Credit bureau Equifax has been hit with the maximum possible fine under U.K. law for "multiple failures" that contributed to its massive 2017 data breach, including its failure to act on a critical vulnerability alert issued by the U.S. Department of Homeland Security.
Hackers are constantly developing new exploits, and updating defenses is not an easy task. Dan Larson of Crowdstrike discusses some the new techniques hackers are using and how to fight them off.
Open source and third-party components help developers build and deploy applications faster. But with increased speed comes greater risks, says Chris Eng of CA Veracode, who offers insights on mitigating those risks.
In addition to its use for improving cloud security, cloud access security broker software can play a role in managing shadow IT and controlling sanctioned IT, says Satyavathi Divadari, director of cybersecurity at Cognizant Technology Solutions.
More evidence that running cybercrime schemes remains inexpensive and accessible to anyone with criminal intent: To send spam emails, admitted botnet herder Peter Levashov quoted customers $500 for 1 million emails. And that was just his 2016 pricing.
India is seeing a surge in government website defacements and data leaks that apparently are tied to nation-states. But if key stakeholders from all sectors collaborate, using appropriate skills and technologies, they can fight off these threats.
Attack code known as EternalBlue, designed to exploit a Windows SMB flaw, continues to work for attackers despite Microsoft having issued patches more than a year ago. One major U.S. business was a recent victim as part of a cryptocurrency-mining malware campaign, a researcher reports.
Intel has had a challenging time lately on the vulnerability front. It has issued yet another patch for its Management Engine after a researcher was able to extract two types of encryption keys. The problem was a repeat of one that Intel patched just last year.
Password management is a critical component of a security strategy that some organizations still find challenging, says Gerald Beuchelt of LogMeIn Inc.
The National Payment Corporation of India, the umbrella organization for all retail payments systems, has asked banks to discontinue Aadhaar-based payments through Unified Payments Interface and Immediate Payment System channels.
Effective "SecOps" involves revamping security processes that are inconsistent and ad hoc to make them targeted and consistent, says Rapid7 CEO Corey Thomas, who describes the roles of automation and orchestration.
The issue of access management and vulnerable software applications has come back to haunt the Unique Identification Authority of India which manages the Aadhaar database containing biometrics and personal information of over 1 billion Indians.
The recent case in which Singapore's OCBC bank suffered a few hours of outage because of an apparent lack of proper monitoring could lead to bigger security issues unless the management and security team of the bank take appropriate steps.
The Monetary Authority of Singapore is proposing to require financial institutions to implement six security measures to better guard against cyberattacks. But some security experts say the tricky part will be making sure banks actually take the required steps.
Security technology innovations entering the market are getting attached as features to an infrastructure that is fundamentally broken and an enforcement model that cannot operate in real time, says Matthew Moynahan, CEO at Forcepoint.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.in, you agree to our use of cookies.