Because cyberattacks continue to bypass next-generation security technologies, it's important not to underestimate the role humans play in attack detection and threat mitigation, says Rohyt Belani of PhishMe.
A commentary on the need for developers to be more deliberate in securing IT products leads the latest edition of the ISMG Security. Also featured: A report on Congress tackling voting machine security.
Organizations must consider using privileged access controls throughout their entire "stack" of applications, as well as during the app development stages, says Andy Givens of CyberArk.
In the annals of bad bugs for 2017, Apple's High Sierra fiasco could be No. 1. How does one of the world's most well-resourced software developers miss a glaring issue posted in one of its own forums?
Apple's latest desktop operating system, High Sierra, has a massive vulnerability that allows anyone to create, without a password, a "root" account that has access to all files on the computer. It's the third authentication-related fumble found in High Sierra since its general release in September.
As data protection breaches have become daily headline news and everyone becomes increasingly sensitive about privacy, the regulatory regime is getting tougher. Data protection laws in Europe are more important than ever before - especially as the enforcement deadline of the EU GDPR looms.
Fool me once, shame on you. Fool me twice, shame on me. That's the situation facing victims of Equifax's massive data breach, who are being offered identity theft or fraud monitoring services from none other than Equifax. First, however, they have to share some personal information.
The U.S. government has charged three employees of Chinese cybersecurity firm Boysec with stealing valuable intellectual property from Siemens, Moody's Analytics and Trimble. Security researchers say Boysec has been operating since 2007 and is also known as APT 3 and Gothic Panda.
When Arbor Network's Paul Bowen looks at the IoT threat to healthcare, he's concerned about how medical devices are conceived, created and connected. And he says device manufacturers are dangerously behind the maturity curve when compared to threats actors.
Are you an accused Russian hacker who's been detained on foreign soil at the request of U.S. authorities? Bad news: While Mother Russia will go to court to try to bring you home, your odds of resisting U.S. extradition don't look good.
The steady stream of new reports about years-old breaches continues as Imgur, the popular photo-sharing service, belatedly warns that it suffered a breach in 2014 that compromised 1.7 million users' accounts.
Like its mythological namesake, the source code for Zeus malware appears to be immortal. New variants continue to surface, including the Terdot banking Trojan, which is also designed to steal email and social networking credentials while remaining hidden.
A presentation on new models to battle email phishing leads the latest edition of the ISMG Security Report. Also, did Uber mishandle ransomware response?
HyphBot botnet malware is forcing infected PCs to sneakily view high-priced video ads, allowing fraudsters to reap upwards of $1.3 million in daily ad spending, a Danish advertising technology firm warns. The scheme highlights the challenges facing online advertisers seeking legitimate viewers.
Give crooks credit for topicality: They remain loathe to miss a trick. Indeed, hardly any time elapsed after Uber came clean about the year-old breach it had concealed before crack teams of social engineers unleashed appropriately themed phishing messages designed to bamboozle the masses.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.
