With the rapid changes in the threat landscape and the risks introduced by DevOps, the cloud and other new elements, organizations need to have a continuous vulnerability assessment program as a security baseline, says Richard Bussiere of Tenable Network Security.
A look at experts promoting blockchain as a secure way to share cyberthreat information leads the latest edition of the ISMG Security Report. Also, how sound waves pose a threat to IoT devices, smartphones and medical devices.
Cloud services firm Coupa is one of the latest business email compromise victims, after a fraudster pretending to be its CEO faked out the HR department and stole all of its 2016 employees' W-2 forms. Security experts say rigorous training remains the only viable defense.
New Mexico lawmakers have overwhelmingly approved the Data Breach Notification Act. If signed, as expected, by Gov. Susana Martinez, Alabama and South Dakota would be the only states without such a statute.
Some medical devices, smartphones and internet of things gadgets contain certain types of sensors that are vulnerable to potential hacking using sound waves, says cybersecurity researcher Kevin Fu, who calls on manufacturers to address the risks.
McDonald's home food delivery app in India leaked sensitive personal information relating to 2.2 million users. But the restaurant giant only addressed the insecure API after a researcher went public one month after informing McDonald's about the problem.
While attackers continue to innovate, traditional intrusion prevention systems (IPS) have stood still, generating low-value alerts for security teams as attackers slip past in pursuit of high-value targets. Organizations have countered by piling more and more equipment on the network hoping to solve the problem....
What if you had a secret weapon that provided the visibility and context you need to make a quick judgment about the severity of an alert and more important, understand the context of what was going on before and after that alert?
With metadata, you do. Rich metadata can answer many questions about what's happening...
This monthly Security Agenda will highlight some of the most recent additions to our course library. March's edition features Former Federal CISO
Gregory Touhill giving a "Cyber State of the Union." Other industry influencers like Retired RSA Chair Art Coviello, FBI Cyber Division Supervisory Special Agent Jay...
A look at President Donald Trump's budget blueprint to boost cybersecurity spending in fiscal year 2018 leads the latest ISMG Security Report. Also, Russian agents charged with Yahoo hack; new White House cybersecurity adviser Rob Joyce profiled.
With apologies to Troy Hunt, the last thing you want to see in the morning as you're having your first cup of coffee and scanning the interwebz for cat videos is a notice from his "Have I Been Pwned" breach-alert service.
As effective as ransomware has proven to be in attacks against so many organizations across regions and sectors, certain characteristics actually can help defenders gain an edge in detecting malware. Lastline's Engin Kirda explains how.
If Yahoo's 2014 breach had been the result of an in-house Russian intelligence project, the hack probably would not have triggered a U.S. indictment. But Russia has landed in a muddy puddle after apparently tapping freelance talent with an interest in criminal gain.
Hackers have been targeting the likes of AOL and Yahoo, in part, because a certain generation of users - including many senior U.S. officials - continue to use the services to send and store state secrets. Let's make sure future generations don't make similar mistakes.
Two of the four individuals indicted for hacking Yahoo in 2014, exposing 500 million user accounts, work for a Russian intelligence service unit that the FBI collaborates with on international cybercrime investigations.