Cybersecurity and Risk Management

The European Union General Data Protection Regulation (GDPR) sets tighter controls on businesses and how they handle customers' personally identifiable information. Read the rest of this tip on SearchUnifiedCommunications.techtarget.com...

HBO has confirmed that the company's internal sites have been broken into, and  that proprietary information (including reportedly scripts of upcoming episodes of the hit series "Game of Thrones") have been seized. According to an article in Variety, “HBO recently experienced a cyber incident, which...

Yeah, I'll admit it: I can be cranky. Very cranky. So when my colleague texted me and asked if I was planning to blog about the WannaCry ransomware attack last week, my response was approximately, "Big whoop. Ransomware happens all the time. People never learn.  I've been...

Although traditional models of separation of duties are incompatible with DevOps, the principle can certainly be applied--and must be, in the long term. Separation of Duties: The Boogieman? Today in an interview for our Cloud and Network benchmark, the IT professional on the other end of the...

"You are in a maze of twisty little passages, all alike." That's the phrase that kept running through my head as the folks from Acalvio prebriefed me on Deception 2.0, the second version of the company's advanced threat defense technology. The basic premise behind the company's...

As UC platforms become more open to the outside world, IT leaders need to heed newer threats, including guest-access features, federation capabilities and cloud services. Nemertes Research, a tech advisory firm, recently interviewed IT security leaders about their top enterprise security concerns and challenges. Unsurprisingly, participants...

[caption id="attachment_2159" align="alignright" width="300"] Darkside economics decouples genius from criminality[/caption] Another day, another ransomware: Security researchers at threat intelligence provider Recorded Future have uncovered Karmen, a ransomware app that is so easy-to-use that novices can set up and run it. Getting started with Karmen costs just...

As pretty much everyone on the planet knows by now, last week when footage of a passenger being forcibly removed from his seat by security at the request of United Airlines went viral, United's stock price imploded, slashing the company's market capitalization by $800 million....

The past few weeks have seen a spate of infrastructure-related cybersecurity vulnerabilities. On March 8th,  Apache released a critical vulnerability alert (CVE) regarding a significant vulnerability in its Struts 2.0 opensource enterprise Java framework, which is widely used in enterprise deployments.  The vulnerability permits remote code execution (RCE) in the framework; recommended mitigation strategies include upgrading the framework or changing implementations.

Infosec professionals are well familiar with the phenomenon of Transport Layer Security (TLS) interception. For everyone else, some background: TLS is the successor to SSL, once the default encryption protocol. TSL provides the underpinnings for many common security protocols, including secure HTTP (HTTPS). Protocols like TLS...

[vc_row][vc_column][vc_column_text]Does security awareness training really matter, or is it a frill? Consider this: Last week, DefensePoint Security, a Virginia-based government cybersecurity contractor, announced its employees’ W-2 tax data had been compromised. But the company wasn’t hacked. It turns out that someone inside the company fell...