Analysis: Strong vs. Weak Encryption

Data Breach Today

The latest edition of the ISMG Security Report analyzes the debate over whether the government should require technology firms to use weak encryption for messaging applications. Plus, D-Link's proposed settlement with the FTC and a CISO's update on medical device security

Open Source Genomic Analysis Software Flaw Patched

Data Breach Today

Do Data Integrity Security Concerns Pose Potential Patient Safety Worries? A cybersecurity vulnerability discovered in open source software used by organizations conducting genomic analysis could potentially have enabled hackers to affect the accuracy of patient treatment decisions.

Analysis: The Significance of GDPR Fines

Data Breach Today

The latest edition of the ISMG Security Report analyzes the significance of fines against British Airways and Marriott for violations of the EU's GDPR. Also featured are discussions of California's privacy law as a model for other states and the next generation of deception technologies

Analysis: The Cybersecurity Risks Major Corporations Face

Data Breach Today

The latest edition of the ISMG Security Report features a deep dive into an analysis of the cybersecurity risks that publicly traded companies face.

Analysis: Facebook Breach's Impact

Data Breach Today

The latest edition of the ISMG Security Report features an analysis of the latest developments in Facebook's massive data breach and expert analysis of the potential for nation-state interference in the U.S. midterm elections

Avoiding Critical Security Risk Analysis Mistakes

Data Breach Today

Privacy attorney Adam Greene provides tips for avoiding mistakes when conducting a HIPAA security risk analysis and spells out the essential steps to take

Malware Static Analysis

Security Affairs

Malware researcher and founder of Yoroi Marco Ramilli shared a simple tool for malware static analysis he used to perform massive Malware analysis research. By clicking on the desired table raw a modal popup will show you static analysis details such as, which YARA rule has been hit. You can make your analysis here: [link]. Malware Static Analysis. SecurityAffairs – Malware static analysis, malware).

Analysis: Apple's New Single Sign-On Feature

Data Breach Today

The latest edition of the ISMG Security Report describes Apple's newly announced single sign-on function that's built with privacy in mind. Plus, a discussion of the "other" insider threat and an Infosecurity Europe conference recap

Analysis: The Evolving Ransomware Threat

Data Breach Today

The latest edition of the ISMG Security Report offers an in-depth look at the ever-changing ransomware threat. Other topics: filling the DevSecOps skills gap and the repercussions of Australia's encryption-busting law

UK Cyberattack Investigations: An Analysis

Data Breach Today

The latest edition of the ISMG Security Report features an analysis of the results of over 1,000 cyberattack investigations in the U.K. Also: an update on the proposed NIST privacy framework and a report on voter registration information for sale on the dark web

Analysis: Did Anthem's Security 'Certification' Have Value?

Data Breach Today

Insurer Was Certified as HITRUST CSF Compliant Before Its Mega-Breach Health insurer Anthem had earned HITRUST Common Security Framework certification before its mega-breach. Now that the insurer has agreed to a $16 million HIPAA settlement with federal regulators, who spelled out the company's security shortcomings, it's worth scrutinizing the value of adopting a framework

Analysis: Security Elements of 'Trusted Exchange Framework'

Data Breach Today

Some Proposals More Specific Than What's Required Under HIPAA Federal regulators have released a draft of a trusted health information exchange framework with some detailed security components that go beyond HIPAA requirements.

Analysis: Russian Misinformation Campaign

Data Breach Today

The latest edition of the ISMG Security Report offers an update on how Russian bots and trolls are spreading misinformation on vaccines via social media - and the public health impact of the campaign. Plus: Tips on disaster recovery, internet of things security

White House National Cyber Strategy: An Analysis

Data Breach Today

Security Experts Examine Administration's Document and Rhetoric A national cybersecurity strategy document released by the White House last week - along with comments from a top Trump administration official that the U.S.

2017 Security Transformation Study: Results Analysis

Data Breach Today

This survey was conducted online in the summer 2017, and it generated more than 260 responses from security leaders around the globe, with emphasis on North America, EMEA, India and APAC. Responses were consistent from organizations in all regions and sectors, with little statistical deviation. Forty percent of the respondent organizations have 10,000 or more employees

Study 113

Malware Analysis for Blue Teams

Data Breach Today

At a time when security professionals are faced not only with a barrage of threats, but with a myriad of threat intelligence data sources, it can be challenging to know when to stop an investigation. Join DomainTools Senior Security Engineer Tarik Saleh to learn essential methodologies from a blue team perspective

The Battle of Winterfell: A Tactical Analysis

WIRED Threat Level

Security Security / Security AdviceIf you're going up against an army of the undead, maybe plan a little better.

Q4 2017 Security Transformation Study: Results Analysis

Data Breach Today

This survey was conducted online in the summer 2017, and it generated more than 260 responses from security leaders around the globe, with emphasis on North America, EMEA, India and APAC. Responses were consistent from organizations in all regions and sectors, with little statistical deviation. Forty percent of the respondent organizations have 10,000 or more employees

Study 106

Risk Analysis Requirement Survives 'Meaningful Use' Revamp

Data Breach Today

But current program requirements for conducting a security risk analysis would stick CMS Proposes Major Overhaul of EHR Incentive Program, Emphasizing Interoperability Federal regulators are proposing an overhaul to the "meaningful use" electronic health record incentive program.

Excellent Analysis of the Boeing 737 MAX Software Problems

Schneier on Security

This is the best analysis of the software causes of the Boeing 737 MAX disasters that I have read. Technically this is safety and not security; there was no attacker.

The importance of knowing ‘where’ in digital forensic analysis

OpenText Information Management

This issue is often exacerbated by a … The post The importance of knowing ‘where’ in digital forensic analysis appeared first on OpenText Blogs. Professional Services Digital Forensic Analysis EnCase EnCase Training OpenText EnCase OpenText Security Security Solutions

ISO 27001: Gap analysis vs. risk assessment

IT Governance

What is a gap analysis? An ISO 27001 gap analysis gives organisations an overview of what they need to do to meet the Standard’s requirements. How to use risk assessments to achieve maximum benefits from minimum security costs.

“Collection #1” Data Breach Analysis – Part 1

Security Affairs

Today I’d like to write a quick partial analysis that I’ve been able to extract from those records (I grabbed data from public available pasties website). PARTIAL Analysis of Collection #1. Collection #1 PARTIAL Analysis on used passwords. PARTIAL Analysis on most leaked domain.

“Collection #1” Data Breach Analysis – Part 2

Security Affairs

The cyber security expert Marco Ramilli continues its analysis of the data leak known as Collection #1, he shared some interesting views on data The cyber security expert Marco Ramilli continues its analysis of the data leak known as Collection #1, he shared some interesting views on data.

Ten steps to a GDPR gap analysis

IT Governance

Most GDPR (General Data Protection Regulation) compliance projects start with a gap analysis. A gap analysis is a popular method of assessing compliance against the requirements of the Regulation. What does a gap analysis involve? Can I use a free GDPR gap analysis tool?

Spotting RATs: Delphi wrapper makes the analysis harder

Security Affairs

Experts observed an increase of the malware spreading using less-known archive types as dropper,in particular ISO image.Delphi wrapper makes analysis harder. Technical Analysis. This list will be used later to identify the presence of programs belonging to analysis environment.

CIA sextortion campaign, analysis of a well-organized scam

Security Affairs

“I am one of several people who have access to those documents and I have enough security clearance to amend and remove your details from this case.” The post CIA sextortion campaign, analysis of a well-organized scam appeared first on Security Affairs.

Analysis: California's Groundbreaking Privacy Law

Data Breach Today

The latest edition of the ISMG Security Report features a discussion of California's groundbreaking new privacy law as well as an update on the potential impact of the hacker group responsible for the Ticketmaster breach

5 key benefits of an ISO 27001 gap analysis

IT Governance

Building an ISMS (information security management system) that that meets the requirements of ISO 27001 is a challenging project, and it is often difficult to know where to start. Below we have outlined exactly how an ISO 27001 gap analysis can benefit your organisation.

What exactly is an ISO 27001 gap analysis, anyway?

IT Governance

ISMS (information security management system) that meets the requirements of ISO 27001 can be challenging. One solution is to conduct an ISO 27001 gap analysis – a process many organisations consider an important starting point when putting a prioritised plan in place.

Analysis: NY Attorney General's Anti-Breach Actions

Data Breach Today

Privacy attorney Kirk Nahra offers an analysis of the New York state attorney general proposing updates to the state's data security laws and issuing a substantial financial penalty in a HIPAA violations case

Security Analysis of the LIFX Smart Light Bulb

Schneier on Security

The security is terrible : In a very short limited amount of time, three vulnerabilities have been discovered: Wifi credentials of the user have been recovered (stored in plaintext into the flash memory). No security settings.

Recalling 9 Years of Cybersecurity News and Analysis

Data Breach Today

This episode of the ISMG Security Report is devoted to producer/host Eric Chabrow's recollection of the evolution of cybersecurity news and analysis during his nine years at Information Security Media Group. Chabrow is retiring after 45 years in journalism

The Better Way: Threat Analysis & IIoT Security

Dark Reading

Threat analysis offers a more nuanced and multidimensional approach than go/no-go patching in the Industrial Internet of Things. But first, vendors must agree on how they report and address vulnerabilities

Analysis: Swiping Cryptocurrencies Through a Back Door

Data Breach Today

Leading the latest edition of the ISMG Security Report: Our exclusive report on an Australian criminal investigation into a company that apparently swiped cryptocurrency using a software backdoor. Also, cutting through the hype on artificial intelligence and machine learning

Analysis: Distraction Tactics Used in Banco de Chile Hack

Data Breach Today

Leading the latest edition of the ISMG Security Report: An analysis of how distraction tactics were used during a $10 million SWIFT-related hack at Banco de Chile. Also, a wrapup of Infosecurity Europe

Free download: GDPR & ISO 27001 Gap Analysis Tools

IT Governance

While Brexit continues to cause widespread uncertainty, you can at least be sure of one thing: deal or no deal, the security risks your organisation faces won’t go away. Data breaches are on the up, and information security and GDPR compliance remain business-critical issues.

Sectigo says that most of certificates reported by Chronicle analysis were already revoked

Security Affairs

Chronicle’s security researchers have analyzed submissions May 7, 2018, and May 7, 2019 discovering that out of a total of 3,815 signed malware samples, 1,775 were signed using a digital certificate issued by Comodo RSA Code Signing CA. .

DNS Security

Adam Shostack

They asked us to look at the value of DNS security, such as when your DNS provider uses threat intel to block malicious sites. The report is available from GCA’s site: Learn About How DNS Security Can Mitigate One-Third of Cyber Incidents. breach analysis measurement Reports and Data SecurityI’m happy to say that some new research by Jay Jacobs, Wade Baker, and myself is now available, thanks to the Global Cyber Alliance.

Stormshield Network Security: UTM Overview and Analysis

eSecurity Planet

We review Stormshield Network Security UTM solutions, a leader in the European security market