Latest

File & Data Security

Facebook Password, Email Contact Mishandling Deepens

Jeremy Kirk  •  April 19, 2019

Two security issues disclosed by Facebook over the past month are worse than first thought, adding to a harrowing series of data-handling mishaps by the social network. Millions of Instagram users had their plain-text passwords stored, and 1.5 million people had their email contact lists uploaded without consent.

Blockchain & Cryptocurrency

10 Highlights: Cryptographers' Panel at RSA Conference 2019

Mathew J. Schwartz  •  April 17, 2019

From blockchains and surveillance to backdoors and GDPR, a group of leading cryptographers rounded up the top cybersecurity and privacy matters of the day at the cryptographers' panel held at the recent RSA Conference 2019 in San Francisco.

Fraud Management & Cybercrime

Microsoft: Email Content Exposed in Customer Support Hack

Jeremy Kirk  •  April 16, 2019

Microsoft says intruders targeting its email services had access to email content for a single-digit percentage of the overall affected accounts, a more serious conclusion than first thought. But the company hasn't released many details, including the total number of accounts affected.

►

General Data Protection Regulation (GDPR)

Vendor Risk Management: More Than a Security Issue

Varun Haran  •  April 3, 2019

Vendor risk management must be a higher priority in all business sectors and must extend beyond security to include privacy, says Kabir Barday of OneTrust.

►

Global Compliance

The Far-Reaching Implications of PSD2

Nick Holland  •  March 27, 2019

PSD2 requirements for strong authentication and third-party bank account access go into effect this September. Angie White, product marketing manager at iovation, discusses the implications of the directive inside and outside the European Economic Area.

►

Next-Generation Technologies & Secure Development

Inside Netscout's Threat Report

Tom Field  •  March 25, 2019

Netscout is out with its latest threat report, and the research offers some startling new insights into DDoS, advanced threats and the commercialization of cybercrime. Hardik Modi offers analysis.

►

RSA Conference 2018

API-Centric Automated Attacks on the Rise

Varun Haran  •  March 25, 2019

CloudEntity CEO Nathaniel Coffing shares insight on building foundational API security in a zero-trust world.

►

Fraud Management & Cybercrime

CrowdStrike's 2019 Global Threat Report

Tom Field  •  March 25, 2019

CrowdStrike is out with its 2019 Global Threat Report, which includes a ranking of the most dangerous nation-state adversaries. The company's CTO, Dmitri Alperovitch, discusses the report's key findings about threats and threat actors.

►

Identity & Access Management

Gaining Visibility and Control Over Passwords

Nick Holland  •  March 25, 2019

Passwords are still a persistent security threat, given their ubiquity as a form of authentication and the inability of users to create strong, unique passwords. John Bennet of LogMeIn discusses the issue and solutions.

►

Fraud Management & Cybercrime

Threat Watch: Phishing, Social Engineering Continue

Mathew J. Schwartz  •  March 25, 2019

Reviewing 2018 attacks, Jon Clay of Trend Micro, says social engineering persists, including phishing attacks, while criminals also continue to steal credentials, lob ransomware at targets and push cryptomining malware.

►

Application Security

Application Security and the Focus on Software Integrity

Tom Field  •  March 25, 2019

As trends such as DevSecOps and agile application development spread, enterprises increasingly are focused on software integrity. Andreas Kuehlmann of Synopsys discusses how to address this shift.

►

RSA Conference 2018

3 Hot Legal Topics at RSA Conference 2019

Mathew J. Schwartz  •  March 25, 2019

What's hot on the cybersecurity legal front? For starters, in 2018, the U.S. Department of Justice indicted twice as many alleged state-sponsored attackers than it had ever indicted, says Kimberly Peretti of Alston & Bird.