As organizations that shifted to a remote workforce consider allowing some workers to return to the office environment, CISOs must reassess their security infrastructures, says Chris Kubic of Fidelis Cybersecurity, who formerly was CISO at the National Security Agency.
Following Twitter's admission that cryptocurrency scammers socially engineered its employees to gain control of 45 high-profile accounts, one reaction has been: Why didn't anyone crack Twitter sooner? Unfortunately, the answer is that they have, especially if you count nation-states bribing insiders.
Which entities will be custodians of our identities? David Birch of Consult Hyperion discusses why banks could be likely candidates for this emerging role.
Security awareness and compliance training is an essential component of mitigating risks for the remote workforce in the financial services sector, says Theo Zafirakos of Terranova Security, who outlines key steps.
Twitter says attackers who hijacked more than 130 high-profile Twitter accounts used social engineering to bypass its defenses, including two-factor authentication on accounts. Experts say companies must have defenses in place against such schemes, which have long been employed by fraudsters.
How have the COVID-19 pandemic, lockdown and job losses affected the character and composition of the internet? Rapid7's Tod Beardsley rounds up the latest research into the prevalence of outdated and unsecured internet protocols and internet-connected devices - and there's both good and bad news.
Despite warnings from security researchers and U.S. Cyber Command earlier this month, thousands of users have not yet patched their F5 BIG-IP networking products to fix a critical vulnerability that could allow for remote code execution, according to the security firm Expanse.
What are the biggest leadership lessons from the COVID-19 pandemic? And what will CEOs and CISOs look back on and say, "Why did we ever do things that way?" Those questions were posed to a panel of cybersecurity leaders, and here are their candid answers.
As companies lay off employees and deal with financial challenges during the COVID-19 pandemic, they're also facing an increase in the number of insider fraud incidents, says Randy Trzeciak, director of the National Insider Threat Center at Carnegie Mellon University, who offers fraud detection tips.
Europe's highest court has invalidated the Privacy Shield, a data-sharing agreement between the EU and U.S., on the grounds that the U.S. offers insufficient protection for Europeans' privacy rights. Privacy advocates say the ruling should drive the U.S. to rethink its policies.
Government officials in the U.S., U.K. and Canada issued a joint advisory Thursday warning that a Russian hacking group is targeting various research organizations in those countries involved in COVID-19 vaccine development.
Cybersecurity experts are pushing organizations to immediately patch a critical zero-day vulnerability in SAP's NetWeaver Application Server because threat actors are likely searching for networks that are susceptible to the flaw.
Microsoft is urging its customers to patch a "wormable" vulnerability affecting the Windows Server operating system that could allow an attacker to exploit an organization's entire infrastructure.
Britain's U-turn on Huawei, announcing that it will now ban the manufacturer's gear from its 5G networks, highlights this as yet unresolved problem: Years of underinvestment and policy failures have left Britain and its allies with no inexpensive, trusted alternative.
The British government has officially reversed course and will now ban Huawei's telecom gear from its 5G networks. The ban on use of the Chinese firm's equipment, based in part on U.S. sanctions against the manufacturer, goes into effect at year's end.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.