To build a successful vulnerability disclosure program, avoid thinking of it as quick-fix "bug bounty Botox," and instead focus on building positive relationships with the security community, hiring top-notch talent and "building a sustainable ecosystem," says Luta Security's Katie Moussouris.
The genie is out of the bottle - and working remotely. Global enterprises have fundamentally and permanently changed the way they work. What does this mean as we plan for 2021, and how can organizations automate many of their remaining manual processes? Kelsey Nelson of Okta shares insights.
The COVID-19 pandemic is forcing big businesses to rethink their security plans. For example, the National Football League is experimenting with "zero trust" architectures, while Jet Blue is focusing on more frequent risk assessments.
To help prevent payments-related fraud, better identity verification of merchants and consumers is needed, says Alastair Johnson of Nuggets, a payments and identity management company.
Implementing an adaptive, risk-based authentication process for remote system access is proving effective as more staff members work from home during the COVID-19 pandemic, says Ant Allan, a vice president and analyst at Gartner.
The growing use of biometric technology is raising concerns about privacy as well as identity theft and fraud, says attorney Paul Hales, who reviews recent legal and legislative developments.
The Senate Intelligence Committee Tuesday released its fifth and final report on Russia's attempts to influence the 2016 election, providing more details on how Russian hackers resided on Democratic National Commitee servers for months and citing shortcomings in the FBI's investigation.
The emerging cloud-delivered service model known as security access service edge, or SASE, is designed to help simplify security for remote access, says Sean Duca of Palo Alto Networks, who explains how the model works.
Copycats using well-known threat actor names, such as Fancy Bear and Armada Collective, are launching extortion campaigns tied to distributed denial-of-service attacks against financial institutions, according to Akamai's Security Intelligence Research Team.
Ransomware gangs continue to see bigger payoffs from their ransom-paying victims, driven by "big-game hunting," data exfiltration and smaller players seeking larger returns, according to ransomware incident response firm Coveware.
Scammers have reportedly been putting one over on customers of the famous Ritz London, which says it is "aware of a potential data breach within our food and beverage reservation system, which may have compromised some of our clients' personal data." No payment card data was exposed, it says.
Researchers at Check Point developed a one-click attack against Amazon's popular voice-controlled assistant Alexa that could reveal a user's voice history or personal information. Amazon has fixed the web application security flaws but says Check Point's demo video is misleading.
President Donald Trump has signed a new executive order that requires TikTok owner ByteDance to divest its U.S. operations within 90 days. In the new order, Trump cites national security concerns in demanding the Chinese company sell its American assets.
A bipartisan group of federal lawmakers has proposed providing $28 billion to state and local governments to bolster their cybersecurity and IT infrastructures.
China could collect the personal data on Americans through the social media apps TikTok and WeChat for intelligence-gathering purposes, a senior Justice Department official says in explaining why the White House wants to ban these apps.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.