NTT Security and WhiteHat Security Describe Deal

Data Breach Today

NTT's Khiro Mishra and WhiteHat's Craig Hinkley on Application Security NTT Security has signed a definitive agreement to acquire WhiteHat Security.

Digital Transformation: Security Best Practices

Data Breach Today

RSA's Holly Rollo on the Importance of Third-Party Risk Management Organizations going through a digital transformation need to make sure they develop a sound third-party risk management strategy, says RSA's Holly Rollo, who discusses best practices

Multilayered Security Gets Personal

Data Breach Today

First Data's Tim Horton on Why Encryption Is Not Enough to Secure PII When large-scale data breaches started to proliferate more than a decade ago, security leaders called for end-to-end data encryption.

Boosting Secure Coding Practices

Data Breach Today

Carlos Pero of Zurich Insurance on Gaining Buy-In Carlos Pero, who heads cyber application security at Zurich Insurance, discusses how to get developers to buy in to secure coding practices

Securing Connected Medical Devices

Data Breach Today

Safi Oranski of CyberMDX Says to Secure Them, First You Have to Find Them A major challenge in ensuring medical device security is tracking all of these devices, says Safi Oranski of CyberMDX, who offers a review of other critical issues

Security Flaw Exposed Valid Airline Boarding Passes

Data Breach Today

Lack of Secure Coding Called a National Security Threat

Data Breach Today

The lack of secure coding is a pervasive and serious threat to national security, according to a new paper from the Institute for Critical Infrastructure Technology. In an interview, Rob Roy, co-author of the report, outlines what steps should be taken to encourage or enforce secure coding practices

The Challenge of Secure Coding

Data Breach Today

Jeff Williams of Contrast Security on Why Application Security Is So Critical In today's highly connected, cloud-based environment, application security is more critical than ever, says Jeff Williams, co-founder and CTO of Contrast Security, who explains why

Cloud 173

Big Data Analytics' Role in Security

Data Breach Today

Splunk's Haiyan Song Shares Insights on Addressing Emerging Threats Big data analytics can help security professionals stay ahead of emerging challenges in a rapidly changing threat landscape, says Splunk's Haiyan Song

Biometric Security Vendor Exposes Fingerprints, Face Data

Data Breach Today

Researchers Find Open Database for Suprema's BioStar 2 A South Korean company that makes a biometric access control platform exposed fingerprint, facial recognition data and personal information after leaving an Elasticsearch database open, security researchers say.

Revisiting Election Security Threats

Data Breach Today

FBI's Elvis Chan on What's Being Done to Secure the 2020 Election Heading into the 2020 U.S. presidential election preseason, the FBI is squarely focused on defending against nation-state hacks or influence. Elvis Chan of the FBI talks about preparations for a cybersecure election

What the Marriott Breach Says About Security

Krebs on Security

Or a previously unknown security flaw gets exploited before it can be patched. They’re reshuffling the organizational chart so that people in charge of security report to the board, the CEO, and/or chief risk officer — anyone but the Chief Technology Officer.

How IoT Changes Security

Data Breach Today

Steve Rog of ForeScout Technologies on Improving Security Hygiene The growth of IoT means traditional methods of security are inadequate, says Steve Rog of ForeScout Technologies, who calls for improvements in security hygiene

IoT 208

Securing the Hyper-Connected Enterprise

Data Breach Today

Cequence Security's Larry Link on Defending the New Norm In today's hyper-connected enterprise, organizations are at risk of two different types of attack. Larry Link, CEO of Cequence Security, explains how to defend at a platform level - without adding friction

Security at the Speed of the Cloud

Data Breach Today

McKinsey CISO Dan Fitzgerald on DevSecOps and the Future of Cloud Security Migrating from on-premises data security to the cloud and then embedding security in the application development process are common challenges for enterprises.

Cloud 237

Election Security

Schneier on Security

Stanford University's Cyber Policy Center has published a long report on the security of US elections. Summary: it's not good. nationalsecuritypolicy reports securityengineering threatmodels voting

Android 7.0+ Phones Can Now Double as Google Security Keys

Krebs on Security

and higher can now be used as Security Keys , an additional authentication layer that helps thwart phishing sites and password theft. But Google said starting this week, any mobile phone running Android 7.0+ (Nougat) can serve the same function as a USB-based security key.

Phishing Scheme Uses Google Drive to Avoid Security: Report

Data Breach Today

Emails Disguised as Messages From CEO A newly identified phishing campaign used Google Drive to help bypass some email security features as attackers attempted to target a company in the energy industry, security firm Cofense reported this week

Payments and Security: Putting security where your money is

Thales eSecurity

This troubling reality, one of many findings in the 2019 Thales Global Data Threat Report , provides a stark look at the state of payments security – and leaves a lot of data vulnerable. The fact is, the internet wasn’t originally built with security in mind. Data security

Enhancing Security Governance

Data Breach Today

Longtime CISO Vito Sardanopoli on Building an Effective Security Program A formal security program that spells out precise governance components is critical to protecting sensitive data, says Vito Sardanopoli, who served on the U.S.

Reinventing Security Awareness Training

Data Breach Today

Want to improve how your organization delivers and absorbs security awareness training? Then it comes down to reinventing your approach, including gamification, says Barracuda's Michael Flouton

Securing Smartphones from Eavesdropping

Data Breach Today

Mike Fong of Privoro Discusses Smartphone Encryption Smartphone security is paramount for certain scenarios, but software based encryption has been shown to be insufficient.

Audit Finds More Security Vulnerabilities at IRS

Data Breach Today

GAO Makes More Security Recommendations; IRS Now Has 127 Issues to Resolve The Internal Revenue Services' internal financial reporting systems and IT infrastructure have 14 new security vulnerabilities, along with a long list of previously unresolved deficiencies, according to a U.S.

Enhancing Security by Red Teaming

Data Breach Today

James Stanger of CompTIA on Improving Security Controls James Stanger, chief technology evangelist at CompTIA, explains why red teaming can prove highly beneficial in improving organizational security controls

Securing Devices While Maintaining Functionality

Data Breach Today

Chris Hickman of Keyfactor on Managing Medical Device Life Cycles Chris Hickman of Keyfactor explains the challenges of securing and protecting medical devices and the data they collect while delivering the functionality that users demand

Managing Security Stack Sprawl

Data Breach Today

See how stateless technology can protect you from inbound attacks and more efficiently block outbound threats. See how stateless technology can protect you from inbound attacks and more efficiently block outbound threats

Improving Healthcare Security Education

Data Breach Today

Wombat's Gretel Egan on How to Take a Fresh Approach to the Awareness Challenge As attackers increasingly take advantage of users' risky behavior, enterprise security leaders are taking steps to improve end-user security education.

Securing the Software Supply Chain

Data Breach Today

Ilkka Turunen of Sonatype on Addressing Vulnerabilities What steps can be taken to eliminate vulnerabilities in the software supply chain? Ilkka Turunen of Sonatype offers practical insights

The Unsexy Threat to Election Security

Krebs on Security

Much has been written about the need to further secure our elections, from ensuring the integrity of voting machines to combating fake news. Public confidence is at stake, even if the vote itself is secure.”

Cloud Security: How the Dialogue Has Shifted

Data Breach Today

Palo Alto Network's Matt Chiodi on the Evolution of Public Cloud Security In just five years' time, the public cloud security conversation has changed dramatically, says Matt Chiodi of Palo Alto Networks. But security leaders still struggle with visibility and compliance

Cloud 227

Security's Role in Digital Transformation

Data Breach Today

GE Digital's Al Ghous on How CISOs Can Influence the Change Security has the opportunity - or challenge - to help drive digital transformation within the enterprise. Al Ghous of GE Digital describes how security leaders can maximize their influence and avoid potholes

DirectTrust Launches Effort for Secure Instant Messaging

Data Breach Today

New Initiative Focused on Developing IM Standard for Healthcare DirectTrust, - known for creating and maintaining the Direct protocol and trust framework for secure email in healthcare - has kicked off a new initiative to develop industry standards for secure real-time instant messaging.

2019 IoT Security Outlook

Data Breach Today

DigiCert just conducted a global study of how organizations across sectors are approaching IoT security. What are some of the best practices of the organizations that emphasize securing connected devices? Mike Nelson of DigiCert shares the findings

IoT 157

Security Affairs newsletter Round 227

Security Affairs

The best news of the week with Security Affairs. Boffins hacked Siemens Simatic S7, most secure controllers in the industry. Security Patch Day for August includes the most critical Note released by SAP in 2019. Mozilla addresses master password security bypass flaw in Firefox.

Congressional Report Rips Equifax for Weak Security

Data Breach Today

Re-Thinking Supply Chain Security

Data Breach Today

As a result, they are minimizing serious security vulnerabilities. When it comes to supply chain risk, many organizations overlook how dependent they are on those critical relationships, says Matt Kraning of Expanse. Kraning offers insights on re-thinking that dynamic

Risk 130

Healthcare Security: Tactics for Reducing Risk

Data Breach Today

IBM's Christopher Bontempo on Where to Focus for Quick Results Reducing risk is a tall order, but IBM's Christopher Bontempo says healthcare security leaders can get immediate and measurable results by concentrating on two aspects: data security and incident response

Risk 169

Put Those Cloud Security Objections to Rest

Data Breach Today

In the wake of digital transformation, there remain some organizations that - for security reasons - resist the temptation to move to the cloud. Zscaler's Bil Harmer addresses these, as well as the critical questions security leaders should ask of cloud service providers

Cloud 173

Essentials of Supply Chain Security

Data Breach Today

Matan Or-El, CEO of Panorays, discusses the weakest links of supply chain security and how to strengthen them with automated tools

From security at the perimeter to security at every interaction

Information Management Resources

One of the biggest factors in all the breaches and vulnerabilities is that application development methods have evolved very rapidly, very quickly, and not all enterprises’ security approaches have kept up. Data security Cyber security Cyber attacks