A bipartisan group of U.S. lawmakers has reintroduced legislation in the House that would stop the government from forcing software vendors to intentionally weaken their products for surveillance purposes. Two prior attempts to enact the legislation in Congress have failed.
Even though SSH keys are the credentials that provide the most privileged access in an organisation (including root-level privileges), they are routinely untracked, unmanaged and unmonitored. This guide provides four steps to protect and take control of your SSH keys to minimise your risk of intrusion.
A recently published survey of more than 400 security professionals in the UK, Germany and the US measured how well their organizations implemented security controls for SSH keys. The results show that most organizations are underprepared to protect against SSH-based attacks, with fewer than half following industry...
You know that your organisation is using SSH to safeguard privileged access, but you may not realize that your SSH keys could be vulnerable to insider and cyber threats.
The majority of those we surveyed didn't. Results from a recent study show that most organisations don't have the SSH visibility or security...
Data encryption, advanced authentication, digital signing and other cryptography-based security functions have come to play a vital role in organisations' cybersecurity and regulatory compliance initiatives throughout the UK and EU.
To secure their digital assets effectively, organisations must protect their...
New PCI requirements that go into effect June 30 are pushing payment card acquirers, processors, gateways and service providers worldwide to implement more secure encryption protocols for transactions. But are they ready?
Following in Google's footsteps, Amazon has closed a technical loophole that helped some online services evade censorship filters, but which was also abused by cybercriminals. Collateral damage is already being felt by the likes of Signal, a popular, encrypted-messaging app blocked by some governments.
Jan Koum, WhatsApp's co-founder, is leaving Facebook. His departure marks another exit of a high-level privacy and security advocate. If Facebook continues to lose those who could better influence the social networking site's worrying views toward user data, what does that mean for the rest of us?
Can technology solve the problem of giving law enforcement access to all encrypted communications without additional risks to the public? Software legend Ray Ozzie says he has an idea. But it's unlikely to quell the debate over hard-to-break encryption.
A new standard from the PCI Data Security Standards Council could help ease the way for smaller merchants worldwide, especially in developing nations, to move to cashless payments using a variety of devices, says Troy Leach, CTO for the council, who spoke last week at a conference in South Africa.
The FBI has arrested the CEO of the Canadian smartphone service Phantom Secure on charges that he and four other suspects ran an encrypted telecommunications service used by more than 20,000 customers to facilitate illegal activities, including international shipments of cocaine and other drugs.
Leading the latest edition of the ISMG Security Report: President Trump has not authorized the National Security Agency to go after Russian election hackers at the source. Also, 23,000 digital certificates get revoked after their private keys get leaked, and an analysis of deception technologies.
Digital certificate vendor Trustico is sparring with DigiCert, which recently took over Symantec's digital certificate business, over a serious security incident. The private keys for at least 23,000 Trustico digital certificates have been compromised, prompting a scramble to protect affected websites.