"This is not a crazy state; this is a rational state pursuing rational objectives." So said Robert Hannigan, former head of Britain's GCHQ intelligence service, when describing North Korea in a wide-ranging talk at the Infosecurity Europe conference that also touched on Russian hacking and cybercrime.
Reality Leigh Winner, 26, a former contractor for the NSA, has pleaded guilty to leaking a "top secret" five page document that describes Russian meddling with U.S. voting systems. She's agreed to a plea deal that calls for her to serve a 63-months prison sentence.
Financial services firms write off a certain level of online fraud as a cost of doing business, but these losses directly fund organized crime and help legitimize cybercrime as a career path, says Trusted Knight's Trevor Reschke, who stresses the sector must do more to combat fraud.
Privacy rights groups are calling on the Court of Justice of the European Union to clamp down on at least 17 EU governments that require domestic telecommunications firms to store all communications data, despite the court having ruled that such mass surveillance practices are illegal.
Helping victims know their passwords have been exposed in a data breach is half the battle in the fight to improve password security. To help, Mozilla and 1Password are integrating into their products a feature from the popular "Have I Been Pwned" breach notification service.
Many phishing campaigns are very targeted against specific types of users inside an organization, says Ironscale's Brendon Rod, who notes that "70 percent of attacks are targeting just 10 mailboxes or less and around 30 percent are just targeting one mailbox."
Behavioral analytics have taken the fast lane from emerging tech to mature practice. And Mark McGovern of CA Technologies says the technology is being deployed in innovative ways to help detect insider threats.
Consumers are more concerned than ever about their identities being compromised, yet they're failing to connect the dots between fear and preventive measures, according to recent research conducted by IDology. John Dancu, the company's CEO, explains the implications for businesses.
The U.S. Supreme Court has ruled that location data generated by mobile phones is protected by the Fourth Amendment, meaning police need "probable cause" before they can access it. The ACLU says the ruling "provides a groundbreaking update to privacy rights" in the digital age.
Australia's large online medical booking platform, HealthEngine, has become embroiled in a privacy controversy after it reportedly passed personal medical details to a personal injury law firm. HealthEngine maintains it obtained users' consent, but the revelation appears to have caught many by surprise.
When communications giant Publicis Groupe launched its GDPR compliance project, CISO Thom Langford says, "it was more a case of honing and polishing, rather than building from the ground up," thanks to its existing information security management system and complying with ISO 27001.
A federal court recently dismissed a case filed by a patient alleging a laboratory violated HIPAA by failing to shield her personal health information from public view. The ruling once again reaffirmed a longstanding precedent that individuals cannot sue for alleged HIPAA violations.
Europe's General Data Protection Regulation is reshaping the way organizations handle data. That's going to have an impact on the sharing of threat intelligence. But the Anti-Phishing Working Group hopes the law will provide legal clarity that will make more organizations comfortable with sharing threat data.