Latest

►

Incident & Breach Response

Are You APT-Ready? The Role of Breach and Attack Simulation

Mathew J. Schwartz  •  June 18, 2019

With the volume of data breaches and cyberattacks continuing to rise, organizations are increasingly relying on breach and attack simulation tools to provide more consistent and automated validation of controls, says Cymulate's Tim Ager.

►

Application Security

Securing the Software Supply Chain

Nick Holland  •  June 18, 2019

What steps can be taken to eliminate vulnerabilities in the software supply chain? Ilkka Turunen of Sonatype offers practical insights.

►

Artificial Intelligence & Machine Learning

Using AI to Detect Cyber Risks

Nick Holland  •  June 18, 2019

Artificial Intelligence is coming of age as a key tool in the security analyst's arsenal, says David Atkinson, founder and CEO of Senseon, who highlights key benefits of the technology.

►

Standards, Regulations & Compliance

Compliance in a Hybrid Environment

Nick Holland  •  June 18, 2019

How can organizations deal with compliance issues in a hybrid environment? Don Closser of Firemon discusses compliance in the age of cloud computing.

Cybercrime

'Extreme But Plausible' Cyberthreats

Nick Holland  •  June 18, 2019

A new report from Accenture highlights five key areas where cyberthreats in the financial services sector will evolve. Many of these threats could comingle, making them even more disruptive, says Valerie Abend, a managing director at Accenture who's one of the authors of the report.

Artificial Intelligence & Machine Learning

Visual Journal: Infosecurity Europe 2019

Mathew J. Schwartz  •  June 18, 2019

The annual Infosecurity Europe conference this year returned to London. Here are visual highlights from the event, which featured over 240 sessions and more than 400 exhibitors, 19,500 attendees and keynotes covering data breaches, darknets, new regulations and more.

Endpoint Security

DHS Is Latest to Warn of BlueKeep Vulnerability

Scott Ferguson  •  June 17, 2019

Yet another warning has been issued about the BlueKeep vulnerability in older versions of Microsoft Windows. The latest comes from the Department of Homeland Security, which tested a remote code execution exploit.

Critical Infrastructure Security

Xenotime Group Sets Sights on Electrical Power Plants

Scott Ferguson  •  June 17, 2019

Xenotime, the group suspected of launching the Trisis malware attack in Saudi Arabia during 2017, has over the past few months shifted its focus beyond the oil and gas industry to target electrical plants and utilities, security firm Dragos reports.

►

Governance

Enhancing Security by Red Teaming

Nick Holland  •  June 17, 2019

James Stanger, chief technology evangelist at CompTIA, explains why red teaming can prove highly beneficial in improving organizational security controls.

Critical Infrastructure Security

Two Weekend Outages, Neither a Cyberattack

Mathew J. Schwartz  •  June 17, 2019

Not all that crashes has been hacked. To wit, this past weekend there were multiple major outages, including much of Argentina and Uruguay going dark, as well as U.S. retailer Target's system problems leaving customers unable to pay for goods. But none of these outages were due to cyberattacks.

Cybercrime

10 Highlights: Infosecurity Europe 2019 Keynotes

Mathew J. Schwartz  •  June 14, 2019

Data breaches, incident response and complying with the burgeoning number of regulations that have an information security impact were among the top themes at this year's Infosecurity Europe conference in London. Here are 10 of the top takeaways from the conference's keynote sessions.

Cybercrime

Assange Extradition Hearing Won't Occur Until February

Scott Ferguson  •  June 14, 2019

A British judge has determined that an extradition hearing for WikiLeaks founder Julian Assange won't be held until next February. The U.S. is asking for the extradition so Assange can face espionage charges.