Latest

Critical Infrastructure Security

The Ultimate Missing Link in Cyber: Continuous Compromise Assessment

Information Security Media Group  •  October 16, 2019

According to Ricardo Villadiego, Lumu Technologies' Founder and CEO, organizations are "sitting on a gold mine: their own data". Under the single premise that organizations should assume they are compromised and prove otherwise, Lumu seeks to empower enterprises to answer the most basic question: Is your organization...

Fraud Management & Cybercrime

Twitter Apologizes for Repurposing Phone Numbers

Jeremy Kirk  •  October 9, 2019

Twitter apologized on Tuesday for repurposing phone numbers provided by users for security features for use in targeted advertising, claiming the move was a mistake. Earlier, Facebook was reprimanded for a similar practice.

General Data Protection Regulation (GDPR)

Google Wins 'Right to Be Forgotten' Case

Suparna Goswami  •  September 24, 2019

Europe's top court has ruled that Google does not have to remove links to sensitive personal data globally under the EU's "right to be forgotten" requirements, saying the requirement only applies in Europe.

Breach Notification

Foxit Software Breach Exposes Account Data

Jeremy Kirk  •  September 2, 2019

Foxit Software, the developer of popular PDF and document software, says user accounts were compromised in a breach. The company, which has 560 million users, isn't saying how the breach occurred, how many accounts were affected or for how long.

3rd Party Risk Management

Security Leaders Share Secret Sauce for Success with Digital Transformation

CyberArk  •  October 8, 2019

Join three industry practitioners to learn about the most pressing challenges of today.

Active Defense & Deception

Deception Technology: Making the Case

Information Security Media Group  •  September 19, 2019

Deception technology has emerged as a hot practice - but not one that is necessarily on every enterprise's budgeting radar. Don Gray, CTO of PacketViper, talks about the emergence of deception technology and how security leaders can make the case - and find the budget - for its usage.

Security Operations

SecOps Is Broken. What Can We Do About It?

Information Security Media Group  •  September 6, 2019

Learn how your enterprise security team can step up to the challenge of increasing daily attacks.

General Data Protection Regulation (GDPR)

Facial Recognition Use Triggers GDPR Fine

Akshaya Asokan  •  August 28, 2019

Sweden's Data Protection Authority has issued its first fine for violations of the European Union's General Data Protection regulation after a school launched a facial recognition pilot program to track students' attendance without proper consent.

Security Operations

Sorting Through 'Zero Trust' Misconceptions

Tom Field  •  August 27, 2019

F. Ward Holloway of Forescout Technologies sorts through what he sees as common misconceptions about the "zero trust" approach to security, including the assumption that it can prove to be too costly and complex to implement.

Incident & Breach Response

Hostinger: 14 Million Accounts at Risk After Breach

Jeremy Kirk  •  August 26, 2019

Web hosting company Hostinger has reset all customer passwords after one of its databases was breached, affecting 14 million accounts. The intruder gained access to an authorization token that allowed access to a customer database, the company says.

Active Defense & Deception

Operation Soft Cell

Cybereason  •  August 23, 2019

In 2018, the Cybereason Research team identified a series of attacks targeting telecommunications companies. These attacks shared the same TTPs and consisted of a webshell execution followed by the deployment of Poison Ivy, a well-known RAT attributed to Chinese APT groups.

Account Takeover

Credential Stuffing Attacks vs. Brute Force Attacks

Mike Greene  •  August 19, 2019

To explore how credential stuffing attacks and brute force attacks differ, we need to understand what they are and how they operate. Here is a quick summary.