Gartner's Avivah Litan on Impact of Marriott Breach

Tom Field • December 17, 2018

In the aftermath of the Marriott breach, it's fair to characterize Gartner's Avivah Litan as mad as hell and not wanting the U.S. to take it anymore. Going into 2019, Litan has policy and technology recommendations for national cyber defense.

►

Artificial Intelligence & Machine Learning

Marriott's Mega-Breach: Many Concerns, But Few Answers

Latest

Cybercrime

Hackers Intercepted EU Diplomatic Cables for 3 Years

Mathew J. Schwartz • December 19, 2018

For the past three years, hackers have been intercepting sensitive diplomatic cables sent between EU member states after stealing passwords for accessing the EU network via a phishing attack against diplomats in Cyprus, The New York Times reports.

Cyberwarfare / Nation-state attacks

Russian Social Media Interference Continues, Reports Warn

Jeremy Kirk • December 18, 2018

The battle against Russian disinformation is far from over. Two in-depth Senate reports have revealed that such campaigns continue despite efforts by social media companies to cleanse their platforms. Researchers say Facebook's Instagram may be the next battleground.

Anti-Malware

Twitter Sees Signs of State-Sponsored Attack

Mathew J. Schwartz • December 18, 2018

Twitter says that an unspecified number of its users may have been targeted by state-sponsored hackers seeking to unmask their identity. Separately, Trend Micro says Twitter has blocked an account that was posting image memes designed to remotely control malware-infected PCs.

Governance

Democratic Senators Introduce Data Security Legislation

Marianne Kolbasuk McGee • December 17, 2018

Democratic senators have introduced yet another version of data security legislation that would create a federal breach notification requirement. Meanwhile, the Center for Democracy & Technology has drafted a model for a broad national privacy bill.

Breach Notification

Ireland's Privacy Watchdog Probes Facebook Data Breaches

Mathew J. Schwartz • December 17, 2018

Ireland's privacy watchdog is probing data breaches at Facebook that exposed users' private data. In the latest breach to be disclosed, Facebook has warned that for a 12-day period in September, up to 6.8 million users' private photos may have been revealed to 1,500 apps built by 876 developers.

Data Breach

A Second State Hits EmblemHealth With Breach Fine

Marianne Kolbasuk McGee • December 14, 2018

For the second time this year, health insurer EmblemHealth has been hit with a state financial penalty in connection with a 2016 breach that exposed Social Security numbers on mailings to more than 81,000 plan members.

Cyberwarfare / Nation-state attacks

Super Micro: Audit Didn't Find Chinese Spying Chip

Jeremy Kirk • December 14, 2018

Super Micro Computer says a third-party audit of its recent and older motherboards has not turned up evidence of a spying chip as alleged in an explosive report two months ago by Bloomberg BusinessWeek. Bloomberg, however, has stood by its story despite no physical example of the malicious chip turning up.

Advanced SOC Operations / CSOC

Insights on Upgrading a SOC

Tom Field • December 14, 2018

By building in some risk intelligence upfront, organizations can upgrade their security operations centers and reduce the noise from the sheer volume of alerts and false positives, says Ganesh Prasad of RSA, who shares insights.

Breach Response

Breach Response: When to Involve the Board and PR

Tom Field • December 14, 2018

In the wake of the recent Marriott and National Republican Congressional Committee data breaches, now is the time to get your board's attention regarding breach response and public disclosures. Attorney Mark Rasch offers insights for preparing and practicing response plans.

Artificial Intelligence & Machine Learning

How to Maximize Data Used to Fight Fraud

Tom Field • December 14, 2018

The data being used to drive effective anti-fraud efforts can be rich in context and useful for other activities. Jim Apger of Splunk describes emerging fraud schemes and solutions, highlighting the role of machine learning.

Fraud Management & Cybercrime

Mitigating Identity Deception

Tom Field • December 14, 2018

The fraudsters have more tools and information than ever at their disposal to pull off socially engineered schemes. But how can the victims turn the tables? Agari's Andrew Coyle discusses new tools and strategies to improve defenses.

Endpoint Security

OT Security: Best Practices for CISOs

Varun Haran • December 14, 2018

The lack of standardization is one of the significant challenges when securing OT environments. Customizing and aligning OT security with the business is key, says Uday Deshpande, CISO at Mumbai-based L&T Group.