Latest

►

Cloud Access Security Brokers (CASB)

Getting Implementation of CASB Right

Suparna Goswami  •  June 22, 2018

Jagdeep Singh, CISO at Rakuten India, offers insights on how to make the right choices when deploying cloud access security broker technology.

►

Authentication

Putting Behavioral Biometrics to Use

Suparna Goswami  •  June 22, 2018

To help prevent fraud, more organizations are moving toward the use of behavioral biometrics for authentication, says Tamaghna Basu of NeoEYED, who explains how the technology works.

General Data Protection Regulation (GDPR)

GDPR: An Opportunity for Better Threat Intelligence Sharing

Jeremy Kirk  •  June 22, 2018

Europe's General Data Protection Regulation is reshaping the way organizations handle data. That's going to have an impact on the sharing of threat intelligence. But the Anti-Phishing Working Group hopes the law will provide legal clarity that will make more organizations comfortable with sharing threat data.

►

General Data Protection Regulation (GDPR)

CISO Thom Langford's Top Tips for GDPR Compliance

Mathew J. Schwartz  •  June 22, 2018

When communications giant Publicis Groupe launched its GDPR compliance project, CISO Thom Langford says, "it was more a case of honing and polishing, rather than building from the ground up," thanks to its existing information security management system and complying with ISO 27001.

►

General Data Protection Regulation (GDPR)

Why Data Classification Has Gone Mainstream

Mathew J. Schwartz  •  June 22, 2018

Driven by the EU's General Data Protection Regulation and other regulations, as well as the move to the cloud, more organizations are turning to data classification to help them silo and protect their most sensitive information, says Tony Pepper, CEO of Egress.

Anti-Fraud

Preview: ISMG's Fraud and Breach Prevention Summit in Chicago

Nick Holland  •  June 22, 2018

Leading the latest edition of the ISMG Security Report: A preview of next week's Fraud and Breach Summit in Chicago, which will feature keynoter Brett Johnson, a former cybercriminal who now advises organizations on fighting crime.

►

Next-Generation Technologies & Secure Development

Breaking Down Silos to Make Intelligence Actionable

Varun Haran  •  June 21, 2018

Many organizations are looking for pre-defined logic for effectively consuming threat intelligence across information silos, rather than collecting intel and then having to define the logic to make it actionable themselves, says Greg Singh of Skybox Security.

Data Breach

Phishing Defense: Block OAuth Token Attacks

Jeremy Kirk  •  June 21, 2018

Just one click: That's all it takes for a victim to inadvertently grant attackers access to their email account via a third-party application. Here's how to spot signs of OAuth-related hacking and how to defend against it.

►

Fraud Management & Cybercrime

Ransomware: No Longer Sexy, But Still Devastating

Mathew J. Schwartz  •  June 21, 2018

We need to talk about ransomware, says James Lyne, global research adviser at Sophos: "It's not the big, sexy security topic that it once was, but there's some really interesting evolution in their tactics." Lyne rounds up the latest tactics and describes how machine learning is offering new defensive hope.

►

Authentication

Credential Stuffing Attacks: How to Combat Reused Passwords

Mathew J. Schwartz  •  June 20, 2018

For attackers, "credential stuffing" - using stolen usernames and passwords to log into any site for which a user reused their credentials - is the gift that keeps on giving, says security researcher Troy Hunt. Here's how organizations can mitigate the threat.

Cybercrime

Massive CIA Hacking Tool Leak: Ex-Agency Employee Charged

Mathew J. Schwartz  •  June 19, 2018

The U.S. Department of Justice has charged a former CIA officer, 29-year-old Joshua A. Schulte, with providing 8,000 documents that describe the agency's offensive malware tools and practices to WikiLeaks, which published them in 2017 as the "Vault 7" archive.

Cybercrime as-a-service

'Rex Mundi' Hacker Extortion Group: Busted

Mathew J. Schwartz  •  June 18, 2018

Cyber extortion group Rex Mundi has been shut down following the arrest of seven suspects in France and a French national in Thailand, police say. Investigators began pursuing the group last year after it stole customer data from a British firm and demanded $770,000 to not publicly release it.