Under assault by advanced threats, organizations must change their approach, says Damballa's Stephen Newman. Detection is out; response is in. How do organizations deal with 'a constant state of infection?'
As Keith Alexander tells it, when he led the National Security Agency, he didn't exist. Alexander discovered that 'fact' after he retired on May 21 as director of the NSA and commander of the Cyber Command and began shopping to buy a new home.
Thefts of iPhones in New York, San Francisco and London declined after Apple added a remote-disabling feature. Now Google and Microsoft have promised to offer the feature in their mobile operating systems.
Two months after the OpenSSL flaw known as Heartbleed was discovered, remediation efforts have slowed. But several security experts laud businesses' rapid response to the threat, noting that they've installed related fixes more quickly than usual.
If the NSA's meddling in NIST cryptography standards soiled the reputation of the National Institute of Standards and Technology, an amendment approved by the House of Representatives could help restore it.
Banking institutions must improve how they analyze cyber-threat intelligence. But without better tools, security leaders can't adequately anticipate new attacks, says Greg Garcia, the new executive director of the FSSCC.
A privacy activist's case against Facebook for allegedly sharing Europeans' personal data with the NSA in violation of EU data protection rules has been referred to the European Court of Justice for review.
The U.K. government's legal justification for spying en masse on British residents' online communications - Google searches, Facebook posts, Webmail - is questioned by privacy and Internet law experts as part of a case triggered by Edward Snowden's leaks.
Although restaurant chain P.F. Chang's has not yet confirmed a breach, several researchers say they believe the chain suffered a malware attack similar to those that compromised Target, Neiman Marcus and Sally Beauty.
Breaking down silos should help organizations mitigate vulnerabilities introduced into their systems from the information and communications technology supply chain, says the co-author of new guidance from NIST.