3 Critical Security Conversations

Data Breach Today

Oscar Chavez-Arietta of Sophos on Key Topics The cloud, artificial intelligence and security as a service - these are the three critical conversations that security leaders need to be having with their business counterparts, says Oscar Chavez-Arietta, vice president, Latin America, at Sophos

Update: Internet Security Threat Report

Data Breach Today

Kevin Haley of Symantec Shares Key Findings Kevin Haley of Symantec shares key findings from the company's latest Internet Security Threat Report

NTT Security and WhiteHat Security Describe Deal

Data Breach Today

NTT's Khiro Mishra and WhiteHat's Craig Hinkley on Application Security NTT Security has signed a definitive agreement to acquire WhiteHat Security.

Own Your Cloud Security

Thales eSecurity

Secure. theme will help to encourage personal accountability and proactive behavior in digital privacy, security best practices, common cyber threats and cybersecurity careers. Specifically, AWS is responsible for the “security of the cloud”. Data security

Cloud 107

Multilayered Security Gets Personal

Data Breach Today

First Data's Tim Horton on Why Encryption Is Not Enough to Secure PII When large-scale data breaches started to proliferate more than a decade ago, security leaders called for end-to-end data encryption.

Boosting Secure Coding Practices

Data Breach Today

Carlos Pero of Zurich Insurance on Gaining Buy-In Carlos Pero, who heads cyber application security at Zurich Insurance, discusses how to get developers to buy in to secure coding practices

NIST Issues Draft Guidance for Securing PACS

Data Breach Today

Tips on Keeping Picture Archiving and Communications Systems Secure New draft guidance from the National Institute of Standards and Technology aims to help healthcare organizations improve the security of picture archiving and communications systems, or PACS

EMV 3D Secure: Upcoming Milestones

Data Breach Today

Fiserv's Jackie Hersch on Compliance, Improving Fraud Defenses The EMV 3D Secure specification faces some milestone dates in Europe and the U.S. What are these milestones, and how does the standard fit into fundamental fraud defenses? Jackie Hersch of Fiserv shares insight

Strategies for Securing Digital Transformation

Data Breach Today

PJ Maloney and William 'Buck' Houston on Steps to Bolster Cyber Defense Digital transformation is the buzz across all sectors, but it poses significant security risks to enterprises.

The State of API Security

Data Breach Today

Jacques Declas of 42Crunch on the Need for Frequent Security Updates The lifecycle of security needs to match the lifecycle of APIs, which get replaced very frequently, says Jacques Declas of 42Crunch

Lack of Secure Coding Called a National Security Threat

Data Breach Today

The lack of secure coding is a pervasive and serious threat to national security, according to a new paper from the Institute for Critical Infrastructure Technology. In an interview, Rob Roy, co-author of the report, outlines what steps should be taken to encourage or enforce secure coding practices

Best Practices for Device Security

Data Breach Today

Steve Hyman of Ordr on the Importance of Network Visibility As healthcare providers connect more and more devices to their networks, ensuring data security becomes far more complex, says Steve Hyman of Ordr, who describes best practices

Remote Desktop Protocol: Securing Access

Data Breach Today

But it poses risks if organizations don't actively monitor how it's used, says Chris Morales of the security firm Vectra Microsoft's Remote Desktop Protocol is one of the most widely used utilities for connecting to remote machines.

Access 149

Security Flaw Exposed Valid Airline Boarding Passes

Data Breach Today

Digital Transformation: Security Best Practices

Data Breach Today

RSA's Holly Rollo on the Importance of Third-Party Risk Management Organizations going through a digital transformation need to make sure they develop a sound third-party risk management strategy, says RSA's Holly Rollo, who discusses best practices

The Challenge of Secure Coding

Data Breach Today

Jeff Williams of Contrast Security on Why Application Security Is So Critical In today's highly connected, cloud-based environment, application security is more critical than ever, says Jeff Williams, co-founder and CTO of Contrast Security, who explains why

Cloud 176

Election Security

Schneier on Security

Stanford University's Cyber Policy Center has published a long report on the security of US elections. Summary: it's not good. nationalsecuritypolicy reports securityengineering threatmodels voting

The MacOS Catalina Privacy and Security Features You Should Know

WIRED Threat Level

Security Security / Security AdviceThe latest macOS update is chock-full of ways to better safeguard your data.

How IoT Changes Security

Data Breach Today

Steve Rog of ForeScout Technologies on Improving Security Hygiene The growth of IoT means traditional methods of security are inadequate, says Steve Rog of ForeScout Technologies, who calls for improvements in security hygiene

IoT 208

What the Marriott Breach Says About Security

Krebs on Security

Or a previously unknown security flaw gets exploited before it can be patched. They’re reshuffling the organizational chart so that people in charge of security report to the board, the CEO, and/or chief risk officer — anyone but the Chief Technology Officer.

Hackers Hit Unpatched Pulse Secure and Fortinet SSL VPNs

Data Breach Today

Vendors Issued Security Updates to Fix Severe Flaws Several Months Ago Patch or perish redux: Hackers are unleashing automated attacks to find and exploit known flaws in SSL VPNs manufactured by Fortinet and Pulse Secure to steal passwords.

Revisiting Election Security Threats

Data Breach Today

FBI's Elvis Chan on What's Being Done to Secure the 2020 Election Heading into the 2020 U.S. presidential election preseason, the FBI is squarely focused on defending against nation-state hacks or influence. Elvis Chan of the FBI talks about preparations for a cybersecure election

Security Affairs newsletter Round 235

Security Affairs

The best news of the week with Security Affairs. US will help Baltic states to secure baltic energy grid. Twitter inadvertently used Phone Numbers collected for security for Ads. SAP October 2019 Security Patch Day fixes 2 critical flaws.

Android 7.0+ Phones Can Now Double as Google Security Keys

Krebs on Security

and higher can now be used as Security Keys , an additional authentication layer that helps thwart phishing sites and password theft. But Google said starting this week, any mobile phone running Android 7.0+ (Nougat) can serve the same function as a USB-based security key.

Securing the Hyper-Connected Enterprise

Data Breach Today

Cequence Security's Larry Link on Defending the New Norm In today's hyper-connected enterprise, organizations are at risk of two different types of attack. Larry Link, CEO of Cequence Security, explains how to defend at a platform level - without adding friction

Security Affairs newsletter Round 234

Security Affairs

The best news of the week with Security Affairs. Zendesk 2016 security breach may impact Uber, Slack, and other organizations. The post Security Affairs newsletter Round 234 appeared first on Security Affairs. A new round of the weekly newsletter arrived!

Facebook Sweetens Deal for Hackers to Catch Security Bugs

WIRED Threat Level

Security Security / Security NewsThe company is turbocharging its bug bounty to try to stop the next data leak before it happens.

Security at the Speed of the Cloud

Data Breach Today

McKinsey CISO Dan Fitzgerald on DevSecOps and the Future of Cloud Security Migrating from on-premises data security to the cloud and then embedding security in the application development process are common challenges for enterprises.

Cloud 239

A Sense of Security: Information Overload Leads to Security Oversights

InfoGoTo

What does this excess work mean within the context of information security? Distraction, which often correlates with a lack of priorities and/or discipline, is at the root of many security challenges , and it’s why the Wall Street Journal findings are so telling.

Enhancing Security Governance

Data Breach Today

Longtime CISO Vito Sardanopoli on Building an Effective Security Program A formal security program that spells out precise governance components is critical to protecting sensitive data, says Vito Sardanopoli, who served on the U.S.

Election Security Program Aims to Mitigate Ransomware Risks

Data Breach Today

Department of Homeland Security to Help With Database Protections Within a month, the U.S. Department of Homeland Security hopes to launch a program to help states protect voter registration databases and systems in advance of the 2020 presidential election.

Improving Enterprise Security Team Effectiveness

Data Breach Today

The iOS 13 Privacy and Security Features You Should Know

WIRED Threat Level

Your iPhone just got a major security upgrade. Security Security / Security AdviceHere are all the ins and outs.

Improving Healthcare Security Education

Data Breach Today

Wombat's Gretel Egan on How to Take a Fresh Approach to the Awareness Challenge As attackers increasingly take advantage of users' risky behavior, enterprise security leaders are taking steps to improve end-user security education.

Managing IoT Risks: Reinventing Security

Data Breach Today

Security needs to be reinvented for the internet of things, and start-up companies can play a critical role, says Robin Saxby, the former CEO and founder of Arm Holdings, a U.K.-based based semiconductor company, who now invests in start-up firms

IoT 155

Security Affairs newsletter Round 233

Security Affairs

The best news of the week with Security Affairs. The post Security Affairs newsletter Round 233 appeared first on Security Affairs. A new round of the weekly newsletter arrived!

Securing Smartphones from Eavesdropping

Data Breach Today

Mike Fong of Privoro Discusses Smartphone Encryption Smartphone security is paramount for certain scenarios, but software based encryption has been shown to be insufficient.