Analysis: Strong vs. Weak Encryption

Data Breach Today

The latest edition of the ISMG Security Report analyzes the debate over whether the government should require technology firms to use weak encryption for messaging applications. Plus, D-Link's proposed settlement with the FTC and a CISO's update on medical device security

Analysis: Facebook Breach's Impact

Data Breach Today

The latest edition of the ISMG Security Report features an analysis of the latest developments in Facebook's massive data breach and expert analysis of the potential for nation-state interference in the U.S. midterm elections

Analysis: The Texas Ransomware Mess

Data Breach Today

The latest edition of the ISMG Security Report analyzes the ransomware attack on Texas municipalities as part of a broader trend. Also featured: An initiative designed to safeguard the 2020 presidential elections and a CIO's third-party risk management efforts

Analysis: Report on China Attacking Mobile Devices

Data Breach Today

This week's ISMG Security Report takes a close look at whether an iPhone hacking campaign may be linked to Android spying campaigns by China. Plus: Do ransomware gangs target organizations that have cyber insurance

Analysis: The Cybersecurity Risks Major Corporations Face

Data Breach Today

The latest edition of the ISMG Security Report features a deep dive into an analysis of the cybersecurity risks that publicly traded companies face.

Avoiding Critical Security Risk Analysis Mistakes

Data Breach Today

Privacy attorney Adam Greene provides tips for avoiding mistakes when conducting a HIPAA security risk analysis and spells out the essential steps to take

Malicious PDF Analysis

Security Affairs

In the last few days I have done some analysis on malicious documents, especially PDF. Then I thought, “Why not turn a PDF analysis into an article?” Most security tools must always be adapted to this new reality of attack and infection.

Open Source Genomic Analysis Software Flaw Patched

Data Breach Today

Do Data Integrity Security Concerns Pose Potential Patient Safety Worries? A cybersecurity vulnerability discovered in open source software used by organizations conducting genomic analysis could potentially have enabled hackers to affect the accuracy of patient treatment decisions.

Analysis: How Police Disrupted a Cryptomining Malware Gang

Data Breach Today

The latest edition of the ISMG Security Report offers an analysis of how French cyber police disrupted a cryptomining malware gang. Also featured: Apple's botched patching of a jailbreaking vulnerability; an industry veteran's insights on battling payment card fraud

Analysis: The Capital One Breach

Data Breach Today

The latest edition of the ISMG Security Report analyzes the root causes of the Capital One data breach. Also featured: breach remediation advice and compliance with New York's new third-party risk management requirements

Analysis: The Impact of Business Email Compromise Attacks

Data Breach Today

This week's ISMG Security Report analyzes the cost of business email compromise attacks and the recent arrest of dozens of suspects. Also featured: updates on the easy availability of low-cost hacking tools and the latest payment card fraud trends

Malware Static Analysis

Security Affairs

Malware researcher and founder of Yoroi Marco Ramilli shared a simple tool for malware static analysis he used to perform massive Malware analysis research. By clicking on the desired table raw a modal popup will show you static analysis details such as, which YARA rule has been hit. You can make your analysis here: [link]. Malware Static Analysis. SecurityAffairs – Malware static analysis, malware).

Analysis: Apple's New Single Sign-On Feature

Data Breach Today

The latest edition of the ISMG Security Report describes Apple's newly announced single sign-on function that's built with privacy in mind. Plus, a discussion of the "other" insider threat and an Infosecurity Europe conference recap

Analysis: Security Elements of 'Trusted Exchange Framework'

Data Breach Today

Some Proposals More Specific Than What's Required Under HIPAA Federal regulators have released a draft of a trusted health information exchange framework with some detailed security components that go beyond HIPAA requirements.

UK Cyberattack Investigations: An Analysis

Data Breach Today

The latest edition of the ISMG Security Report features an analysis of the results of over 1,000 cyberattack investigations in the U.K. Also: an update on the proposed NIST privacy framework and a report on voter registration information for sale on the dark web

Analysis: The Evolving Ransomware Threat

Data Breach Today

The latest edition of the ISMG Security Report offers an in-depth look at the ever-changing ransomware threat. Other topics: filling the DevSecOps skills gap and the repercussions of Australia's encryption-busting law

Analysis: Did Anthem's Security 'Certification' Have Value?

Data Breach Today

Insurer Was Certified as HITRUST CSF Compliant Before Its Mega-Breach Health insurer Anthem had earned HITRUST Common Security Framework certification before its mega-breach. Now that the insurer has agreed to a $16 million HIPAA settlement with federal regulators, who spelled out the company's security shortcomings, it's worth scrutinizing the value of adopting a framework

Analysis: Russian Misinformation Campaign

Data Breach Today

The latest edition of the ISMG Security Report offers an update on how Russian bots and trolls are spreading misinformation on vaccines via social media - and the public health impact of the campaign. Plus: Tips on disaster recovery, internet of things security

White House National Cyber Strategy: An Analysis

Data Breach Today

Security Experts Examine Administration's Document and Rhetoric A national cybersecurity strategy document released by the White House last week - along with comments from a top Trump administration official that the U.S.

2017 Security Transformation Study: Results Analysis

Data Breach Today

This survey was conducted online in the summer 2017, and it generated more than 260 responses from security leaders around the globe, with emphasis on North America, EMEA, India and APAC. Responses were consistent from organizations in all regions and sectors, with little statistical deviation. Forty percent of the respondent organizations have 10,000 or more employees

Study 110

Risk Analysis Requirement Survives 'Meaningful Use' Revamp

Data Breach Today

But current program requirements for conducting a security risk analysis would stick CMS Proposes Major Overhaul of EHR Incentive Program, Emphasizing Interoperability Federal regulators are proposing an overhaul to the "meaningful use" electronic health record incentive program.

Malware Analysis for Blue Teams

Data Breach Today

At a time when security professionals are faced not only with a barrage of threats, but with a myriad of threat intelligence data sources, it can be challenging to know when to stop an investigation. Join DomainTools Senior Security Engineer Tarik Saleh to learn essential methodologies from a blue team perspective

Q4 2017 Security Transformation Study: Results Analysis

Data Breach Today

This survey was conducted online in the summer 2017, and it generated more than 260 responses from security leaders around the globe, with emphasis on North America, EMEA, India and APAC. Responses were consistent from organizations in all regions and sectors, with little statistical deviation. Forty percent of the respondent organizations have 10,000 or more employees

Study 103

The Battle of Winterfell: A Tactical Analysis

WIRED Threat Level

Security Security / Security AdviceIf you're going up against an army of the undead, maybe plan a little better.

The importance of knowing ‘where’ in digital forensic analysis

OpenText Information Management

This issue is often exacerbated by a … The post The importance of knowing ‘where’ in digital forensic analysis appeared first on OpenText Blogs. Professional Services Digital Forensic Analysis EnCase EnCase Training OpenText EnCase OpenText Security Security Solutions

ISO 27001: Gap analysis vs. risk assessment

IT Governance

What is a gap analysis? An ISO 27001 gap analysis gives organisations an overview of what they need to do to meet the Standard’s requirements. How to use risk assessments to achieve maximum benefits from minimum security costs.

Excellent Analysis of the Boeing 737 MAX Software Problems

Schneier on Security

This is the best analysis of the software causes of the Boeing 737 MAX disasters that I have read. Technically this is safety and not security; there was no attacker.

Analysis: California's Groundbreaking Privacy Law

Data Breach Today

The latest edition of the ISMG Security Report features a discussion of California's groundbreaking new privacy law as well as an update on the potential impact of the hacker group responsible for the Ticketmaster breach

Ten steps to a GDPR gap analysis

IT Governance

Most GDPR (General Data Protection Regulation) compliance projects start with a gap analysis. A gap analysis is a popular method of assessing compliance against the requirements of the Regulation. What does a gap analysis involve? Can I use a free GDPR gap analysis tool?

“Collection #1” Data Breach Analysis – Part 1

Security Affairs

Today I’d like to write a quick partial analysis that I’ve been able to extract from those records (I grabbed data from public available pasties website). PARTIAL Analysis of Collection #1. Collection #1 PARTIAL Analysis on used passwords. PARTIAL Analysis on most leaked domain.

5 key benefits of an ISO 27001 gap analysis

IT Governance

Building an ISMS (information security management system) that that meets the requirements of ISO 27001 is a challenging project, and it is often difficult to know where to start. Below we have outlined exactly how an ISO 27001 gap analysis can benefit your organisation.

“Collection #1” Data Breach Analysis – Part 2

Security Affairs

The cyber security expert Marco Ramilli continues its analysis of the data leak known as Collection #1, he shared some interesting views on data The cyber security expert Marco Ramilli continues its analysis of the data leak known as Collection #1, he shared some interesting views on data.

Analysis: NY Attorney General's Anti-Breach Actions

Data Breach Today

Privacy attorney Kirk Nahra offers an analysis of the New York state attorney general proposing updates to the state's data security laws and issuing a substantial financial penalty in a HIPAA violations case

What exactly is an ISO 27001 gap analysis, anyway?

IT Governance

ISMS (information security management system) that meets the requirements of ISO 27001 can be challenging. One solution is to conduct an ISO 27001 gap analysis – a process many organisations consider an important starting point when putting a prioritised plan in place.

NEW TECH: ICS zero-day flaws uncovered by Nozomi Networks’ analysis of anomalous behaviors

The Last Watchdog

Andrea Carcano’s journey to co-founding a security company in the vanguard of defending critical infrastructure began at a tender age. PhD in hand, Carcano spent three years in the field helping a large oil-and-gas company tighten ICS security for operations in different corners of the world. We’re going to need a lot more of it to make things as secure as they need to be.

Watch out! Malware Analysis Sandboxes could expose sensitive data of your organization

Security Affairs

A study conducted by researchers at Cyjax revealed that organizations expose sensitive data via sandboxes used for malware analysis. One of the files exposed via the malware analysis sandboxes appeared to be a U.S.

The Better Way: Threat Analysis & IIoT Security

Dark Reading

Threat analysis offers a more nuanced and multidimensional approach than go/no-go patching in the Industrial Internet of Things. But first, vendors must agree on how they report and address vulnerabilities

Security Analysis of the LIFX Smart Light Bulb

Schneier on Security

The security is terrible : In a very short limited amount of time, three vulnerabilities have been discovered: Wifi credentials of the user have been recovered (stored in plaintext into the flash memory). No security settings.

MY TAKE: Can ‘Network Traffic Analysis’ cure the security ills of digital transformation?

The Last Watchdog

If digital transformation, or DX , is to reach its full potential, there must be a security breakthrough that goes beyond legacy defenses to address the myriad new ways threat actors can insinuate themselves into complex digital systems. NTA refers to using advanced data mining and security analytics techniques to detect and investigate malicious activity in traffic moving between each device and on every critical system in a company network.

CIA sextortion campaign, analysis of a well-organized scam

Security Affairs

“I am one of several people who have access to those documents and I have enough security clearance to amend and remove your details from this case.” The post CIA sextortion campaign, analysis of a well-organized scam appeared first on Security Affairs.