Latest

Cybercrime

Insurer: Breach Undetected for Nine Years

Marianne Kolbasuk McGee  •  June 26, 2019

A dental and vision insurer's revelation that it recently discovered a 9-year-old data security incident offers an extreme example of the difficulty some organizations have in detecting data breaches.

Business Continuity Management / Disaster Recovery

Second Florida City Pays Up Following Ransomware Attack

Scott Ferguson  •  June 26, 2019

A second small city in Florida is paying off cybercriminals to recover from a ransomware attack that crippled the municipality's local network. How much did Lake City agree to pay, and how much of that was covered by insurance?

Blockchain & Cryptocurrency

Police Arrest 6 in $28 Million Cryptocurrency Fraud Probe

Mathew J. Schwartz  •  June 26, 2019

Six suspects have been arrested as part of a 14-month international police probe into the theft of at least $28 million worth of bitcoin cryptocurrency from more than 4,000 victims in at least 12 countries. Investigators say attackers appear to have "typosquatted" legitimate bitcoin exchange sites.

Encryption & Key Management

Sen. Wyden Asks NIST to Develop Secure File Sharing Standards

Scott Ferguson  •  June 25, 2019

U.S. Sen. Ron Wyden, D-Ore., is urging the National Institute of Standards and Technology to create new standards and guidelines for individuals and organizations to securely share sensitive documents online. He contends current security measures are inadequate.

Cyberwarfare / Nation-state attacks

Chinese Hackers Play Operator With Global Telcos

Mathew J. Schwartz  •  June 25, 2019

Attackers - likely operating from China - have been surreptitiously hacking into global telecommunications providers' networks to quietly steal metadata and track subscribers - and those with whom they communicate - as part of an ongoing cyber espionage operation, warns security firm Cybereason.

►

General Data Protection Regulation (GDPR)

GDPR: Where Do We Go From Here?

Mathew J. Schwartz  •  June 25, 2019

Even though the EU's General Data Protection Regulation has been in effect for more than a year, it's no privacy panacea, says (TL)2 Security founder Thom Langford. While GDPR has reframed the global privacy discussion, room for improvement remains, he explains in this interview.

►

Application Security

Reinventing Application Security

Nick Holland  •  June 25, 2019

Bob Egner of Outpost24 discusses the challenges involved in improving application security and whether DevSecOps is a "silver bullet."

Identity & Access Management

The Evolution of IAM in the Cloud

Geetha Nandikotkur  •  June 25, 2019

More organizations are deploying single sign-on mechanisms when they move to software-as-a-service applications to help enhance authentication and control access, says Moshe Ferber, chairman of the Israeli chapter of the Cloud Security Alliance.

Governance

Risk and Resilience: Finding the Right Balance

Mathew J. Schwartz  •  June 25, 2019

Finding the right balance between risk and resilience is a challenge for every cybersecurity project - especially in the aerospace, space and defense sectors - and that's why such efforts must be driven by CISOs and CIOs, says Leonardo's Nik Beecher.

Breach Notification

Identity as a Game-Changing Breach Defense

Information Security Media Group  •  June 25, 2019

Often in breach response, security professionals focus on the technical aspects of the attack. Yet, the non-technical aspects are often more insidious, says Teju Shyamsundar of Okta. And Identity can be a powerful tool to bolster defenses.

Cyberwarfare / Nation-state attacks

DHS: Conflict With Iran Could Spur 'Wiper' Attacks

Jeremy Kirk  •  June 24, 2019

Iran is increasing its malicious cyber activity against the U.S, which could manifest in attacks that render computers unusable, a top U.S. cybersecurity official says. The warning comes after the U.S. reportedly targeted Iranian computer systems in response to the downing of a surveillance drone.

Cybercrime

Alleged AlphaBay Moderator Faces Racketeering Charge

Scott Ferguson  •  June 24, 2019

An alleged moderator of the AlphaBay underground marketplace has been indicted for facilitating sales on the darknet site before law enforcement shut it down.