Detecting Network Security Incidents

Data Breach Today

ENISA's Rossella Mattioli Reviews New Report Rossella Mattioli, a network and information security expert at ENISA, the European Union Agency for Cybersecurity, discusses a new report offering insights on detecting network security incidents

Medical Device Security Alerts: The Latest Updates

Data Breach Today

More Devices Affected by 'Ripple20' Vulnerabilities Federal regulators have issued another round of security alerts about vulnerabilities in medical device products from several manufacturers, including an update on those affected by so-called "Ripple-20" flaws earlier identified in the Treck TCP/IP stack.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Phishing Attacks Dodge Email Security

Data Breach Today

Cofense: Fraudsters Use Trusted Web Services to Evade Security Protocols A fresh round of phishing attacks is relying on using trusted services and a well-designed social engineering scheme to trick users into enabling malware to bypass an end point's security protocols, says Aaron Higbee of the security firm Cofense.

Insurer Chubb Investigating 'Security Incident'

Data Breach Today

Maze Gang Claims Insurer Is a Victim, Emsisoft Reports Switzerland-based global insurance firm Chubb acknowledges that it's investigating a "security incident." Meanwhile, the Maze ransomware gang is claiming Chubb is its latest victim, according to researchers at the security firm Emsisoft

Analysis: Keeping IoT Devices Secure

Data Breach Today

This edition of the ISMG Security Report analyzes whether IoT devices will outlive their security updates. Also featured: Why security spending needs to shift further upstream; could banks be custodians of identity

IoT 178

Redefining Security Analytics

Data Breach Today

Chronicle's Anton Chuvakin on How to Fill the Gaps for Analysts There are glaring holes in how enterprises currently tackle security analytics, and by redefining the approach, the analyst's role can be transformed.

When Security Takes a Backseat to Productivity

Krebs on Security

“We must care as much about securing our systems as we care about running them if we are to make the necessary revolutionary change.” What kind of security failures created an environment that allegedly allowed a former CIA employee to exfiltrate so much sensitive data?

NTT Security and WhiteHat Security Describe Deal

Data Breach Today

NTT's Khiro Mishra and WhiteHat's Craig Hinkley on Application Security NTT Security has signed a definitive agreement to acquire WhiteHat Security.

Kubernetes Security

Schneier on Security

A good first step towards understand the security of this suddenly popular and very complex container orchestration system. Attack matrix for Kubernetes, using the MITRE ATT&CK framework.

Securing the Modern Workplace

Data Breach Today

Now, how do you secure it? David Wagner of Zix on Rising to the Challenges of Cloud Remote workers, connected devices, cloud services and infrastructure - these are the elements of the new workplace. That's the challenge discussed by David Wagner, CEO of Zix

Cloud 178

Can Mobile Voting Be Secure?

Data Breach Today

Nimit Sawney, CEO of Voatz, describes the architecture of a secure mobile voting system Perceived wisdom is that mobile voting will be open to significant opportunities for interception, manipulation and nation-state interference.

Sharing Cloud Security Responsibilities

Data Breach Today

A cloud computing security model needs to be customized to fit how the cloud provider serves its clients, says privacy attorney Adam Greene

Cloud 160

No 'Invisible God': Fxmsp's Operational Security Failures

Data Breach Today

Analysis: Securing RDP to Prevent Ransomware Attacks

Data Breach Today

The latest edition of the ISMG Security Report discusses securing RDP to prevent ransomware attacks. Also featured: A look at three likely scenarios for the COVID19 pandemic, and an analysis of why we're still using PINs for certain card payments

Wendy Nather on Democratizing Security

Data Breach Today

Cisco's Head of Advisory CISOs on How Best to Serve Users In an RSA 2020 conference keynote, Cisco's Wendy Nather spoke of "democratizing security" - thinking differently about the people we serve and secure.

5G Security

Schneier on Security

The security risks inherent in Chinese-made 5G networking equipment are easy to understand. Since the internet, especially the "internet of things," is expected to rely heavily on 5G infrastructure, potential Chinese infiltration is a serious national security threat.

Getting the Most From Information Security Investments

Data Breach Today

How to Avoid Addressing Problems 'Too Far Downstream' Greg van der Gaast, head of information security at the University of Salford in the United Kingdom, has strong opinions on why some security investments aren't reaping maximum benefits. "We

3 Critical Security Conversations

Data Breach Today

Oscar Chavez-Arietta of Sophos on Key Topics The cloud, artificial intelligence and security as a service - these are the three critical conversations that security leaders need to be having with their business counterparts, says Oscar Chavez-Arietta, vice president, Latin America, at Sophos

NSA on Securing VPNs

Schneier on Security

The NSA's Central Security Service -- that's the part that's supposed to work on defense -- has released two documents (a full and an abridged version) on securing virtual private networks. Maintaining a secure VPN tunnel can be complex and requires regular maintenance.

Italian Social Security Website Disrupted

Data Breach Today

News Reports Say Officials Investigating After Thousands Could Not Access Site Italian officials are investigating whether a disruption this week of access to the country's social security website was due to a hacking incident or a network overwhelmed by demand for benefits offered during the COVID-19 pandemic, according to news reports.

The Future of Cloud Security

Data Breach Today

Forcepoint's Homayun Yaqub Previews New Virtual Roundtable Series What are some best practices for moving network security from the datacenter to the cloud? And what are the essentials of Secure Access Service Edge frameworks, and how can they be implemented?

Cloud 168

Multilayered Security Gets Personal

Data Breach Today

First Data's Tim Horton on Why Encryption Is Not Enough to Secure PII When large-scale data breaches started to proliferate more than a decade ago, security leaders called for end-to-end data encryption.

Election Campaign Security Revisited

Data Breach Today

CyberDome election security effort, shares an update With the U.S. presidential election now seven months away, how have threats to the campaigns evolved, and what impact might be seen from COVID-19? Brigadier General (retired) Francis X. Taylor, a leader of the U.S.

Telehealth After COVID-19: Privacy, Security Considerations

Data Breach Today

Congress, Others Examine Long-Term Telemedicine Issues If the lifting of telehealth restrictions during the COVID-19 pandemic becomes permanent through new legislation or changes in government policies, what would be the potential impact on patient data privacy and security

Boosting Secure Coding Practices

Data Breach Today

Carlos Pero of Zurich Insurance on Gaining Buy-In Carlos Pero, who heads cyber application security at Zurich Insurance, discusses how to get developers to buy in to secure coding practices

Baking Security Into DevOps

Data Breach Today

Checkmarx's Matt Rose on the Nuances of DevSecOps Many CISOs today prefer the "DevOps" label, because adding "sec" to it suggests it's a whole different process, says Matt Rose of Checkmarx

Telehealth and Coronavirus: Privacy, Security Concerns

Data Breach Today

But these providers need to carefully consider privacy and security issues as they work to quickly offer these services As Services Expand, What Factors Should Organizations Consider?

Survey: Security Concerns Slow Down IoT Deployments

Data Breach Today

Here's what enterprises need to keep in mind when selecting security technology for IoT

IoT 205

Case Study: Enhancing Endpoint Security

Data Breach Today

Because it's inevitable that some attackers will get around defenses, Kettering Health Network added an extra layer of endpoint security to help mitigate the risks posed by ransomware and other cyberthreats, says Michael Berry, director of information security.

Telehealth App Breach Spotlights Privacy, Security Risks

Data Breach Today

Risk 196

How IoT Changes Security

Data Breach Today

Steve Rog of ForeScout Technologies on Improving Security Hygiene The growth of IoT means traditional methods of security are inadequate, says Steve Rog of ForeScout Technologies, who calls for improvements in security hygiene

IoT 208

Zoom's NY Settlement Spells Out Security Moves

Data Breach Today

attorney general's office to provide better security and privacy controls for its video conferencing platform. Meanwhile, Video Conferencing Firm Acquires Start-Up Encryption Company Zoom has reached a settlement with the N.Y.

2020 Election Security: Sizing Up Preparedness

Data Breach Today

Security Experts Say US Is Better Prepared This Time Around The U.S.

What the Marriott Breach Says About Security

Krebs on Security

Or a previously unknown security flaw gets exploited before it can be patched. They’re reshuffling the organizational chart so that people in charge of security report to the board, the CEO, and/or chief risk officer — anyone but the Chief Technology Officer.

Lack of Secure Coding Called a National Security Threat

Data Breach Today

The lack of secure coding is a pervasive and serious threat to national security, according to a new paper from the Institute for Critical Infrastructure Technology. In an interview, Rob Roy, co-author of the report, outlines what steps should be taken to encourage or enforce secure coding practices

Paper 213

Work-at-Home: The Impact on Security

Data Breach Today

Survey Sizes Up Increased Risks, New Duties for Security Staff The shift to working at home is opening the door to cybersecurity incidents.

Securing the Hyper-Connected Enterprise

Data Breach Today

Cequence Security's Larry Link on Defending the New Norm In today's hyper-connected enterprise, organizations are at risk of two different types of attack. Larry Link, CEO of Cequence Security, explains how to defend at a platform level - without adding friction

Enhancing the Security of Government Websites

Data Breach Today

Sites to Implement HTTP Strict Transport Security Protocol Federal agencies will add a layer of security to their websites that use the top-level domain.gov.

Securing Connected Medical Devices

Data Breach Today

Safi Oranski of CyberMDX Says to Secure Them, First You Have to Find Them A major challenge in ensuring medical device security is tracking all of these devices, says Safi Oranski of CyberMDX, who offers a review of other critical issues

IoT Privacy and Security: Will Product Labels Help Buyers?

Data Breach Today

Food-Like Labeling for Connected Devices Developed by Carnegie Mellon University With internet connectivity getting added to an increasing number of products, privacy and security risks abound.

IoT 248