In these times of unabated data breaches, the typical Chief Information Security Officer (CISO) must feel like a moving target in a shooting gallery. It’s not a matter of whether an attack and possible breach will occur, it’s a matter of when. Being a CISO is a fascinating and important job. Often, though, it’s a thankless one. Unfortunately for...

There were 978 million victims of cybercrime last year and these people lost a combined $172 billion, according to Norton. Those numbers alone should be enough to make businesses sit up and take notice. It’s important, too, to stress that it isn’t just the large corporations that suffer at the hands of online criminals. About half of small...

App security isn’t a feature or a benefit – it is a bare necessity. One breach could cost your company not just millions of dollars but a lifetime of trust. That is why security should be a priority from the moment you start writing the first line of code. While you were busy developing the most intuitive, innovative and exciting apps, security...

A new variant of the Android Remote Access Tool (AndroRAT) is exploiting a vulnerability to escalate privileges on unpatched Android devices. The malware disguises itself as a utility app called "TrashCleaner" and waits for users to download it from a malicious URL. Upon running for the first time, the malicious app forces the device to install what...

NameCheap has said it intends to notify customers of a misconfiguration issue that allowed customers to create subdomains for any hosted account. Richard Kirkendall, CEO for the ICANN-accredited registrar, said on Twitter that the company is currently conducting an audit and plans on "contacting any affected customers directly" following the...

There's a growing trend spreading through many different organizations in which automated and advanced security features are being developed, capabilities which were previously in the realm of more traditional security vendors. There’s now more security in more places than ever before, with much of it owing to infrastructure and software-as-a...

You’ve probably been hearing about the cloud a lot, and with the increasing number of businesses moving their data online, it’s obvious that cloud computing and security are here to stay. With a number of benefits like data security, minimized risks, regulatory compliance, flexibility, round-the-clock availability, uninterrupted maintenance and...

Some of the most common phrases that come out of information security professional mouths include: “Well, that did not work” and “The project fell apart, and I don't know what I could have done better.” The pain of not knowing what security best practices your team can/should implement can cost the company time and money. It could also end up...

The European Union's General Data Protection Regulation (GDPR) goes into effect this May, and lawmakers in the U.S. are proposing stricter data breach legislation. With the pressure on to better protect data and improve notification procedures in the event of a data breach, Tripwire surveyed 406 cybersecurity professionals to see how prepared...

Security breaches are becoming more common. They occur most often in the United States (followed by the UK), exposing businesses and their customers to significant risks. Most recently, in December 2017, Kromtech uncovered a breach at Ai.Type with 577GB of data stolen. It's possible the incident exposed the information of 31 million customers. And in...

A recent article in the New York Times postulated America may choose to respond to a devastating cyberattack with a nuclear response. In November of 2017, a widely viewed social media video entitled Slaughterbots suggested “swarms of AI-controlled drones [could] carry out strikes on thousands of unprepared victims with targeted precision.” Both of...

Cisco has patched a remote code execution (RCE) vulnerability bearing a "perfect" CVSS score of 10.0 that affects its Adaptive Security Appliance (ASA) software. On 29 January, the American multinational technology conglomerate publicly recognized the security issue (CVE-2018-0101) and revealed that it affects the ASA software found in the following...

Cloud computing is not a new name anymore, and its adoption is growing consistently across various industries. Public cloud is a disruptive technology, irresistible to the Financial Services Industry (FSI) due to its tremendous benefits, including agility, elasticity, time to market and on-demand provisioning, to name a few. However, there are genuine...

Phishing attacks continue to threaten organizations' digital security in droves. Kaspersky Lab prevented 46,557,343 phishing attempts in the second quarter of 2017 alone. Overall, close to one in ten (8.26%) of Kaspersky users encountered a phishing attack that quarter. Recognizing the prevalence of phishing, it's useful to examine the granular...

Especially in recent weeks and months, information security has become an issue of interest to a lot of different people. Over the last several years, more people have started paying attention to infosec issues, which means the audience of infosec communication has drastically grown and changed. Effective communication is audience-dependent. You have...

The retail industry saw more than its fair share of data breaches in 2017, with security incidents impacting at American supermarket chain Whole Foods Market and clothing companies Brooks Brothers, The Buckle, and Forever 21, to name a few. At least some of those events likely resulted from retailers' poor data breach preparation. Consider the fact...

The state of Internet of Things (IoT) security today is clear: it’s terrible. IoT devices are everywhere – from Fitbits and Amazon Alexas to smart appliances and intelligent home security systems, they’ve already permeated our consumer lives. Outside of the consumer space, however, IoT is even more prevalent. IoT devices control electrical grid...

In 2017, some of the world’s most devastating cyber attacks were seen. Insider threats continue to be the primary reason for such high profile data breaches year over year. With the rise of malware as a service, insiders are now more than capable of sabotaging a company's operations or stealing data to sell on the darknet. Without the right support...

There are many actionable items and methods a CISO can use to minimize risk in the healthcare industry. After all, there are all kinds of tools, project management resources, and resource management solutions that can help keep businesses in order and safe. However, there just a few areas in which action should be taken. As simple as it might sound,...