Latest

Endpoint Security

Analysis: A Better Approach to Cyber Defense

Nick Holland  •  December 13, 2019

The latest edition of the ISMG Security Report discusses why cyber defense teams need to think more like attackers. Plus, a case study on cross-border payment fraud, and an expert's take on security for the 2020 elections.

3rd Party Risk Management

Is your Organization Suffering From Third-Party "Compliance Drift"?

Tony Howlett  •  December 13, 2019

Third-party vendors accessing your most critical systems and networks can also bring in security incidents along with all those wonderful things they promised in the sales presentation.

►

Security Operations

Building Security Into Cloud Migration

Varun Haran  •  December 12, 2019

It's essential that security be built into cloud migrations and not handled as an afterthought, says Terence Gomes of Microsoft.

►

Governance

Managing Identity in a 'Zero Trust' Environment

Varun Haran  •  December 12, 2019

Why is identity at the core of the "zero trust" approach? Tejas Lagad of Nexus shares insights.

►

Encryption & Key Management

Why We Need Quantum-Proof Keys

Varun Haran  •  December 12, 2019

Quantum-proof keys will become essential when quantum computers become more common because these devices can break conventional cyptography, says Sunil Kumar Gupta of QuNu Labs.

Encryption & Key Management

Visual Journal: Black Hat Europe 2019

Mathew J. Schwartz  •  December 12, 2019

Black Hat Europe returned to London last week, featuring two days of briefings covering topics from cryptography and breach response to exploit development and application security. Plus, a packed business hall offered technical demonstrations. Here are visual highlights of the event.

Blockchain & Cryptocurrency

Five Charged in $722 Million Cryptomining Ponzi Scheme

Scott Ferguson  •  December 11, 2019

The Justice Department has charged five individuals with running a high-tech Ponzi scheme that allegedly fleeced investors out of $722 million by falsely promising clients big returns as part of a cryptomining operation.

Endpoint Security

Intel Chips Vulnerable to 'Plundervolt' Attack

Jeremy Kirk  •  December 11, 2019

Intel issued a firmware update on Tuesday to mitigate an attack developed by researchers, dubbed Plundervolt, which uses voltage fluctuations to reveal secrets such as encryption keys. The findings are the latest bad news for Intel as researchers have dug deep into its chip architecture.

Endpoint Security

McAfee Considers Purchase of NortonLifeLock: Report

Akshaya Asokan  •  December 11, 2019

McAfee's ownership team is exploring a deal to acquire NortonLifeLock, the renamed, publicly traded firm that was formerly the consumer and small business security division of Symantec, according to the Wall Street Journal, which cites "people familiar with the matter."

Business Continuity Management / Disaster Recovery

Decryptor Bug Means Ryuk Victims Stuck in Ransomware Rut

Jeremy Kirk  •  December 10, 2019

Emsisoft has spotted a buggy decryptor for the Ryuk ransomware and developed a custom tool to fix it. But victims will still have to pay the ransom to recover files.

Account Takeover

GDPR Violation: German Privacy Regulator Fines 1&1 Telecom

Mathew J. Schwartz  •  December 10, 2019

One of the largest fines to date for violating the EU's General Data Protection Regulation has been announced by Germany's federal privacy and data protection watchdog, the BfDI, against 1 & 1 Telecommunications, in part for inadequate authentication mechanisms. The company plans to appeal.

Governance

FTC Sanctions Defunct Cambridge Analytica: So What?

Mathew J. Schwartz  •  December 9, 2019

The U.S. Federal Trade Commission has sanctioned data analytics firm Cambridge Analytica for misusing Facebook users' personal details as part of voter-targeting campaigns. Just one problem: The firm declared bankruptcy in May 2018. Meanwhile, voter microtargeting continues unchecked.