CISOs and other security practitioners are embracing the idea of a business-driven security model that takes a risk-oriented approach, says Rohit Ghai, president of RSA. "Cybersecurity conversations are becoming business conversations rather than technology conversations."
The notorious GandCrab ransomware-as-a-service gang has released the latest version of its crypto-locking malware, backed by crypter service and exploit toolkit partnerships. But the gang's marketing savvy belies shoddy code-development practices, security firm McAfee finds.
What can organizations do to thwart business email compromise attacks? In an interview, David Stubley, CEO of the consultancy 7 Elements, outlines several key steps. He'll be a featured speaker at Information Security Media Group's Security Summit: London, to be held Sept. 23.
Memo to hackers: Boasting about your exploits on social media channels is a good way to get caught. Indeed, Italian police say they busted a suspected hacker after he bragged not only about defacing the NASA home page but also about being part of a group calling itself "Master Italian Hackers Team."
Heathrow, the U.K.'s largest airport, has been fined by the country's privacy watchdog for a series of data security missteps that led to a USB memory drive containing highly sensitive information being lost by an airport security trainer on a London city street, where it was found by a passerby.
Google blames a bug in an API for its Google+ social networking service for exposing personal details of about 500,000 users' accounts, but says it doesn't believe the information was misused. The company was forced to acknowledge the March incident after it was reported by The Wall Street Journal.
As more companies move away from passwords toward behavioral biometrics, they face new challenges, says Rajiv Dholakia, vice president, products at Nok Nok Labs. "There are no standards as such in this area on how the information is collected, how it's stored and how it's processed," he says.
Barriers to getting into the business email compromise - aka CEO fraud - game continue to fall, with security vendor Digital Shadows finding that compromised email accounts for a company's finance department can typically be purchased via the black market for just $150 to $500.
Did the Chinese government pull off one of the most secretive hardware hacks of all time? That's what information security experts are pondering after a Bloomberg report described an espionage operation that purportedly planted a tiny spying chip on widely distributed server motherboards.
The latest edition of the ISMG Security Report features an analysis of the latest developments in Facebook's massive data breach and expert analysis of the potential for nation-state interference in the U.S. midterm elections.
At three of the world's largest information security events in 2018, Information Security Media Group's team of editors conducted about 200 video interviews with industry thought leaders, who provided timely insights on important topics. Here's your guide to those interviews.
Warning: Attackers behind the recently revealed Facebook mega-breach may still be able to access victims' accounts at some third-party web services and mobile apps, and Facebook has offered no timeline for when a full lockdown might occur - although there are no signs of third-party account takeovers.
Step away from the social media single sign-on services, cybersecurity experts say, citing numerous privacy and security risks. Instead, they recommend that everyone use password managers to create unique and complex passwords for every site, service or app they use.