Open source and third-party components help developers build and deploy applications faster. But with increased speed comes greater risks, says Chris Eng of CA Veracode, who offers insights on mitigating those risks.
Attorney Elizabeth Harding clears up confusion about certain provisions of the EU's General Data Protection Regulation, including the issue of when organizations need to obtain a European consumer's consent to process their data.
Lawsuits sparked by massive data breaches at Yahoo - and the company's failure to report those breaches to investors in a timely manner - could soon be resolved. Plaintiffs and defendants say they have committed to a $47 million deal that they expect to submit for court approval within 45 days.
More evidence that running cybercrime schemes remains inexpensive and accessible to anyone with criminal intent: To send spam emails, admitted botnet herder Peter Levashov quoted customers $500 for 1 million emails. And that was just his 2016 pricing.
Coordinated police raids in Germany and Sweden have resulted in the arrest of two Syrian nationals suspected of running a cyber fraud operation that purchased stolen card data to book hundreds of airline and train tickets to help smuggle people from the Middle East into Europe.
Attack code known as EternalBlue, designed to exploit a Windows SMB flaw, continues to work for attackers despite Microsoft having issued patches more than a year ago. One major U.S. business was a recent victim as part of a cryptocurrency-mining malware campaign, a researcher reports.
A key amendment to Canada's Personal Information Protection and Electronic Documents Act goes into effect on Nov. 1. What are the baseline standards for compliance, and how does this change impact risk transfer and mitigation? Charlie Groves of CrowdStrike shares his views.
Intel has had a challenging time lately on the vulnerability front. It has issued yet another patch for its Management Engine after a researcher was able to extract two types of encryption keys. The problem was a repeat of one that Intel patched just last year.
Less than four months after GDPR enforcement began, Europe has arguably entered the modern data breach notification era. Reports of data breaches continue to increase, and breached organizations now face the specter of class-action lawsuits over material as well as non-material damages.
The latest edition of the ISMG Security Report features an analysis of a new Government Accountability Office report on the causes of last year's massive Equifax breach. Also: An update on the role of tokenization in protecting payments.
A Romanian court has ruled that the notorious hacker "Guccifer," who discovered the existence of Hillary's Clinton's private email server, will be extradited to the U.S. to serve a 52-month prison sentence after he finishes serving a seven-year sentence in his home country.
Russian national Peter Levashov, who was arrested in Spain last year and extradited to the U.S., has admitted to a two-decade crime spree that included running multiple botnets that harvested online credentials while also pumping out spam, banking Trojans and ransomware.
A web browser startup, Brave, has filed complaints in Europe alleging Google and other behavioral advertising companies are violating Europe's GDPR. Brave's complaints could set up one of the biggest battles so far over how personal data gets used - or abused - for targeted advertising.