What the Marriott Breach Says About Security

Krebs on Security

Or a previously unknown security flaw gets exploited before it can be patched. They’re reshuffling the organizational chart so that people in charge of security report to the board, the CEO, and/or chief risk officer — anyone but the Chief Technology Officer.

Enhancing Security Governance

Data Breach Today

Longtime CISO Vito Sardanopoli on Building an Effective Security Program A formal security program that spells out precise governance components is critical to protecting sensitive data, says Vito Sardanopoli, who served on the U.S.

Applying Secure Multiparty Computation Technology

Data Breach Today

Israel-based Yehuda Lindell, a cryptography professor, describes how to use secure multiparty computation technology to protect cryptographic keys and describes other potential security applications

Improving Healthcare Security Education

Data Breach Today

Wombat's Gretel Egan on How to Take a Fresh Approach to the Awareness Challenge As attackers increasingly take advantage of users' risky behavior, enterprise security leaders are taking steps to improve end-user security education.

How to Shop Online Like a Security Pro

Krebs on Security

Here are some other safety and security tips to keep in mind when shopping online: -WHEN IN DOUBT, CHECK ‘EM OUT: If you don’t know much about the online merchant that has the item you wish to buy, take a few minutes to investigate its reputation.

How To 278

How IoT Changes Security

Data Breach Today

Steve Rog of ForeScout Technologies on Improving Security Hygiene The growth of IoT means traditional methods of security are inadequate, says Steve Rog of ForeScout Technologies, who calls for improvements in security hygiene

IoT 208

3 Top Security Challenges in Healthcare

Data Breach Today

Chris Bowen of ClearDATA on Improving 'Change Management' Understanding where data is stored so it can be protected, overcoming security misconfiguration and improving vendor management diligence are three top challenges for healthcare organizations, says Chris Bowen of ClearDATA

Google: Security Keys Neutralized Employee Phishing

Krebs on Security

Google has not had any of its 85,000+ employees successfully phished on their work-related accounts since early 2017, when it began requiring all employees to use physical Security Keys in place of passwords and one-time codes, the company told KrebsOnSecurity.

Bad Consumer Security Advice

Schneier on Security

There are lots of articles about there telling people how to better secure their computers and online accounts. If you or someone you know is 18 or older, you need to create a Social Security online account. But why limit it to the Social Security Administration?

Securing the News

Data Breach Today

s Deputy CISO on the Challenge of Ensuring Content Security In this era of "fake news," Time Inc. Time Inc.'s Deputy CISO Preeti Palanisamy takes seriously the challenge of maintaining the integrity of journalism from content creation through production and eventual publication

Security Vulnerabilities in Star Wars

Data Breach Today

A fun video describing some of the many Empire security vulnerabilities in the first Star Wars movie. Happy New Year, everyone. humor securityawareness video vulnerabilities

Application Security: What Causes Inertia?

Data Breach Today

Joseph Feiman of WhiteHat Security on the Need for Cultural Change Application security is not improving because about 60 percent of vulnerabilities never get fixed, says Joseph Feiman of WhiteHat Security

Medical Devices: The Long Road to Security

Data Breach Today

Fortinet's Sonia Arista Brings CISO's Perspective to Security Solutions As a former healthcare CISO, Fortinet's Sonia Arista has a unique perspective on how cybersecurity vendors can best assist in the ongoing challenge of securing critical medical devices

Securing Multicloud Environments

Data Breach Today

Cisco's Harry Dogan Outlines the Challenges in Managing Security The growing use of multiple cloud services in enterprises is creating new security challenges, says Cisco's Harry Dogan, who shares common mistakes and fixes

Security Risks of Chatbots

Schneier on Security

Good essay on the security risks -- to democratic discourse -- of chatbots. lies nationalsecuritypolicy propaganda risks

Risk 74

Supply Chain Security 101: An Expert’s View

Krebs on Security

alongside Tony Sager , senior vice president and chief evangelist at the Center for Internet Security and a former bug hunter at the U.S. National Security Agency. Tony Sager, senior vice president and chief evangelist at the Center for Internet Security.

Cloud Security: Beyond CASB

Data Breach Today

Oracle's Amit Zavery on Taking a Comprehensive Approach Cloud access security brokers are not a panacea for all cloud security problems, says Oracle's Amit Zavery, who advocates an end-to-end approach

Cloud 130

The Need for Security Collaboration

Data Breach Today

Saba Shariff of Symcor discusses techniques for greater collaboration on security Saba Shariff of Symcor on Improving Anti-Fraud Efforts Today's cybercriminals don't operate in silos, so why do companies?

Structures, Engineering and Security

Adam Shostack

But our troubles in describing the forces at work in security, or the nature or measure of the defenses that we seek to employ, are fundamental. books Security Software EngineeringGordon’s Structures, or Why Things Don’t Fall Down is a fascinating and accessible book.

IoT Security: Essential Steps for Security by Design

Data Breach Today

Manufacturers need to change their approach to securing internet of things devices, says Aloysius Cheang, executive vice president for Asia Pacific at the Center for Strategic Cyberspace + Security Science, a U.K.-based based think tank, who describes what needs to be done

IoT 110

The Need to Look Beyond Endpoint Security

Data Breach Today

Kaspersky's Bhayani on Evolving to Predictive Analytics and Response With endpoint security, the fundamental concept was always to detect and prevent.

Securing Software Automation, Orchestration

Data Breach Today

Seeking better operational efficiency and ROI, many enterprises have begun significant software automation and orchestration efforts without accounting for the inherent security risks they may bring, says Jeffery Kok of CyberArk

Security Woes at Arizona Medicaid MCOs: Tip of the Iceberg?

Data Breach Today

Report: Medicaid Data and Systems Could Also Be at Risk at Other Medicaid MCOs A security review of two Medicaid managed care organizations in Arizona revealed several significant access control and configuration vulnerabilities, raising concerns about whether other MCOs face similar challenges

Tips 173

Allure Security: Protecting Data

Data Breach Today

CEO Mark Jaffe on How to Protect What the Adversaries Really Want Mark Jaffe is less concerned about how adversaries breach networks, but more concerned about how to secure their actual target - critical data. His startup company, Allure Security, intends to help secure that data

HHS Updates Security Risk Assessment Tool

Data Breach Today

The Department of Health and Human Services has updated its HIPAA security risk assessment tool to better assist small and mid-sized healthcare entities and their vendors in performing a comprehensive risk analysis.

Tools 173

Australian Cryptocurrency Theft Highlights Security Mistakes

Data Breach Today

The case highlights how basic security messaging on protecting cryptocurrency isn't getting through

New IoT Security Regulations

Schneier on Security

This is the Internet of Things, and it's a security nightmare. By developing more advanced security features and building them into these products, hacks can be avoided. Consumers will buy products without proper security features, unaware that their information is vulnerable.

IoT 87

Election Security: Building Public Confidence

Data Breach Today

Suzanne Spaulding, former undersecretary for the Department of Homeland Security, says a key way to ensure public confidence in the security of U.S. elections is to rely on paper ballots for voting or as backups for electronic balloting

Paper 117

When Security Researchers Pose as Cybercrooks, Who Can Tell the Difference?

Krebs on Security

But when these screw-ups are unearthed by security professionals seeking to make a name for themselves, the resulting publicity often can leave the breached organization wishing they’d instead been quietly extorted by anonymous crooks.

Compliance concerns shouldn't drive data security strategies

Information Management Resources

Compliance concerns certainly have their place in today’s enterprise, however, they should not be viewed as interchangeable with security best practices. Data security Cyber security Data management

Sizing Up Today's Security Gaps

Data Breach Today

Jeff Michael of Lastline Discusses the Current Threat Landscape In many organizations, overworked security analysts are trailing the bad guys in technology and knowledge, and this gap leads to increased risk, says Jeff Michael of Lastline

Risk 130

Facebook Security Bug Affects 90M Users

Krebs on Security

Facebook said today some 90 million of its users may get forcibly logged out of their accounts after the company fixed a rather glaring security vulnerability in its Web site that may have let attackers hijack user profiles. In a short blog post published this afternoon, Facebook said hackers have been exploiting a vulnerability in Facebook’s site code that impacted a feature called “View As,” which lets users see how their profile appears to other people.

Toyota presented PASTA (Portable Automotive Security Testbed) Car-Hacking Tool

Security Affairs

Takuya Yoshida from Toyota’s InfoTechnology Center and his colleague Tsuyoshi Toyama are members of a Toyota team that developed the new tool, called PASTA (Portable Automotive Security Testbed).

Digital Security: Preventing Unauthorized Access to Company Data


Organizations must recognize and mitigate the threats that affect their digital security most. New and evolving threats eradicate data, distract security teams so hackers can commandeer the enterprise, and use artificial intelligence (AI) to outsmart smart security technologies. Then, choose any additional security measures that are necessary for the remaining risks and data. Organizations can align appropriate security measures with specific threats.

Securing Elections

Schneier on Security

They're computers -- often ancient computers running operating systems no longer supported by the manufacturers -- and they don't have any magical security technology that the rest of the industry isn't privy to. We can securely bank online, but can't securely vote online.

Kubernetes Alert: Security Flaw Could Enable Remote Hacking

Data Breach Today

Patch Container-Orchestration System Now or Risk Serious Consequences A severe vulnerability in Kubernetes, the popular, open-source software for managing Linux applications deployed within containers, could allow an attacker to remotely steal data or crash production applications. Microsoft and Red Hat have issued guidance and patches, and recommend immediate updating

Risk 186

Verifying Vendors' Security Programs

Data Breach Today

Organizations need to carefully assess - and then verify - the data security controls their existing - and prospective - vendors have implemented, says privacy and security expert Rebecca Herold, who offers a range of vendor management tips in an in-depth interview

Tips 111

How Website Security Must Evolve

Data Breach Today

Carlos Pero of Zurich Insurance on Protecting the 'Castle' As a result of cloud computing and the internet of things, the approaches to security for websites must change, says Carlos Pero of Zurich Insurance

Take Your Security With You From On-Premises to the AWS Cloud

Data Breach Today

Find out all the benefits of using one security solution across your on-premises data center and AWS cloud workloads.

Cloud 164

MITRE evaluates Enterprise security products using the ATT&CK Framework

Security Affairs

The MITRE Corporation’s ATT&CK framework has been used to evaluate the efficiency of several enterprise security products designed by several vendors. The post MITRE evaluates Enterprise security products using the ATT&CK Framework appeared first on Security Affairs.

What is a cyber security incident?

IT Governance

You often hear the term ‘cyber security incident’ when an organisation’s systems are compromised rather than ‘breach’ or ‘hack’. This is also the case for the term ‘cyber security incident’. Find out more >> The post What is a cyber security incident?

Securing Borderless Networks

Data Breach Today

In an age when every organization is essentially borderless, how do security leaders approach securing the borderless network? Paul Martini of iboss Cybersecurity offers insights and solutions

Hanging Up on Mobile in the Name of Security

Krebs on Security

At the time, AT&T suggested Terpin take advantage of the company’s “extra security” feature — a customer-specified six-digit PIN which is required before any account changes can be made. In this view of security, customer service becomes a customer disservice.