When it comes to identifying and stopping malicious and even accidental insider threats, organizations are often overlooking a significant gap. Nathan Hunstad of Code42 discusses how to plug this costly leak.
The U.S. National Security Agency is the latest intelligence agency to warn that unpatched flaws in three vendors' VPN servers are being actively exploited by nation-state attackers. Security experts say such alerts, which are rare, are a clear sign that serious damage is being caused.
File transfers are a significant factor in accidental insider risk. Jeffrey Edwards of Progress Software explains how secure file transfers can help ensure privacy and play a role in regulatory compliance.
Compliance with the European Union's General Data Protection Regulation is no guarantee of compliance with other privacy regulations, says Fatima Khan of Okta, who discusses the challenges.
Amidst a multi-city tour, ISMG and Sonatype visited Boston for an engaging discussion on how to mitigate risks introduced by open source software. Sonatype CMO Matt Howard discusses how the conversation highlights the offense vs. defense approaches to securing critical applications.
Code reuse kills - software quality, that is, according to a new study of C++ code snippets shared on Stack Overflow that were reused in more than 2,800 GitHub projects. But there's help for organizations that want to support their developers' urge to cut and paste prewritten code snippets.
London's Metropolitan Police Service says it shared seven images with a private developer during tests of facial recognition technology for crime prevention in the city's King's Cross section. There are no records related to the outcome of those tests, authorities say.
Nation-state attackers have been targeting known flaws that customers have yet to patch in their Pulse Secure, Palo Alto and Fortinet VPN servers, Britain's National Cyber Security Center warns, adding that any organization that didn't immediately apply patches should review logs for signs of hacking.
Rather than focusing solely on rankings offered by the common vulnerability scoring system, or CVSS, when setting priorities for risk mitigation, organizations need to size up the specific potential risks that vulnerabilities pose to their critical assets, according to a new report from RiskSense.
Some security experts are portraying Turkey's decision to fine Facebook $281,000 after a data breach that exposed the personal information of hundreds of thousands of users in that nation as an inadequate slap on the wrist.
Facebook is falling under renewed pressure for its plans to make its messaging platforms fully encrypted. The U.S., U.K. and Australia are asking Facebook to ensure law enforcement can access messages.
More than 600 ransomware attacks pummelled local governments, schools districts and healthcare providers across the U.S. in the first three quarters of this year, according to a study by security firm Emsisoft. Meanwhile, the FBI this week issued a fresh warning about the threat.
She wrote the book on Cloud 3.0, and now attorney Lisa Lifshitz shares insights on key considerations for choosing cloud providers, as well as how to ensure compliance with emerging regulations.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.