Digital certificate vendor Trustico is facing a new crisis after a researcher tweeted about an apparent root-level access flaw in the company's website. The alert comes after Trustico's CEO admitted that his company was archiving private keys for digital certificates.
Leading the latest edition of the ISMG Security Report: President Trump has not authorized the National Security Agency to go after Russian election hackers at the source. Also, 23,000 digital certificates get revoked after their private keys get leaked, and an analysis of deception technologies.
The U.S. Securities and Exchange Commission has reportedly issued dozens of subpoenas and requests for information to technology companies, executives and advisers involved in initial coin offerings. The regulator's new cyber unit investigates ICOs, which attempt to raise funds for cryptocurrency ventures.
Digital certificate vendor Trustico is sparring with DigiCert, which recently took over Symantec's digital certificate business, over a serious security incident. The private keys for at least 23,000 Trustico digital certificates have been compromised, prompting a scramble to protect affected websites.
Cybersecurity company mergers and acquisitions continue. Among the major deals: The sale of PhishMe to a privacy equity syndicate and Splunk's purchase of Phantom. But these are just the latest in a series of moves so far this year as consolidation continues.
NSA Director Mike Rogers told senators that President Donald Trump has not ordered his agency to confront Russian election interference at its source, via network operations, and that President Putin "has clearly come to the conclusion there's little price to pay" for meddling.
Despite the millions of dollars companies invest in cybersecurity programs, advanced persistent attackers constantly devise new means of breaking into corporate environments. How can deception technology offer a new alternative? Ofer Israeli of Illusive Networks explains.
Now that the Supreme Court has declined to review a case stemming from a 2014 cyberattack on CareFirst Blue Cross Blue Shield, what comes next? Attorney Patricia Carreiro analyzes the potential implications for the class-action lawsuit filed after a breach that affected 1.1 million individuals.
A new strain of the Petya ransomware called "Bad Rabbit" is impacting business and sweeping across Russia and Ukraine, among other Eastern European countries. Like many of the other ransomware outbreaks, understanding fact from fiction is the first step in staying safe.
Criminals continue their quest for acquiring cryptocurrencies without having to buy and manage their own mining equipment. They're resorting to attacks aimed at stealing the cryptocurrencies via hacking, phishing, fake advertising and web injection attacks via repurposed banking Trojans.
An analysis of a massive 8.8 GB trove of files containing usernames and plaintext passwords suggests hundreds of services may have experienced unreported or undiscovered data breaches. Data breach expert Troy Hunt says the trove of 80 million records appears to contain fresh data.
Attorney Steven Teppler, who recently wrote a report that addresses risks related to the internet of things, offers insights on risk management steps organizations in all sectors must take as IoT devices proliferate in the enterprise.
Interest in deception technology is growing because it can play a valuable role in improving intrusion detection, says Anton Chuvakin of Gartner, who explains the intricacies of the emerging technology in an in-depth interview.
Arkansas developer Taylor Huddleston has been sentenced to serve more than two years in prison for developing, marketing and selling two tools designed to be used maliciously - the NanoCore remote access Trojan and Net Seal license software.
Certificate authorities continue to be tricked into issuing bogus TLS certificates. A study by Recorded Future found that at least three underground vendors can supply fraudulent TLS certificates, which pose serious risks to data security and privacy.