Saturday, November 17, 2018

Best-of-breed security products still dominate — kind of

The history of security purchasing centers around best-of-breed products. With each requirement, security professionals would research products, review third-party tests, bring in products for internal testing, and buy those that exhibited a superior ability to prevent, detect, or respond...

Digital identity, the blockchain and the GDPR: A round peg in a square hole?

Sometimes in the tech industry you have to work with opposing needs or even contradictions. Often, we find ourselves in a situation of balancing human nature versus security or legal versus technology. An example of the former is in...

BrandPost: As Cyber Threats Grow, Cyber Vigilance is Mandatory

In 1809, author Thomas Charlton penned the famous phrase that has been subsequently attributed to a wide variety of people, writing, “the price of liberty is eternal vigilance.” While he certainly could not have foreseen our day, that idea...

IDG Contributor Network: Small Business Saturday means it’s time for an annual cyber refresh

As we approach Small Business Saturday, it’s a good time of year for small and mid-sized businesses to refresh their thinking around data security and incident response planning. In the same way that we are taught to change the...

What is the cyber kill chain? Why it’s not always the right approach to cyber attacks

As an infosec professional, you’ve likely heard about using a cyber kill chain, also known as a cyber attack lifecycle, to help identify and prevent intrusions. Attackers are evolving their methods, which might require that you look at the...

GDPR, I choose you! How the Pokémon Company embraces security and privacy by design

Pokémon is one of the biggest brands in the world. The colorful pocket monsters span dozens of computer games, cartoons, films, trading cards, books, toys and anything else you care to imagine.To read this article in full, please click...

How to use PowerShell to scan for Windows 10 security updates

With Windows 10, you can no longer do a quick-and-dirty scan for updates from the GUI without triggering the detection and installation of those updates. The same holds true for Server 2016 or Server 2019. The ability to scan...

Microsoft covertly collects personal data from enterprise Office ProPlus users

Privacy Company released the results of a data protection impact assessment showing privacy risks in the enterprise version of Microsoft Office.Regarding the “large scale and covert collection of personal data” of Microsoft Office ProPlus (Office 2016 MSI and Office...

IDG Contributor Network: The end of security as we know it

If you listen very carefully, the age of information security as we know it ended recently, not with a bang, but with a whimper.  While that may be something of an overstatement, a recent event put us on the...

How to set up a successful digital forensics program

IT and security managers have found themselves needing to better understand the world of digital forensics, defined as the ability to track down the source of a network intrusion, an exploit such as ransomware, or some other incident where...

How to reach that person who will click on anything

Anyone can be phished with the right targeted spear-phishing campaign, but we all know that person in our organization who will click on any phishing email no matter how fake it appears to everyone else. How do you reach...

Possible BGP hijacking takes Google down

Google might not be immune to border gate protocol (BGP) hijacking and leaks.On Monday, Google services went down for over an hour as internet traffic for some G Suite and Google search users was rerouted to Nigeria, China, and Russia. Internet...

HP Offering $330 off Pavilion 15z 15.6″ Touchscreen Laptop Right Now ($370)

You don't have to wait for Black Friday. Deals have started to drop early, but you have to know where to look. HP has activated a whopping $330 discount on its Pavilion 15z 15.6" Touchscreen Laptop, which puts it at...

Review: Protecting multi-cloud environments with Threat Stack

With a large number of organizations moving their data and applications to the cloud, there is an acute need for a platform designed to natively detect malicious activity occurring there without hindering the underlying network or the business functions...

Cylance researchers discover powerful new nation-state APT

When a Belgian locksmith attacked the Pakistani Air Force, researchers at Cylance sat up and took notice. The locksmith probably never knew his website had been taken over by a nation-state hacking group as a command-and-control server, nor that...

Cyber criminals abuse US Postal Service Informed Delivery for ID theft

The U.S. Secret Service issued an internal alert to law enforcement partners about identity thieves abusing the U.S. Postal Service’s Informed Delivery, a service that allows you to digitally preview your mail and manage package delivery. ID thieves have...

BrandPost: Fill Your Cybersecurity Skills Gap with Veterans

One of the most pressing concerns facing organizations today is the widening cybersecurity skills gap. According to recent estimates, there will be as many as 3.5 million unfilled positions in the industry by 2021. One often overlooked pipeline that may help...

IDG Contributor Network: Taking a moment to appreciate how far we’ve come

Today’s digital security environment offers no shortage of opportunity for industry observers to fret about our collective shortcomings: our enterprises still are plagued by too many security vulnerabilities, too few skilled practitioners and, in many cases, lack a true...

The state of ICS and IIoT security in 2019

40 percent of industrial sites have at least one direct connection to the public internetImage by Getty ImagesAir gaps for critical systems remain an effective way to reduce the chance of attack. No connection to the web means threat...

Best Android antivirus? The top 13 tools

The following are the 13 best antivirus tools for Android, according to AV-TEST’s September 2018 evaluations of 20 Android security apps. (The AV-TEST Institute is a Germany-based independent service provider of IT security and antivirus research.) All but two...
SC Magazine

Instagram flaw exposes user passwords

A security flaw in Instagram’s recently released “Download Your Data” tool could have exposed some user passwords, the company reportedly told users. The tool, revealed by Instagram right before the GDPR regulation went into effect, is designed to let users...

Julian Assange Charges, Japan’s Top Cybersecurity Official, and More Security News This Week

Safer browsing, more bitcoin scams, and the rest of the week's top security news.
The Register

SMS 2FA database leak drama, MageCart mishaps, Black Friday badware, and more

Plus, why is Kaspersky Lab getting into chess? Roundup  What a week it has been: we had the creation of a new government agency, a meltdown flashback, and of course, Patch Tuesday.…
TechRepublic

Is retaining a cybersecurity attorney a good idea for your business?

Cybersecurity is so complicated that businesses, large and small, are retaining legal counsel specializing in security. Learn two more steps businesses should take before a cyberattack hits.

Machine Learning Can Create Fake ‘Master Key’ Fingerprints

Researchers have refined a technique to create so-called DeepMasterPrints, fake fingerprints designed to get past security.