The breach of porn site Brazzers - which allows users to swap fantasies in online forums - begs the question of how many users employed throwaway usernames and passwords. Some 1,446 U.S. military and 41 U.S. government email addresses were found in the data dump.
Vikrant Arora, CISO of NYC Health & Hospitals, offers the four most important questions a board must ask the CISO to get a good understanding of how the organization is addressing top cybersecurity concerns.
A lesson from down under: A report on unintentionally creating a distributed-denial-of-service attack aimed at oneself highlights the latest edition of the ISMG Security Report. Also, a report on interpreting HIPAA privacy standards more stringently.
A new research project called Amnesia tackles the password management problem by not storing full data in any one place where it can be hacked. But does this proposed solution truly offer better password security?
Implementing a successful cybersecurity strategy in light of advanced threats calls for operationalizing three key principles: visibility, identity and risk, says Zulfikar Ramzan, chief technology officer at RSA.
The Turkish government, following the failed military coup against it, has blocked access to the whistleblowing website WikiLeaks after it published nearly 300,000 emails tied to the country's ruling party. WikiLeaks says it accelerated the information release to protest "post-coup purges."
The 2016 RSA Conference Asia Pacific & Japan, to be held July 20-22 in Singapore, will offer a security road map, imparting lessons to practitioners to help them navigate through cybersecurity complexities. Here's a preview of some of the top session.
As CSO and CTO of Arbor Networks, Sam Curry is in a rare position: He can set security strategy and then go out and find the tools to execute it. Where does the human factor enter the equation, and how must we re-think our traditional strategies?
As many as 250,000 credentials for Remote Desktop Protocol servers around the world may have been offered for sale on the now-shuttered xDedic cybercrime marketplace. So what can organizations do to mitigate related risks and avoid a major network intrusion?
Despite police disrupting alleged DDoS extortion gangs such as DD4BC, inexpensive stresser/booter services have enabled copycats to continue these attacks, says Akamai's Martin McKeay. Here's how organizations can defend themselves.
A report that the Russian government hacked into Democratic National Committee systems has security experts warning that just because malware was found on a hacked network, that doesn't mean a specific individual, group or nation-state was involved.
For years, organizations have been threatened by DDoS attacks on several fronts, ranging from volumetric attacks to application-level and DNS strikes. Now come ransom-based attacks. Trey Guinn of CloudFlare discusses how to respond to each type of attack.
As we prepare to mark the tenth anniversary of the PCI Security Standards Council, it's time to assess the impact PCI-DSS has had on payments security and consider whether it will remain a viable standard 10 years from now. A series of upcoming reports will address these topics.
Akamai warns of a rash of less sophisticated attempts to extort companies by threatening to strike with distributed denial-of-service attacks, which can be expensive for organizations to defend against.