Latest

Endpoint Security

Broadcom Reportedly Suspends Bid for Symantec

Scott Ferguson  •  July 15, 2019

Broadcom has reportedly suspended its effort to acquire Symantec after the two companies failed to agree on a price for the deal. The negotiations had been ongoing for several weeks.

Cybercrime

'Sea Turtle' DNS Hijackers Expand Reach

Jeffrey Burt  •  July 15, 2019

The group behind the Sea Turtle espionage campaign that was exposed in April is expanding its geographic reach and claiming new victims, according to researchers with Cisco's Talos unit.

Cybercrime

Phishing Campaign Tied to Amazon Prime Day

Akshaya Asokan  •  July 15, 2019

In the run-up to Amazon Prime Day, some of the company's customers were being targeted by a phishing kit called 16Shop, according to McAfee researchers. The campaign is similar to an earlier attack that focused on Apple users.

Security Operations

The Future SOC: Harmonizing Detection and Response

Jeremy Kirk  •  July 12, 2019

The success of security operations centers will depend on how well they blend key technologies - including detection, user behavior analytics and orchestration, says Haiyan Song of Splunk, who offers strategic insights.

Active Defense & Deception

Analysis: The Significance of GDPR Fines

Nick Holland  •  July 12, 2019

The latest edition of the ISMG Security Report analyzes the significance of fines against British Airways and Marriott for violations of the EU's GDPR. Also featured are discussions of California's privacy law as a model for other states and the next generation of deception technologies.

Artificial Intelligence & Machine Learning

Leak Confirms Google Speakers Often Record Without Warning

Mathew J. Schwartz  •  July 12, 2019

George Orwell's "1984" posited a world in which Big Brother monitored us constantly via "telescreens." But thanks to our "smart" AI home assistants - from Google, Amazon and others - we're increasingly installing the monitoring equipment ourselves, and it may "hear" much more than we realize.

Fraud Management & Cybercrime

Report: Ransomware Targets QNAP Storage Devices

Akshaya Asokan  •  July 11, 2019

A new ransomware strain called eCh0raix is targeting enterprise storage devices sold by QNAP Network by exploiting vulnerabilities in the gear and bypassing weak credentials using brute-force techniques, warns security firm Anomali.

3rd Party Risk Management

Managing Third-Party Risks: CISOs' Success Strategies

Suparna Goswami  •  July 11, 2019

As more organizations rely on third parties for various services, managing the security risks involved is becoming a bigger challenge. Three CISOs offer insights on their real-world strategies for success.

Endpoint Security

Apple Issues Silent Update to Remove Old Zoom Software

Jeremy Kirk  •  July 11, 2019

Apple has taken an extraordinary move to protect its users from a yet-to-be-disclosed vulnerability that could compromise Macs that have the Zoom video conferencing software installed. It released a silent update to remove a vulnerable left-behind local web server, which likely has a remote code execution flaw.

Application Security

MongoDB Database Exposed 188 Million Records: Researchers

Akshaya Asokan  •  July 11, 2019

Security researchers have found yet another unsecured database that left personal data exposed to the internet. In this latest case, a MongoDB database containing about 188 million records, mostly culled from websites and search engines, was exposed, researchers say.

►

Governance

How to Protect SSH Keys

Nick Holland  •  July 11, 2019

SSH keys are widely used to provide privileged administrative access but are routinely untracked, unmanaged and unmonitored. Mike Dodson of Venafi outlines an approach for better key protection.

►

Governance

Building a Framework for Data Privacy

Nick Holland  •  July 11, 2019

Richard Cramer of Informatica outlines a prescriptive approach to data privacy based on six core tenets.