Spectre and Meltdown: It's déjà vu all over again as Intel is reportedly prepping a coordinated vulnerability disclosure announcement for eight new speculative execution flaws. One of the new flaws is apparently worse than any of the three Spectre/Meltdown variants that came to light in January.
Payments are getting faster, and so is payments fraud. A robust fraud management strategy focusing on strong authentication, customer education and scalable responses can be instrumental in minimizing payment fraud risk.
Equifax says it continues to field queries from U.S. lawmakers about the full extent of its massive 2017 data breach, which occurred after an attacker exploited its unpatched Apache Struts web application. Research finds that many more organizations are using unpatched Struts applications.
A remote code execution vulnerability revealed in late March in the Drupal content management system is now being used on a large scale for mining the virtual currency monero, a researcher says. At least 400 websites have been infected, and the total number is likely far higher, security experts warn.
Security vendor ProtectWise says a series of operating mistakes has allowed it to gain insight into a group, believed to be affiliated with Chinese intelligence, that specializes in stealing code-signing certificates. The certificates allow for the signing of malware that's unlikely to raise security alarms.
Privacy regulations, user satisfaction concerns and the need to prevent data breaches are driving more organizations that must authenticate users to find "a better way of ensuring that people are who they are when they are accessing critical information," says Tony Smales, CEO of Forticode.
Sandip Kumar Panda, co-founder and CEO of InstaSafe, which offers a software-defined perimeter solution, talks about his company's approach toward secure connectivity.
The Ashley Madison breach of 2015 quickly became one the most famous of the high-profile hacks. Three years later, CISO Matthew Maglieri discusses the breach recovery and what he refers to as "cybersecurity in a world of discretion."
Twitter has apologized after it discovered that it had been inadvertently storing users' passwords in plaintext in an internal log, potentially putting them at risk. Twitter has blamed a bug for the fault and recommends all users change their passwords immediately.
In the new borderless, cloud-first paradigm that organizations find themselves in, a robust identity mechanism provides the best context for securing access, says Dustin Maxey of Ping Identity.
Over 55 percent of people will reuse passwords despite acknowledging the risks, says Amber Steel of LastPass. In the enterprise context, this bad behavior needs to be addressed without burdening employees with policies which could impact productivity, she says.
StackRox CTO Ali Golshan says his firm helps organizations that use containers and microservices to secure their cloud applications via better detection, prevention and response. How does it work?
Acalvio Technologies helps organizations practice "cyber deception" to more effectively detect and respond to data breaches, says Rick Moy, the firm's head of marketing. So how does it work?
Ian Eyberg is CEO of DeferPanic, a Unikernel-based infrastructure-as-a-service startup that provides containers that help organizations employ virtualization in a more secure manner. How does it work?
Ovum Research and Entrust Datacard experts discuss the transformation of identity and where it is headed.
Watch this video to learn more about:
Real-world examples of how organizations are embracing mobile and cloud platforms.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.