Developers can play a vital role in accelerating the adoption of AppSec practices, security vendor says.
There are always projects, maturity improvements, and risk mitigation endeavors on the horizon. Here's how to keep them from drifting into the sunset.
Email is indisputably a critical enterprise communication tool essential for sending important documents quickly and efficiently between employees, managers, HR, finance, sales, legal, customers, supply chain and more.
The heated debate over cloud versus on-premise has been going on for years, with both sides citing cost and security reasons to support their claims. As the debate unfolds, one thing is becoming increasingly clear – companies are doubling down on security.
Law enforcement, even on a local level, has a new obligation to establish an effective framework for combating online crime.
CrashOverride / Industroyer malware used against Ukraine's power grid the inspiration for the reverse-engineering tool.
Trump previously tweeted about creating a cybersecurity unit after talks with Putin but backtracked after receiving flak.
The Institute of Information Security Professionals (IISP) – the not-for-profit body that represents information security professionals – is warning companies to invest wisely in cyber security training services with an eye on quality and real benefits.
Global threats, recent WannaCry ransom attack fuel awareness
Cybersecurity will increasingly become part of deal-vetting
Small businesses are vulnerable to large scale cyber attacks – Here’s how to keep your business protected.
James Comey stresses the need to address encryption challenges faced by law enforcement.
The largest DDoS attack in history is just the tip of the iceberg.
ISACA report finds that 55% of security jobs take three- to six months to fill, and under 25% of candidates are qualified for the jobs they apply for.
Hackers have been sending fake emails making users believe that their PayPal account has been limited.
In the UK alone, fraud has hit record levels of £1.1 billion, and with the European Union’s GDPR set to come into effect from May 2018, cybercrime is at the top of the everyone’s agenda – from governments to businesses large and small, even individuals.
Learn everything about Blockchain and Personal Data Storage.
Whether it was a billion compromised Yahoo accounts or state-sponsored Russian hackers muscling in on the US election, this past year saw hacks of unprecedented scale and temerity. And if history is any guide, next year should yield more of the same.
'Methbot' is a sophisticated cybercrime scheme that has hit major US advertisers and publishing brands and pilfered millions of dollars per day.
Two new studies connect the dots between an organization's lack of staffing and skills to its ability to fend off cyberattacks.
Report outlines ways to lock down critical infrastructure as well as IoT - and the urgent need to expand the security workforce by 2020 with 100,000 new jobs.
Over 2,000 systems were reportedly hit by a variant of the HDDCrypto ransomware.
Yes retailers can achieve ROI for their investments in cybersecurity during the upcoming holiday season - and for the rest of the year, too! Here's how.
Army to offer cash rewards to bug hunters who find security vulnerabilities in its recruiting sites and database systems that have ties to the Army's core operational systems.
US alone will need 9,000 DPOs to meet GDPR mandates, says International Association of Privacy Professionals - but don't expect that many new job listings.
Research indicates one in three cyberattacks results in a security breach, but most organizations are confident in their defense tactics.
The endpoint detection and response market is exploding! Here's how to make sense of the options, dig deeper, and separate vendor fact from fiction.
If you want to build the next great cybersecurity startup, use your expertise, then follow these three simple suggestions.
Half of small business owners have experienced malware, phishing, Trojans, hacking, and unauthorized access to customer data, according to Nationwide survey.
US mulls 'proportional' response to Democratic Party hacks in midst of an unprecedented presidential campaign clouded by cybersecurity concerns (among other things).
A blockchain-based information exchange could remove friction and costs presented by intermediaries in existing health information exchanges, according to a Deloitte white paper on blockchain’s potential benefits for health care titled, “Blockchain: Opportunities for Health Care.”
Data scientists face a tricky task -- taking raw data and making it meaningful for both security and business teams. Here's how to bridge the gap.
China's increasing dependence on mobile payment may be making it an attractive target for hackers.
'Vendetta Brothers' cybercrime duo runs site that offers cards stolen from over 600 banks in 41 countries, FireEye says.
Lester Holt led with topic of cybersecurity as the first question on national security in last night's Presidential debate.
The hotel's payment systems exposed more than 70,000 customer credit card numbers.
The story of bitcoin’s biggest hacks and thefts is the story of bitcoin itself. From its early days and its first hack, to the biggest theft of all time, bitcoin’s utopian promises often turned into a dystopian reality where scammers, thieves, unaccountable and often amateur exchanges, some, even fully anonymous, proliferated in a wild west of euphoria and hope for a new future combined with devastating, and at times, tragic loss.
The world's major central banks, stung by this year's $81-million heist in Bangladesh, have launched a task force to consider setting broad rules to protect the vast network of cross-border banking from cyber attacks, according to two sources with knowledge of the matter.
The move is part of a larger Google push to lock down Web traffic using encryption between the browser and Web server.
We all need help, and only by working together can we move the needle on security.
At G-20 summit, US President warns of a free-for-all if urgent measures are not taken by countries with cyber weapons capabilities.
Facebook, LinkedIn, and Twitter can't secure their own environments, let alone yours. It's time to sharpen your security acumen.
The Federal Trade Commission has recommendations for consumers to protect their personal data when driving rental vehicles.
Power and utilities companies need a risk-centric cybersecurity approach to face coming threats.
Start saving now. The global cost of cybercrime could reach $6 trillion by 2021, according to a Cybersecurity Ventures report.
Researchers found they could trick four out of five systems used to lock smartphones and safeguard data.
Officials spotted 'indications' it was compromised by 'spearphishing' tactics.
By getting the underlying technology right, Mr. Robot producers understand they boost the show's credibility and give businesses and their customers a more realistic view of security, risk and the challenges of data protection.
Human error and lack of internal security awareness are the biggest sources for data breaches and risk to organizations. Yet 78% of SMBs conduct security training just once a year (or less).
'Master hacker' Roman Seleznev is facing a 40-count indictment in the US.
Seven supercomputers recently took part in a virtual contest that saw them competing against one another in a bid to find software vulnerabilities.
The founder of an “ethical hacking” community in China, Fang Xiaodun, was arrested by Chinese authorities a week ago according to Chinese news outlet Caixinwang.
Kat.am has claimed that it has retained its database and has already launched two new mirrors.
Russia's Federal Security Service says it now has a method to collect encryption keys to spy on users' data.
New Presidential Policy Directive, PPD-41, solidifies just how key federal agencies coordinate, respond to cyberattacks on federal and private networks.
Nomoreransom.org, a joint initiative between Europol, the Dutch National Police, Kaspersky Lab and Intel Security, offers help in getting encrypted data back.
How to teach your blue team to think like the red team when your network is under attack and time is your most valuable asset.
NGA's new chairman Virginia Gov. Terry McAuliffe says states can play a pivotal role in cybersecurity, including emergency response, workforce development and protecting health care data.
US, Germany, France, UK and India top surveillance requests list.
The US military's first of its kind cyberwar campaign against the Islamic State (Isis) is off to a slow start and this has left Pentagon officials frustrated. The US Cyber Command was established to undermine IS's (Daesh) online activities, specifically concerning online recruitment and planned attacks. However, the unit is yet to develop malware and other tools to launch offensive attacks.
A federal appeals court on Thursday said the U.S. government cannot force Microsoft Corp and other companies to turn over customer emails stored on servers outside the United States.
EDR is the beginning of our return to control in the fight against cybercrime.
Kenneth Geers previews his Black Hat talk and discusses the strategic military maneuvers governments can make within cyberspace.
A newly found mobile trojan family has quickly become the No. 1 Android malware in the world. As of the end of June, the average number of Hummer-infected phones stands at almost 2 billion, which is a larger install base than any other mobile phone trojan.
U.S. Assistant Attorney General John Carlin's statement finds support in FireEye report of a 90% fall in China-based hacking.
How open communication among security execs and analysts, incidents responders, and engineers can help organizations stay on top of the constantly changing threat landscape.
New 'attraction and curiosity' for infosec at the Intelligent Buildings Conference this week.
Meeting next month to focus on speedy recovery of the money -- most of which has disappeared into Philippine casinos.
In theory, sharing threat intel makes sense. But in cybersecurity you're not dealing with known individuals, you're dealing with anonymous adversaries capable of rapid change.
Cyberattack on a NATO ally will now trigger a collective response.
South Korean police are alleging that its neighbor to the north has hacked into over 140,000 computers at various South Korean firms and governmental agencies in an effort to launch a massive cyber attack against the country. Defense-related material was also allegedly stolen, including non-classified F-15 fighter jets’ wings blueprints.
Today's employers aren't looking for recruits who can maintain firewalls and mitigate risk. They want well-rounded professionals who can apply security expertise across the business to yield bottom-line results.
For the last two weeks, the tech world’s security teams have been practically under siege. On an almost daily basis, new collections of data from hundreds of millions of stolen accounts have appeared on the dark web, ripped from major web firms and sold for as little as a few hundred dollars each worth of bitcoins. And behind each of those clearance sales has been one pseudonym: “Peace_of_mind.”
There is yet another hack for users of popular social media sites to worry about. Hackers may have used malware to collect more than 32 million Twitter login credentials that are now being sold on the dark web. Twitter says that its systems have not been breached.
OurMine Team claims hack is a fallout of LinkedIn leak; Zuckerberg reportedly may have used same password for other accounts.
In the process of creating and administering groups, users learn how to read data points, create a risk profile in their head, and watch for changes over time.
Anomali says it has found five new pieces of malware tying the two attack groups together.
A look at ten of the megatrends that have shaped IT security -- and in some cases, enterprise business -- over the last decade.
A new government report on Wednesday revealed that America's nukes are still being controlled by antique computers with 8-inch floppy disks, but a former white hat hacker says that's not necessarily a bad thing.
IT risk assessments are crucial to minimize the fallout from cyberattacks. Experts explain why and suggest what questions to consider to assess your company's risk.
Senior State Department official says cyber is fundamentally different than any sort of conventional military or diplomatic arena, urges ongoing and multilateral development of ‘norms’ in global Internet talks.
ICSA Labs now offers a security testing program for IoT products, following the recently announced 'CyberUL' security certification program.
A recent security report from CompTIA found that while threats are growing stronger, many enterprises still aren't ready to face them.
The ability of defendants to confront the evidence against them is 'absolutely essential,' civil rights groups argue
A researcher talks about ways to cut short attacks, protect files from encryption
We can now recover evidence from the RAM on a cellphone, even if the account is locked, and use it to prosecute a case.
How defenders in a US national security agency capture-the-flag exercise used an endless stream of false data across the network to thwart attackers and contain damage.
It has been discovered by security researchers that the majority of modern vehicles are at risk from a design vulnerability which could be potentially disabled by a hacker.
Whether you're Lord Commander of the Night's Watch or the CISO of a mainstream business, it's not easy to defend against a constantly evolving threat that is as deadly as an army of White Walkers.
Mark Vartanyan is the second individual to be sent to prison in connection with Citadel.
Researchers at Black Hat USA will demonstrate how active intrusion detection strategies can help administrators detect hackers who are overly reliant on popular attack tools and techniques.
IT decision makers are dangerously over-confident in the ability of perimeter security to keep key assets safe from hackers, with UK professionals even more self-assured than the global average, according to new data from Gemalto.
Financial institutions are under pressure to ramp up security, with trends such as the increased take-up of mobile banking putting banks’ IT infrastructure defences at growing risk of cyber-attack.
Organizations struggling with risk management are more concerned about brand damage than cyberattacks, new Ponemon study shows.
Rules aren't really rules if breaking them has no consequences.
It just became harder to distinguish bot behavior from human behavior.
Nearly 70% of ransomware victims surveyed by IBM said they paid between $10K and $40K to retrieve their data.
Attackers tap the cloud to reduce costs and increase efficiency of their phony and malicious emails, according to a new Imperva study.
New report querying security pros shows increase in worry about risks with mobile and cloud environments.
The information security risks posed by insiders are a threat to organisations across all industry sectors and disciplines. Through access to information systems afforded by their status, insiders can cause a loss of intellectual property with damaging effects even greater than those of a large external cybersecurity breach of personally identifiable information.
The clock is ticking. Eighteen months may sound like a long time, but to rethink and enhance an enterprise’s security measures, it is not long at all.
The IT landscape continues to change, between the growth of the Internet of Things and the increasing frequency and complexity of cyber-threats. Technology is evolving more rapidly than before and we now have vast amounts of data at our disposal.
Despite geopolitical uncertainties, cyber threats are the financial industry's biggest worry, new data shows.
At Black Hat Europe 2016, security experts weigh in on how companies can build strong security teams, and how employees can educate themselves to meet business needs.
Researchers at Black Hat Europe this week will demonstrate a streamlined technique for spotting and identifying illicit narcotics, counterfeiters, and other scammer websites and operations.
Exploit, available in the wild, is being used in attacks against Windows users, company warns
Tripwire research indicates smart grids and transportation among the services most exposed to cyberattack risks.
You really needed Cristiano Ronaldo or that Doomhammer. Cybercriminals will help you get it for a price, and it's not even entirely illegal.
The current managed security services provider model just doesn't work in our information-rich world. Time to shake things up.
By focusing on a pragmatic approach to security, it's possible to develop IoT solutions that will reduce future risk without breaking the bank.
Aerospace victim hit by targeted attack that didn't even exploit a Mac vulnerability.
Silicon Valley is going to war against disease, cancer, aging, and perhaps even death, with advanced computing, AI and machine learning, genomics, DNA engineering, biotech and nanotech. Tech giants and mega-rich philanthropists are spending billions to permit hacking biology all the way down to DNA, and perhaps we could see breakthroughs in only a few years.
Tech companies - including Uber, Dropbox, Twitter, and Docker - have joined forces to create the Vendor Security Alliance, which aims to vet vendor security practices.
The game of 20 questions is a great way to separate vendors that meets your needs from those who will likely disappoint.
Two Israeli teenagers have been arrested on suspicion of running a service that allowed paying customers to attack websites.
ALEXANDRIA, Va. – Andrew Otto Boggs, aka “INCURSIO,” 22, of North Wilkesboro, North Carolina, and Justin Gray Liverman, aka “D3F4ULT,” 24, of Morehead City, North Carolina, were arrested today on charges related to their alleged roles in the computer hacking of several senior U.S. government officials and U.S. government computer systems.
Rule 1: know where your data sets are, which vendors have access to the data, and what privacy and security measures are in place.
In a report late Tuesday, the New York Times revealed that it’s Moscow bureau was the target of a cyberattack from Russian hackers, earlier this month.
Time to set cyber espionage 'norms' before more volatile nation-states follow suit, experts say.
Developers, your security warnings are messing with people’s brains, and not in a good way.
In the latest major hospitality breach, 20 hotels run by HEI Hotels and Resorts, including Hyatt, Marriott, Starwood and Intercontinental properties, have been hit with point-of-sale malware.
All Android OS versions are susceptible and can be affected by four identified security flaws.
What internet-connected device do most people fear getting hacked? The majority of respondents to a just released survey from Vormetric answered: Their car and home security camera.
Personal data visitors to online shopping portal stolen, says South Korea police.
A Google Project Zero researcher claims to have found a 'critical' LastPass bug.
For security pros, being asked to help secure Black Hat is like being asked to play on the Olympic basketball team.
Kickass Torrents’ owner Artem Vaulin has been arrested but the way Apple, Facebook and Coinbase helped the US authorities to track Vaulin back to Europe sounds like some script from a James Bond movie!
Filling critical information security roles with the right people is never easy. But learning how to separate the 'wheat from the chaff' is a smart step in the right direction.
New technique may be able to predict not only whether unfamiliar, unknown code is malicious, but also what family it is and who it came from.
Website of legitimate and popular application used by banks in Russia and nearby nations faced successive compromises.
"Consumers will have an increasing number of choices in how they pay," says Visa Europe executive director Jonathan Vaux.
A Chinese businessman who pleaded guilty in March to conspiring to hack into the computer networks of Boeing (BA.N) and other major U.S. defense contractors was sentenced on Wednesday to nearly four years in prison, prosecutors said.
Yes. But not for much longer unless the industry shifts to an automated security and zero trust model.
The FBI does not recommend charges against Hillary Clinton after investigation into use of her personal email server.
There’s been a lot of talk in recent years about encryption and what the FBI terms its “Going Dark” problem—its inability to read the communications of surveillance targets because more and more data is being encrypted. And while the end-to-end messaging encryption that protects data in transit in apps like WhatsApp get a lot of press, it’s a problem that applies equally a data at rest. The kind that full-disk encryption is designed to protect.
Country's chief financial body told lenders to strengthen security in wake of cyberattack on bank via SWIFT.
If a security system flags up an issue in your organisation and nobody acts on it, is it even an issue? Many organisations are acting that way, according to a report from Skyhigh Networks and the Cloud Security Alliance (CSA).
Network giant will purchase the Massachusetts-based provider of cloud access security broker technology for $293 million.
During this week’s WWDC keynote, executives touted improvements to popular services like Siri, iMessage, and Apple Music. They demonstrated exciting new uses for nascent features like 3D Touch.
Big data has lots of potential to make our decisions more efficient and effective. But like any powerful substance, too much in the wrong hands can have disastrous consequences.
Stick with mobile payment apps and carrier networks when traveling. And don't broadcast your plans or locations via social media.
Business alignment, defense-in-depth and a phased approach are three principles to follow when building out a solid security program.
RSA research says nearly half of surveyed companies show their incident response capabilities to be nonexistent.
The company's Global Cybersecurity Scholarship program is looking to diversify the talent pool by working with veterans, women and those early in their careers.
A sad tale of how hackers compromised a CEO's corporate account by trolling Facebook and LInkedin for answers to six common authentication questions. (And how to avoid that happening to you)
Security teams and DevOps need to team up on 'lean security' processes that make safety a top priority before a product reaches the market.
'The biz' has unique security needs. And it isn't only about preventing 'the next Sony.'
Bosses typically make about $90K a year, affiliates much less, Flashpoint study finds.
To be in the best position to defend against DDoS, companies need to protect against a range of exploitable vulnerabilities -- and have the tools to detect and react to attacks.
In the first of a two-part series, we examine the impact DDoS attacks have on business continuity - and why it is so much more than a network security problem.
AMSTERDAM – HACK IN THE BOX – Researchers have demonstrated that remote attackers can wirelessly change the time on network time protocol (NTP) servers over long distances using inexpensive devices.
Romanian hacker, extradited to the US, breached emails of 100 high-profile Americans and publicized their personal information.
Swift, a global money transfer network used by banks, has suffered gaps in security standards that have resulted in at least three breaches - in Vietnam, Bangladesh and Ecuador, according to The Wall Street Journal.
Examining the perceived disadvantages and the significant truths about automation’s role in cyber security
NEWS ANALYSIS: Using highly specialized malware, online thieves manipulated the international banking system and stole more than $80 million.
The skilled security workforce crisis will continue for the foreseeable future, even as expert systems are deployed.
Survey by FireEye highlights customer reluctance to continue with service providers with weak cybersecurity.