NTT Security and WhiteHat Security Describe Deal

Data Breach Today

NTT's Khiro Mishra and WhiteHat's Craig Hinkley on Application Security NTT Security has signed a definitive agreement to acquire WhiteHat Security.

3 Critical Security Conversations

Data Breach Today

Oscar Chavez-Arietta of Sophos on Key Topics The cloud, artificial intelligence and security as a service - these are the three critical conversations that security leaders need to be having with their business counterparts, says Oscar Chavez-Arietta, vice president, Latin America, at Sophos

OnDemand Webinar | Using Security Ratings to Achieve Security Goals

Data Breach Today

How Ratings Can Be Leveraged To Improve Security Performance And Vendor Risk Management Watch this OnDemand webinar and learn how ratings be leveraged to improve security performance and vendor risk management

Risk 130

Balancing Digital Transformation and Security

Data Breach Today

Kaspersky's Claire Hatcher Describes a Layered Approach As companies go through a digital transformation, they should keep security top of mind, says Claire Hatcher of Kaspersky, who describes a layered approach

Security Firm Prosegur Hit By Ryuk Ransomware

Data Breach Today

Incident May Have Disrupted Networked Security Cameras Global security company Prosegur has blamed Ryuk ransomware for a service disruption that started Wednesday, which may have hampered networked alarms.

Multilayered Security Gets Personal

Data Breach Today

First Data's Tim Horton on Why Encryption Is Not Enough to Secure PII When large-scale data breaches started to proliferate more than a decade ago, security leaders called for end-to-end data encryption.

Update: Internet Security Threat Report

Data Breach Today

Kevin Haley of Symantec Shares Key Findings Kevin Haley of Symantec shares key findings from the company's latest Internet Security Threat Report

Own Your Cloud Security

Thales eSecurity

Secure. theme will help to encourage personal accountability and proactive behavior in digital privacy, security best practices, common cyber threats and cybersecurity careers. Specifically, AWS is responsible for the “security of the cloud”. Data security

Cloud 119

Election Security

Schneier on Security

Stanford University's Cyber Policy Center has published a long report on the security of US elections. Summary: it's not good. nationalsecuritypolicy reports securityengineering threatmodels voting

Securing Connected Medical Devices

Data Breach Today

Safi Oranski of CyberMDX Says to Secure Them, First You Have to Find Them A major challenge in ensuring medical device security is tracking all of these devices, says Safi Oranski of CyberMDX, who offers a review of other critical issues

The Unsexy Threat to Election Security

Krebs on Security

Much has been written about the need to further secure our elections, from ensuring the integrity of voting machines to combating fake news. Public confidence is at stake, even if the vote itself is secure.”

Lack of Secure Coding Called a National Security Threat

Data Breach Today

The lack of secure coding is a pervasive and serious threat to national security, according to a new paper from the Institute for Critical Infrastructure Technology. In an interview, Rob Roy, co-author of the report, outlines what steps should be taken to encourage or enforce secure coding practices

Best Practices for Device Security

Data Breach Today

Steve Hyman of Ordr on the Importance of Network Visibility As healthcare providers connect more and more devices to their networks, ensuring data security becomes far more complex, says Steve Hyman of Ordr, who describes best practices

The State of API Security

Data Breach Today

Jacques Declas of 42Crunch on the Need for Frequent Security Updates The lifecycle of security needs to match the lifecycle of APIs, which get replaced very frequently, says Jacques Declas of 42Crunch

What the Marriott Breach Says About Security

Krebs on Security

Or a previously unknown security flaw gets exploited before it can be patched. They’re reshuffling the organizational chart so that people in charge of security report to the board, the CEO, and/or chief risk officer — anyone but the Chief Technology Officer.

EMV 3D Secure: Upcoming Milestones

Data Breach Today

Fiserv's Jackie Hersch on Compliance, Improving Fraud Defenses The EMV 3D Secure specification faces some milestone dates in Europe and the U.S. What are these milestones, and how does the standard fit into fundamental fraud defenses? Jackie Hersch of Fiserv shares insight

Android 7.0+ Phones Can Now Double as Google Security Keys

Krebs on Security

and higher can now be used as Security Keys , an additional authentication layer that helps thwart phishing sites and password theft. But Google said starting this week, any mobile phone running Android 7.0+ (Nougat) can serve the same function as a USB-based security key.

Strategies for Securing Digital Transformation

Data Breach Today

PJ Maloney and William 'Buck' Houston on Steps to Bolster Cyber Defense Digital transformation is the buzz across all sectors, but it poses significant security risks to enterprises.

How IoT Changes Security

Data Breach Today

Steve Rog of ForeScout Technologies on Improving Security Hygiene The growth of IoT means traditional methods of security are inadequate, says Steve Rog of ForeScout Technologies, who calls for improvements in security hygiene

IoT 208

Digital Transformation: Security Best Practices

Data Breach Today

RSA's Holly Rollo on the Importance of Third-Party Risk Management Organizations going through a digital transformation need to make sure they develop a sound third-party risk management strategy, says RSA's Holly Rollo, who discusses best practices

Security Flaw Exposed Valid Airline Boarding Passes

Data Breach Today

Revisiting Election Security Threats

Data Breach Today

FBI's Elvis Chan on What's Being Done to Secure the 2020 Election Heading into the 2020 U.S. presidential election preseason, the FBI is squarely focused on defending against nation-state hacks or influence. Elvis Chan of the FBI talks about preparations for a cybersecure election

The Challenge of Secure Coding

Data Breach Today

Jeff Williams of Contrast Security on Why Application Security Is So Critical In today's highly connected, cloud-based environment, application security is more critical than ever, says Jeff Williams, co-founder and CTO of Contrast Security, who explains why

Cloud 176

NIST Issues Draft Guidance for Securing PACS

Data Breach Today

Tips on Keeping Picture Archiving and Communications Systems Secure New draft guidance from the National Institute of Standards and Technology aims to help healthcare organizations improve the security of picture archiving and communications systems, or PACS

How to Make a Security Transformation

Data Breach Today

RSA's Ganesh Prasad on Understanding Risk Exposure in a Digital Transformation A successful digital transformation journey must include a security transformation journey that includes a careful examination of risks, says Ganesh Prasad of RSA

Securing the Hyper-Connected Enterprise

Data Breach Today

Cequence Security's Larry Link on Defending the New Norm In today's hyper-connected enterprise, organizations are at risk of two different types of attack. Larry Link, CEO of Cequence Security, explains how to defend at a platform level - without adding friction

Security Affairs newsletter Round 242

Security Affairs

Every week the best security articles from Security Affairs free for you in your email box. Dutch National Cyber Security Centre warns ransomware infected thousands of businesses. The post Security Affairs newsletter Round 242 appeared first on Security Affairs.

Enhancing Security Governance

Data Breach Today

Longtime CISO Vito Sardanopoli on Building an Effective Security Program A formal security program that spells out precise governance components is critical to protecting sensitive data, says Vito Sardanopoli, who served on the U.S.

Hackers Hit Unpatched Pulse Secure and Fortinet SSL VPNs

Data Breach Today

Vendors Issued Security Updates to Fix Severe Flaws Several Months Ago Patch or perish redux: Hackers are unleashing automated attacks to find and exploit known flaws in SSL VPNs manufactured by Fortinet and Pulse Secure to steal passwords.

Security at the Speed of the Cloud

Data Breach Today

McKinsey CISO Dan Fitzgerald on DevSecOps and the Future of Cloud Security Migrating from on-premises data security to the cloud and then embedding security in the application development process are common challenges for enterprises.

Cloud 239

Improving Healthcare Security Education

Data Breach Today

Wombat's Gretel Egan on How to Take a Fresh Approach to the Awareness Challenge As attackers increasingly take advantage of users' risky behavior, enterprise security leaders are taking steps to improve end-user security education.

Managing Security Stack Sprawl

Data Breach Today

See how stateless technology can protect you from inbound attacks and more efficiently block outbound threats. See how stateless technology can protect you from inbound attacks and more efficiently block outbound threats

Remote Desktop Protocol: Securing Access

Data Breach Today

But it poses risks if organizations don't actively monitor how it's used, says Chris Morales of the security firm Vectra Microsoft's Remote Desktop Protocol is one of the most widely used utilities for connecting to remote machines.

Access 149

Securing Smartphones from Eavesdropping

Data Breach Today

Mike Fong of Privoro Discusses Smartphone Encryption Smartphone security is paramount for certain scenarios, but software based encryption has been shown to be insufficient.

Google: Security Keys Neutralized Employee Phishing

Krebs on Security

Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity.

How the U.S. Govt. Shutdown Harms Security

Krebs on Security

As a nation, we are much less safe from a cyber security posture than we were a month ago.” “These are criminal investigations involving national security. “In the past week, the number of outdated Web security certificates held by U.S. The ongoing partial U.S.

Top Application Security Products

eSecurity Planet

Application security is a widespread problem. These security tools can help find and fix application vulnerabilities before hackers exploit them