Incentive Program, Emphasizing Interoperability Federal regulators are proposing an overhaul to the "meaningful use" electronic health record incentive program.

Using Machine Data Analysis to Detect Fraud

Data Breach Today

Jade Catalano of Splunk Discusses Early Detection Methods Connecting the dots between disparate forms of machine data can prove to be valuable in discovering fraud patterns, says Jade Catalano of Splunk, who explains how

The importance of knowing ‘where’ in digital forensic analysis

OpenText Information Management

This issue is often exacerbated by a … The post The importance of knowing ‘where’ in digital forensic analysis appeared first on OpenText Blogs. Professional Services Digital Forensic Analysis EnCase EnCase Training OpenText EnCase OpenText Security Security Solutions

Analysis: Data Breach Litigation Trends

Data Breach Today

Lawsuits filed in the wake of data breaches are evolving, says attorney John Yanchunis, who represents plaintiffs in many of these class action cases

Medicaid Data Breach Trends: An Analysis

Data Breach Today

One Big Hacker Incident Responsible for Most Victims Impacted in 2016 Medicaid agencies and their contractors reported more than 1,200 data breaches in 2016, but just one hacking incident accounted for more than 70 percent of all victims, according to a new report. What else does the report reveal

Analysis: Updates to STIX, TAXII Standards

Data Breach Today

Allan Thomson of LookingGlass Describes Enhancements The STIX and TAXII standards for threat intel interchange have undergone a major upgrade to v2.0. LookingGlass CTO Allan Thomson, who's been closely involved in its development, describes the role of these enhanced standards

Analysis: California's Groundbreaking Privacy Law

Data Breach Today

The latest edition of the ISMG Security Report features a discussion of California's groundbreaking new privacy law as well as an update on the potential impact of the hacker group responsible for the Ticketmaster breach

Analysis: Did Anthem's Security 'Certification' Have Value?

Data Breach Today

Insurer Was Certified as HITRUST CSF Compliant Before Its Mega-Breach Health insurer Anthem had earned HITRUST Common Security Framework certification before its mega-breach. Now that the insurer has agreed to a $16 million HIPAA settlement with federal regulators, who spelled out the company's security shortcomings, it's worth scrutinizing the value of adopting a framework

Free download: GDPR & ISO 27001 Gap Analysis Tools

IT Governance

That’s why – for a limited time – we’re giving away our EU GDPR Compliance Gap Assessment Tool and ISO 27001 Gap Analysis Tool for free*. analysis?gives Without a gap analysis, it’s impossible to know where you stand in terms of ISO 27001 compliance.

The Legal Case for a Coherent Risk Analysis Program

Data Breach Today

Attorney Shawn Tuma on Improving Cybersecurity and Regulatory Compliance A coherent risk analysis program tailored to the organization is a vital component of any effort to improve cybersecurity and meet regulatory requirements, says attorney Shawn Tuma

Analysis: NY Attorney General's Anti-Breach Actions

Data Breach Today

Privacy attorney Kirk Nahra offers an analysis of the New York state attorney general proposing updates to the state's data security laws and issuing a substantial financial penalty in a HIPAA violations case

Analysis: FDA's Reworked Premarket Medical Device Guidance

Data Breach Today

The FDA's recently issued draft document updating its premarket medical device cybersecurity guidance originally issued in 2014 contains several important provisions, says regulatory attorney Yarmela Pavlovic, who explains the details

5 key benefits of an ISO 27001 gap analysis

IT Governance

One way to simplify the process is to conduct an ISO 27001 gap analysis , a process in which your current state of compliance is measured against the Standard. Below we have outlined exactly how an ISO 27001 gap analysis can benefit your organisation.

Analysis: Security Elements of 'Trusted Exchange Framework'

Data Breach Today

Some Proposals More Specific Than What's Required Under HIPAA Federal regulators have released a draft of a trusted health information exchange framework with some detailed security components that go beyond HIPAA requirements.

Analysis: Opioid Legislation Stripped of Privacy Provision

Data Breach Today

Although the passage by Congress of the Support for Patients and Communities Act this week is an important step in the nation's battle against the opioid drug addiction crisis, it lacks a critical privacy provision, says Geisinger Health CIO John Kravitz, who analyzes the implications

What exactly is an ISO 27001 gap analysis, anyway?

IT Governance

One solution is to conduct an ISO 27001 gap analysis – a process many organisations consider an important starting point when putting a prioritised plan in place. But what is an ISO 27001 gap analysis, and what does it entail? The breadth of applicability of? ISO 27001 ?can

Traffic Analysis of the LTE Mobile Standard

Schneier on Security

Interesting research in using traffic analysis to learn things about encrypted traffic. It's hard to know how critical these vulnerabilities are. They're very hard to close without wasting a huge amount of bandwidth. The active attacks are more interesting.

Analysis: Distraction Tactics Used in Banco de Chile Hack

Data Breach Today

Leading the latest edition of the ISMG Security Report: An analysis of how distraction tactics were used during a $10 million SWIFT-related hack at Banco de Chile. Also, a wrapup of Infosecurity Europe

Analysis: VPN Fail Reveals 'Guccifer 2.0' is 'Fancy Bear'

Data Breach Today

Evidence continues to mount that Russian intelligence created the "Guccifer 2.0" hacker online persona as a "plausible deniability" cover for dumping information stolen from the U.S. Democratic National Committee, among other targets, says cybersecurity expert Alan Woodward

Security Analysis of the LIFX Smart Light Bulb

Schneier on Security

The security is terrible : In a very short limited amount of time, three vulnerabilities have been discovered: Wifi credentials of the user have been recovered (stored in plaintext into the flash memory). No security settings.

Analysis: Swiping Cryptocurrencies Through a Back Door

Data Breach Today

Leading the latest edition of the ISMG Security Report: Our exclusive report on an Australian criminal investigation into a company that apparently swiped cryptocurrency using a software backdoor. Also, cutting through the hype on artificial intelligence and machine learning

Analysis: 'Orangeworm' Attacks Appear to Involve Espionage

Data Breach Today

Corporate espionage appears to be the motive behind cyberattacks targeting a variety of medical-related equipment and systems, researcher Jon DiMaggio of Symantec says in an in-depth interview about the activities of a hacker group the company has dubbed "Orangeworm

Recalling 9 Years of Cybersecurity News and Analysis

Data Breach Today

This episode of the ISMG Security Report is devoted to producer/host Eric Chabrow's recollection of the evolution of cybersecurity news and analysis during his nine years at Information Security Media Group. Chabrow is retiring after 45 years in journalism

2017 Security Transformation Study: Results Analysis

Data Breach Today

This survey was conducted online in the summer 2017, and it generated more than 260 responses from security leaders around the globe, with emphasis on North America, EMEA, India and APAC. Responses were consistent from organizations in all regions and sectors, with little statistical deviation. Forty percent of the respondent organizations have 10,000 or more employees

Study 108

Q4 2017 Security Transformation Study: Results Analysis

Data Breach Today

This survey was conducted online in the summer 2017, and it generated more than 260 responses from security leaders around the globe, with emphasis on North America, EMEA, India and APAC. Responses were consistent from organizations in all regions and sectors, with little statistical deviation. Forty percent of the respondent organizations have 10,000 or more employees

Study 102

What’s the difference between a risk assessment and a business impact analysis?

IT Governance

Whether you’re creating a disaster recovery or business continuity plan, you must conduct a risk assessment and a BIA (business impact analysis). Business impact analysis. The post What’s the difference between a risk assessment and a business impact analysis?