Saturday, July 20, 2019

IDG Contributor Network: Business email compromise: The odds of being a victim are increasing

As is often the case, guidances or advisories issued by regulators in the financial services industry are frequently highly useful for all forms of businesses, whether financial services or otherwise.The most recent such advisory is from FinCEN, the Financial...

California Consumer Privacy Act (CCPA): What you need to know to be compliant

In late June, 2018, California passed a consumer privacy act, AB 375, that could have more repercussions on U.S. companies than the European Union’s General Data Protection Regulation (GDPR) that went into effect this past spring. The California law...

Network traffic analysis tools must include these 6 capabilities

When it comes to threat detection and response, understanding network behavior really matters. According to ESG research, 87% of organizations use network traffic analysis (NTA) tools for threat detection and response, and 43% say NTA is a “first line...

BrandPost: Visibility is Essential for Effective OT Security

Operational Technology (OT) systems are responsible for the critical operations across a wide variety of industries, including Energy & Utilities, Manufacturing, and Transportation, and Defense. OT foundationally drives everything from manufacturing floors and oil rigs to complex transportation systems....

IDG Contributor Network: Modernized maritime industry transports cyberthreats to sea

If there is one universal truth we’ve learned from developments on the cybersecurity landscape in recent years, it’s that none of us are free from cyberthreats. Attackers identify and exploit vulnerabilities wherever they might exist, regardless of the target’s...

4 signs the CISO-board relationship is broken (and 3 ways to fix it)

When veteran cybersecurity leader Christopher Hetner wanted to build up trust with his company’s board, he sought out his C-suite colleagues to first better understand their work and security needs.To read this article in full, please click here(Insider Story)

Lack of trust will doom crytpocurrency

The promise of a cheap, anonymous, distributed, fiat cryptocurrency that is detached from any country’s sovereignty is a pipe dream. It will never happen. My opinion hasn’t changed since bitcoin first hit the market in 2009. People will play...

Review: How Barac ETV analyzes encrypted data streams

Encryption is one of the best ways that organizations can protect their data from thieves. If critical information is stored or transported in an encrypted format, it has some measure of protection even if it gets compromised or stolen....

How to manage Microsoft’s BitLocker encryption feature

A recent Microsoft Support knowledgebase article and servicing stack update for Windows operating systems offers a fix for a race condition issue introduced by a secure boot feature update, which caused patching to trigger a BitLocker recovery password.  It...

Companies with zero-trust network security move toward biometric authentication

Many organizations are moving away from using the network perimeter as a trust indicator when building and enforcing access policies for apps and other IT resources. An increasing number of enterprises have started implementing authentication solutions that perform user...

BrandPost: Securing the Shift of Workloads to Public Clouds

The recent Trends in Hybrid Cloud Security research survey conducted by ESG, showed that organizations are deploying a mix of workload server types across hybrid cloud environments. Use of public cloud for applications and infrastructure is growing. Read on to learn...

What is a computer virus? How they spread and 5 signs you’ve been infected

Computer virus definition A computer virus is a form of malicious software that piggybacks onto legitimate application code in order to spread and reproduce itself.Like other types of malware, a virus is deployed by attackers to damage or take control...

How to close SIEM visibility gaps created by legacy apps

As companies get better at analyzing log data to spot potential security threats, legacy applications create blindspots that can be hard to tackle. "Modern SIEMs have evolved beyond their own legacy feature sets, and have become advanced threat...

Best tools for single sign-on (SSO)

Single sign-on (SSO) centralizes session and user authentication services, requiring just one set of login credentials for multiple applications. This improves the user experience, but it has IT administration and security benefits, too. SSO reduces the risk of lost...

To pay or not pay a hacker’s ransomware demand? It comes down to cyber hygiene

Baltimore Mayor Jack Young announced last week that the U.S. Conference of Mayors (UCSM) passed a resolution calling on mayors to oppose the payment of ransomware attackers. The resolution states that “at least 170 county, city or state government...

How organizations are bridging the cyber-risk management gap

Cyber-risk management is more difficult today than it was two years ago. So say 74% of cybersecurity professionals in a recent ESG research survey. Respondents point to an expanding attack surface, an increase in software vulnerabilities, and more sophisticated...

The CSO guide to top security conferences, 2019

There is nothing like attending a face-to-face event for career networking and knowledge gathering, and we don’t have to tell you how helpful it can be to get a hands-on demo of a new tool or to have your...

How a decentralized cloud model may increase security, privacy

Whether it’s Amazon Web Services (AWS), Dropbox, Citrix, Microsoft or Google, all cloud storage vendors use the same basic principle — they all sync and copy to a centralized cloud server cluster via the internet. Millions of users and...

IDG Contributor Network: Trust isn’t new, so why are we acting like it is?

If you’ve been paying attention over the past few months, you’ve likely noticed an uptick in the use of the word “trust” among the infosec community. Long a bedrock of other more consumer-facing industries, such as public relations and...

How CISOs become business leaders

What’s the difference between a company that has a CISO and one where the IT security manager is the highest ranked security professional? Some might say a CISO has a broader range of responsibilities, but the real answer is...

Cisco Patches Critical Flaw in Vision Dynamic Signage Director

Cisco this week released a security patch for the Vision Dynamic Signage Director, to address a Critical vulnerability that could allow attackers to execute arbitrary actions on the local system.  Tracked as CVE-2019-1917, the vulnerability was found in the REST...

The Great Hack: the film that goes behind the scenes of the Facebook data scandal

This week, a Netflix documentary on Cambridge Analytica sheds light on one of the most complex scandals of our time. Carole Cadwalladr, who broke the story and appears in the film, looks at the fallout – and finds ‘surveillance...
SecurityWeek

Scotland Yard Twitter and Emails Hacked

London's Metropolitan Police apologised Saturday after its Twitter, emails and news pages were targeted by hackers and began pumping out a series of bizarre messages. read more

Browser Extensions Scraped Data From Millions of People

Slack passwords, NSO spyware, and more of the week's top security news.
ZDNet

Hackers breach FSB contractor, expose Tor deanonymization project and more

SyTech, the hacked company, was working on research projects for the FSB, Russia's intelligence service.