The good news for security leaders: Because of SSL/TLS, nearly every bit of web data in transit is now encrypted. The bad news: Threat actors are now masking their attacks inside of encrypted traffic. Kevin Stewart of F5 Networks explains why network visibility is not enough to detect these attacks.
The 2019 RSA Conference offers an opportunity to learn about new concepts across all aspects of cybersecurity. One such area is "data gravity," which will be the topic of a session featuring Microsoft's Diana Kelley and Sian John. They discuss the concept in a joint interview.
What if organizations' information security practices have gotten so good that they're finally repelling cybercriminals and nation-state attackers alike? Unfortunately, the five biggest corporate breaches of the past five years - including Yahoo, Marriott and Equifax - suggest otherwise.
Red Hat, Amazon and Google have issued fixes for a serious container vulnerability. The flaw in the "runc" container-spawning tool could allow attackers to craft a malicious container able to "break out" and gain root control of a host system, potentially putting thousands of other containers at risk.
What are some of the hottest issues that will be discussed at this year's RSA Conference, to be held March 4-8 in San Francisco? Britta Glade, content director for the world's largest data security event, says DevSecOps - as well as third-party risk and cloud-related issues - are emerging as key themes.
The Trump administration is leading a broadside against Chinese telecommunications giants Huawei and ZTE. But concerns that Chinese networking gear could be used as backdoors for facilitating state-sponsored surveillance or disrupting critical infrastructure are not limited to America.
Cryptocurrency exchanges are seeing fraudsters submit doctored photos in an attempt to reset two-step verification on accounts. The ruse appears to have some degree of success, underscoring the difficulties around verifying identity on the internet.
Hackers have breached the Australian Parliament's network, although investigators say they have found no evidence that attackers stole any data. But Parliament's presiding officers said all users have been ordered to reset their passwords as a precaution.
Germany's competition authority, the Bundeskartellamt, has prohibited Facebook from combining user data from different sources unless users consent, and it has also prohibited Facebook from blocking users who do not provide this consent. Facebook has one month to appeal the antitrust decision.
Apple says it has engineered a server-side fix for a flaw in its FaceTime messaging app and plans to issue a patch for clients this week. The patches will resolve a situation jokingly dubbed "FacePalm" that revealed a bug-reporting gap.
The notorious xDedic Marketplace Russian-language cybercrime forum and shop remains offline following an international police takedown. Security experts expect xDedic customers to shift to UAS, a rival darknet market that also specializes in stolen and hacked remote desktop protocol credentials.
The digital revolution has given healthcare organizations new tools to increase team efficiency and improve their customer experience. But it's also opened up new vectors that cybercriminals can use to attack. As your attack surface expands to infrastructure that you don't own or control, becomes increasingly...
Apple's conflict with Facebook this week resulted in the most effective and quickest punishment the social network has ever received over a privacy issue. But should a multi-billion dollar tech company like Apple be picking up the slack for the digital privacy enforcement failures of governments?
Sophos is out with new reports on Matrix and Emotet, two different types of cyberattacks that are hitting enterprise defenses. Matrix is a targeted ransomware, an emerging type of attack Sophos expects to gain prominence, and Emotet is malware that has evolved over the years into an opportunistic, polymorphic threat...