The head of the NSA's Cybersecurity Threat Operations Center says attackers haven't bothered targeting unclassified U.S. Defense Department networks with a zero-day exploit in 24 months. Instead, they attempt to exploit flaws within 24 hours of information of the vulnerability or exploit going public.
Twitter is now caught up in the Cambridge Analytica scandal: The social network sold public Twitter data to Aleksandr Kogan, the same person who sold Facebook data to Cambridge Analytica. Twitter says Kogan obtained no private information on users.
As the head of DevSecOps at Intuit, Shannon Lietz tracks the real-world tactics, techniques and procedures hackers use against her organization. She's cataloged the top 10 application security attack techniques being used against Intuit, which differ markedly from the OWASP top 10.
What are some of the complexities of the EU's General Data Protection Regulation, which will be enforced beginning May 25? Gerald Beuchelt, CISO at LogMeIn, offers compliance insights in an in-depth interview.
The Union Ministry of Home Affairs has informed the Finance Commission about its budgetary requirements for over INR 3.5 lakh crore for internal security between 2020-25, with a significant, but unspecified, portion to be allocated to cybersecurity.
In this edition of the ISMG Security Report: Privacy watchdogs in the EU begin enforcing GDPR in less than 30 days; are organizations ready? Also, a look at the top 10, real-world online threats facing business and financial software firm Intuit.
Can technology solve the problem of giving law enforcement access to all encrypted communications without additional risks to the public? Software legend Ray Ozzie says he has an idea. But it's unlikely to quell the debate over hard-to-break encryption.
Plenty has been said about threats to internet of things devices - and rightfully so. But what about operational technology that often has been neglected by security controls? Mark Nunnikhoven of Trend Micro weighs in on OT risks.
An attack spoofed internet routing information, resulting in anyone who visited MyEtherWallet.com - a free, open source web app for storing and sending ether-based tokens - instead being routed to an attacker-controlled site, leading to an estimated $320,000 in losses.
Large healthcare companies in the U.S., Europe and Asia are getting hit with a backdoor that comes from a long-observed group, which Symantec calls Orangeworm. The backdoor has been found on X-ray machines and MRIs.