Expert insights. Personalized for you.
More Devices Affected by 'Ripple20' Vulnerabilities Federal regulators have issued another round of security alerts about vulnerabilities in medical device products from several manufacturers, including an update on those affected by so-called "Ripple-20" flaws earlier identified in the Treck TCP/IP stack. MORE
The NSA's Central Security Service -- that's the part that's supposed to work on defense -- has released two documents (a full and an abridged version) on securing virtual private networks. Maintaining a secure VPN tunnel can be complex and requires regular maintenance. MORE
“We must care as much about securing our systems as we care about running them if we are to make the necessary revolutionary change.” What kind of security failures created an environment that allegedly allowed a former CIA employee to exfiltrate so much sensitive data? MORE
News Reports Say Officials Investigating After Thousands Could Not Access Site Italian officials are investigating whether a disruption this week of access to the country's social security website was due to a hacking incident or a network overwhelmed by demand for benefits offered during the COVID-19 pandemic, according to news reports. MORE
Cequence Security's Larry Link on Defending the New Norm In today's hyper-connected enterprise, organizations are at risk of two different types of attack. Larry Link, CEO of Cequence Security, explains how to defend at a platform level - without adding friction MORE
The latest edition of the ISMG Security Report discusses securing RDP to prevent ransomware attacks. Also featured: A look at three likely scenarios for the COVID19 pandemic, and an analysis of why we're still using PINs for certain card payments MORE
Here's what enterprises need to keep in mind when selecting security technology for IoT MORE
Now, how do you secure it? David Wagner of Zix on Rising to the Challenges of Cloud Remote workers, connected devices, cloud services and infrastructure - these are the elements of the new workplace. That's the challenge discussed by David Wagner, CEO of Zix MORE
A good first step towards understand the security of this suddenly popular and very complex container orchestration system. Attack matrix for Kubernetes, using the MITRE ATT&CK framework. MORE
Because it's inevitable that some attackers will get around defenses, Kettering Health Network added an extra layer of endpoint security to help mitigate the risks posed by ransomware and other cyberthreats, says Michael Berry, director of information security. MORE
The lack of secure coding is a pervasive and serious threat to national security, according to a new paper from the Institute for Critical Infrastructure Technology. In an interview, Rob Roy, co-author of the report, outlines what steps should be taken to encourage or enforce secure coding practices MORE
Survey Sizes Up Increased Risks, New Duties for Security Staff The shift to working at home is opening the door to cybersecurity incidents. MORE
attorney general's office to provide better security and privacy controls for its video conferencing platform. Meanwhile, Video Conferencing Firm Acquires Start-Up Encryption Company Zoom has reached a settlement with the N.Y. MORE
Chronicle's Anton Chuvakin on How to Fill the Gaps for Analysts There are glaring holes in how enterprises currently tackle security analytics, and by redefining the approach, the analyst's role can be transformed. MORE
ENISA's Rossella Mattioli Reviews New Report Rossella Mattioli, a network and information security expert at ENISA, the European Union Agency for Cybersecurity, discusses a new report offering insights on detecting network security incidents MORE
The security risks inherent in Chinese-made 5G networking equipment are easy to understand. Since the internet, especially the "internet of things," is expected to rely heavily on 5G infrastructure, potential Chinese infiltration is a serious national security threat. MORE
Checkmarx's Matt Rose on the Nuances of DevSecOps Many CISOs today prefer the "DevOps" label, because adding "sec" to it suggests it's a whole different process, says Matt Rose of Checkmarx MORE
Security Experts Say US Is Better Prepared This Time Around The U.S. MORE
Check Point Research Claims Firm Sold CloudEyE Dropper Trojan An Italian cybersecurity company allegedly was a front for a criminal gang selling access to a dropper Trojan known as CloudEyE, according to analysts at the security firm Check Point Research MORE
But these providers need to carefully consider privacy and security issues as they work to quickly offer these services As Services Expand, What Factors Should Organizations Consider? MORE
First Data's Tim Horton on Why Encryption Is Not Enough to Secure PII When large-scale data breaches started to proliferate more than a decade ago, security leaders called for end-to-end data encryption. MORE
Carlos Pero of Zurich Insurance on Gaining Buy-In Carlos Pero, who heads cyber application security at Zurich Insurance, discusses how to get developers to buy in to secure coding practices MORE
Sites to Implement HTTP Strict Transport Security Protocol Federal agencies will add a layer of security to their websites that use the top-level domain.gov. MORE
How to Avoid Addressing Problems 'Too Far Downstream' Greg van der Gaast, head of information security at the University of Salford in the United Kingdom, has strong opinions on why some security investments aren't reaping maximum benefits. "We MORE
Oscar Chavez-Arietta of Sophos on Key Topics The cloud, artificial intelligence and security as a service - these are the three critical conversations that security leaders need to be having with their business counterparts, says Oscar Chavez-Arietta, vice president, Latin America, at Sophos MORE
This edition of the ISMG Security Report analyzes whether IoT devices will outlive their security updates. Also featured: Why security spending needs to shift further upstream; could banks be custodians of identity MORE
Or a previously unknown security flaw gets exploited before it can be patched. They’re reshuffling the organizational chart so that people in charge of security report to the board, the CEO, and/or chief risk officer — anyone but the Chief Technology Officer. MORE
A cloud computing security model needs to be customized to fit how the cloud provider serves its clients, says privacy attorney Adam Greene MORE
Congress, Others Examine Long-Term Telemedicine Issues If the lifting of telehealth restrictions during the COVID-19 pandemic becomes permanent through new legislation or changes in government policies, what would be the potential impact on patient data privacy and security MORE
Steve Rog of ForeScout Technologies on Improving Security Hygiene The growth of IoT means traditional methods of security are inadequate, says Steve Rog of ForeScout Technologies, who calls for improvements in security hygiene MORE
Maze Gang Claims Insurer Is a Victim, Emsisoft Reports Switzerland-based global insurance firm Chubb acknowledges that it's investigating a "security incident." Meanwhile, the Maze ransomware gang is claiming Chubb is its latest victim, according to researchers at the security firm Emsisoft MORE
Cofense: Fraudsters Use Trusted Web Services to Evade Security Protocols A fresh round of phishing attacks is relying on using trusted services and a well-designed social engineering scheme to trick users into enabling malware to bypass an end point's security protocols, says Aaron Higbee of the security firm Cofense. MORE
Forcepoint's Homayun Yaqub Previews New Virtual Roundtable Series What are some best practices for moving network security from the datacenter to the cloud? And what are the essentials of Secure Access Service Edge frameworks, and how can they be implemented? MORE
Food-Like Labeling for Connected Devices Developed by Carnegie Mellon University With internet connectivity getting added to an increasing number of products, privacy and security risks abound. MORE
Security Related Topics Data Breach Today
JULY 3, 2020
ENISA's Rossella Mattioli Reviews New Report Rossella Mattioli, a network and information security expert at ENISA, the European Union Agency for Cybersecurity, discusses a new report offering insights on detecting network security incidents
Data Breach Today
JULY 31, 2020
More Devices Affected by 'Ripple20' Vulnerabilities Federal regulators have issued another round of security alerts about vulnerabilities in medical device products from several manufacturers, including an update on those affected by so-called "Ripple-20" flaws earlier identified in the Treck TCP/IP stack.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Data Breach Today
JULY 22, 2020
Cofense: Fraudsters Use Trusted Web Services to Evade Security Protocols A fresh round of phishing attacks is relying on using trusted services and a well-designed social engineering scheme to trick users into enabling malware to bypass an end point's security protocols, says Aaron Higbee of the security firm Cofense.
Data Breach Today
MARCH 27, 2020
Maze Gang Claims Insurer Is a Victim, Emsisoft Reports Switzerland-based global insurance firm Chubb acknowledges that it's investigating a "security incident." Meanwhile, the Maze ransomware gang is claiming Chubb is its latest victim, according to researchers at the security firm Emsisoft
Data Breach Today
JUNE 26, 2020
This edition of the ISMG Security Report analyzes whether IoT devices will outlive their security updates. Also featured: Why security spending needs to shift further upstream; could banks be custodians of identity
Data Breach Today
MARCH 2, 2020
Chronicle's Anton Chuvakin on How to Fill the Gaps for Analysts There are glaring holes in how enterprises currently tackle security analytics, and by redefining the approach, the analyst's role can be transformed.
|
Krebs on Security
JUNE 17, 2020
“We must care as much about securing our systems as we care about running them if we are to make the necessary revolutionary change.” What kind of security failures created an environment that allegedly allowed a former CIA employee to exfiltrate so much sensitive data?
Data Breach Today
MARCH 27, 2019
NTT's Khiro Mishra and WhiteHat's Craig Hinkley on Application Security NTT Security has signed a definitive agreement to acquire WhiteHat Security.
Schneier on Security
APRIL 10, 2020
A good first step towards understand the security of this suddenly popular and very complex container orchestration system. Attack matrix for Kubernetes, using the MITRE ATT&CK framework.
Data Breach Today
MARCH 5, 2020
Now, how do you secure it? David Wagner of Zix on Rising to the Challenges of Cloud Remote workers, connected devices, cloud services and infrastructure - these are the elements of the new workplace. That's the challenge discussed by David Wagner, CEO of Zix
Data Breach Today
JUNE 10, 2020
Nimit Sawney, CEO of Voatz, describes the architecture of a secure mobile voting system Perceived wisdom is that mobile voting will be open to significant opportunities for interception, manipulation and nation-state interference.
|
|
Data Breach Today
MARCH 12, 2020
A cloud computing security model needs to be customized to fit how the cloud provider serves its clients, says privacy attorney Adam Greene
Data Breach Today
MAY 15, 2020
The latest edition of the ISMG Security Report discusses securing RDP to prevent ransomware attacks. Also featured: A look at three likely scenarios for the COVID19 pandemic, and an analysis of why we're still using PINs for certain card payments
Data Breach Today
MARCH 3, 2020
Cisco's Head of Advisory CISOs on How Best to Serve Users In an RSA 2020 conference keynote, Cisco's Wendy Nather spoke of "democratizing security" - thinking differently about the people we serve and secure.
Schneier on Security
JANUARY 14, 2020
The security risks inherent in Chinese-made 5G networking equipment are easy to understand. Since the internet, especially the "internet of things," is expected to rely heavily on 5G infrastructure, potential Chinese infiltration is a serious national security threat.
Data Breach Today
JUNE 24, 2020
How to Avoid Addressing Problems 'Too Far Downstream' Greg van der Gaast, head of information security at the University of Salford in the United Kingdom, has strong opinions on why some security investments aren't reaping maximum benefits. "We
Data Breach Today
SEPTEMBER 5, 2019
Oscar Chavez-Arietta of Sophos on Key Topics The cloud, artificial intelligence and security as a service - these are the three critical conversations that security leaders need to be having with their business counterparts, says Oscar Chavez-Arietta, vice president, Latin America, at Sophos
Schneier on Security
JULY 15, 2020
The NSA's Central Security Service -- that's the part that's supposed to work on defense -- has released two documents (a full and an abridged version) on securing virtual private networks. Maintaining a secure VPN tunnel can be complex and requires regular maintenance.
Data Breach Today
APRIL 3, 2020
News Reports Say Officials Investigating After Thousands Could Not Access Site Italian officials are investigating whether a disruption this week of access to the country's social security website was due to a hacking incident or a network overwhelmed by demand for benefits offered during the COVID-19 pandemic, according to news reports.
Data Breach Today
MAY 11, 2020
Forcepoint's Homayun Yaqub Previews New Virtual Roundtable Series What are some best practices for moving network security from the datacenter to the cloud? And what are the essentials of Secure Access Service Edge frameworks, and how can they be implemented?
Data Breach Today
MAY 24, 2019
First Data's Tim Horton on Why Encryption Is Not Enough to Secure PII When large-scale data breaches started to proliferate more than a decade ago, security leaders called for end-to-end data encryption.
Data Breach Today
APRIL 1, 2020
CyberDome election security effort, shares an update With the U.S. presidential election now seven months away, how have threats to the campaigns evolved, and what impact might be seen from COVID-19? Brigadier General (retired) Francis X. Taylor, a leader of the U.S.
Data Breach Today
JUNE 22, 2020
Congress, Others Examine Long-Term Telemedicine Issues If the lifting of telehealth restrictions during the COVID-19 pandemic becomes permanent through new legislation or changes in government policies, what would be the potential impact on patient data privacy and security
Data Breach Today
JUNE 11, 2019
Carlos Pero of Zurich Insurance on Gaining Buy-In Carlos Pero, who heads cyber application security at Zurich Insurance, discusses how to get developers to buy in to secure coding practices
Data Breach Today
MARCH 16, 2020
Checkmarx's Matt Rose on the Nuances of DevSecOps Many CISOs today prefer the "DevOps" label, because adding "sec" to it suggests it's a whole different process, says Matt Rose of Checkmarx
Data Breach Today
MARCH 13, 2020
But these providers need to carefully consider privacy and security issues as they work to quickly offer these services As Services Expand, What Factors Should Organizations Consider?
Data Breach Today
JUNE 3, 2020
Here's what enterprises need to keep in mind when selecting security technology for IoT
Data Breach Today
APRIL 28, 2020
Because it's inevitable that some attackers will get around defenses, Kettering Health Network added an extra layer of endpoint security to help mitigate the risks posed by ransomware and other cyberthreats, says Michael Berry, director of information security.
Data Breach Today
JULY 11, 2018
Steve Rog of ForeScout Technologies on Improving Security Hygiene The growth of IoT means traditional methods of security are inadequate, says Steve Rog of ForeScout Technologies, who calls for improvements in security hygiene
Data Breach Today
MAY 8, 2020
attorney general's office to provide better security and privacy controls for its video conferencing platform. Meanwhile, Video Conferencing Firm Acquires Start-Up Encryption Company Zoom has reached a settlement with the N.Y.
Data Breach Today
MARCH 11, 2020
Security Experts Say US Is Better Prepared This Time Around The U.S.
Krebs on Security
DECEMBER 1, 2018
Or a previously unknown security flaw gets exploited before it can be patched. They’re reshuffling the organizational chart so that people in charge of security report to the board, the CEO, and/or chief risk officer — anyone but the Chief Technology Officer.
Data Breach Today
MAY 20, 2019
The lack of secure coding is a pervasive and serious threat to national security, according to a new paper from the Institute for Critical Infrastructure Technology. In an interview, Rob Roy, co-author of the report, outlines what steps should be taken to encourage or enforce secure coding practices
Data Breach Today
MAY 1, 2020
Survey Sizes Up Increased Risks, New Duties for Security Staff The shift to working at home is opening the door to cybersecurity incidents.
Data Breach Today
MARCH 20, 2019
Cequence Security's Larry Link on Defending the New Norm In today's hyper-connected enterprise, organizations are at risk of two different types of attack. Larry Link, CEO of Cequence Security, explains how to defend at a platform level - without adding friction
Data Breach Today
JUNE 23, 2020
Sites to Implement HTTP Strict Transport Security Protocol Federal agencies will add a layer of security to their websites that use the top-level domain.gov.
Data Breach Today
JULY 8, 2019
Safi Oranski of CyberMDX Says to Secure Them, First You Have to Find Them A major challenge in ensuring medical device security is tracking all of these devices, says Safi Oranski of CyberMDX, who offers a review of other critical issues
Data Breach Today
JUNE 9, 2020
Food-Like Labeling for Connected Devices Developed by Carnegie Mellon University With internet connectivity getting added to an increasing number of products, privacy and security risks abound.
248 
Let's personalize your content