Hackers behind the mega-breach at Equifax stole data in May, but they - or other attackers - penetrated the credit bureau's systems in March, exploiting a vulnerability for which Apache Struts had issued a patch, just four days prior.
Craig Gibson of Trend Micro has spent more than a decade researching the topic of security orchestration. He offers tactical advice for how organizations can best deploy their human resources to best maximize security across the enterprise.
In North America, many organizations mistakenly believe the European Union's General Data Protection Regulation won't impact them, says Robert Mills of the Information Security Forum. "If they are multinational and holding EU data, it does apply to them," he points out.
Most organizations are good at collecting threat intelligence, but they struggle to operationalize it - and especially to use it for threat attribution. Arbor Network's Paul Bowen tells where organizations are commonly missing the mark.
Oil & Natural Gas Corp. is augmenting its ISOC to serve its enterprise wide network, SCADA and business systems to enable detection of threats in real time, says A.S. Rao, CISO. "We have gone in for a hybrid model to build required skills to completely operationalize the ISoC," he says
Given the current threat environment, it's urgent that organizations add technical experts to their boards of directors to help ensure the development of effective cybersecurity strategies, says Art Coviello, retired chairman of RSA.
Securing a hybrid environment comes with inherent complexities - but there also are some misconceptions about security, says Tony Goulding of Centrify. He dispels the myths and sheds light on the new realities.
Mobile malware threats are surging in India. For example, about 40 percent of all the attacks involving Xafecopy malware were targeted at the nation. The increasing attacks on mobile phones have called attention to the need to boost awareness of mobile security and take critical mitigation steps.
Canada led North America in EMV adoption, and now it is seeing a commensurate growth in card-not-present fraud. Gord Jamieson of Visa Canada describes how Visa is responding to this latest wave of CNP fraud.
Many recent data breaches, including the Equifax incident, show that "applications are really the vulnerable entry point into organizations and ultimately to organizations' data," says Alex Mosher of CA Technologies.
For one month, the installer for a widely used, free Windows utility called CCleaner also installed a malicious payload that was designed to allow attackers to push additional malware onto infected PCs, warns Cisco Talos. Developer Piriform, owned by Avast, has released updates that expunge the malware.
Pressure continues to mount on credit reporting bureau Equifax over its massive data breach. In its wake, Equifax announced that its CIO and CSO would "retire" immediately and said that the Apache Struts flaw exploited by attackers was known to the security team.
In an in-depth interview, Pavan Duggal, advocate, Supreme Court, spells out the specific steps he believes the government needs to take now that the Supreme Court has declared privacy as a fundamental right.
The U.S. Treasury Department has announced sanctions against 11 individuals and organizations linked to Iran, some of whom have been accused of helping to launch distributed denial-of-service attacks against dozens of U.S. banks from 2011 to 2013.
Researchers in Australia says they've conquered a thorny problem: how to view information stored on multiple air-gapped networks at the same time without security or usability concerns. They've created a device, called the Cross Domain Desktop Compositor, that's been tested by the Australian Department of Defense.