Latest

Breach Notification

Fresh Google+ Bug Exposed 52.2 Million Users' Data

Jeremy Kirk  •  December 11, 2018

Google says a buggy API update it pushed last month for its soon-to-be-mothballed Google+ social network exposed personal information for 52.2 million users. The data-exposure alert arrives just two months after Google admitted that a March problem with the same API exposed data for 500,000 users.

Breach Preparedness

Equifax Breach 'Entirely Preventable,' House Report Finds

Mathew J. Schwartz  •  December 11, 2018

The massive data breach suffered by Equifax in 2017 "was entirely preventable," according to a report released by the House Oversight Committee's Republican majority. Some Democratic lawmakers have slammed the report for failing to advance legislative or oversight changes to help prevent breaches.

Cybercrime

Eastern European Bank Hackers Wield Malicious Hardware

Mathew J. Schwartz  •  December 10, 2018

Hackers have been plugging inexpensive hardware into banks' local area networks to help perpetrate heists that have stolen tens of millions of dollars, warns Kaspersky Lab. It says that since 2017, the "DarkVishnya" attack campaign has hit at least eight Eastern European banks.

Breach Response

After Mega-Breach, Marriott May Pay for New Passports

Jeremy Kirk  •  December 10, 2018

Victims of the massive Marriott International data breach, which exposed data for 500 million customers, including some passport numbers, may be able to claim reimbursement for the cost of obtaining a replacement passport, provided they can prove it led to fraud.

Cybercrime

Fighting Credential Stuffing Attacks

Varun Haran  •  December 10, 2018

Credential abuse attacks and identity theft incidents are rising, with attackers leveraging botnets to launch coordinated campaigns with high success rates, says Aseem Ahmed of Akamai Technologies, who shares best practices for mitigating the threats.

Anti-Fraud

Face Off: Researchers Battle AI-Generated Deep Fake Videos

Mathew J. Schwartz  •  December 7, 2018

The easy availability of tools for designing face-swapping deep-fake videos drove Symantec security researchers Vijay Thaware and Niranjan Agnihotri to design a tool for spotting deep fakes, which they described in a briefing at the Black Hat Europe 2018 conference in London.

►

Cybersecurity

The Board as 'Fourth Line of Defense' in Security

Geetha Nandikotkur  •  December 7, 2018

Banks' boards of directors need to understand the implications of cybersecurity in terms of the overall risk structure, says Bhaskar Pramanik, a board member at State Bank of India and former chairman of Microsoft India.

►

Governance

India's Data Protection Bill: An Analysis

Suparna Goswami  •  December 7, 2018

Vaishali Bhagwat, cyber lawyer and advocate, contends that the "harms-based" approach in India's data protection bill is more appropriate than the "rights-based" approach taken by the European Union's General Data Protection Regulation

►

Identity & Access Management

A Practitioner's Perspective on Advanced IAM

Tom Field  •  December 7, 2018

Multifactor authentication and privilege-based controls are among the forms of identity and access management that can help security leaders address key vulnerabilities in their organizations, says Charanjit Singh Sodhi of Normura Wholesale, who offers advice.

►

Identity & Access Management

Identity-Driven Security in an Evolving Threat Landscape

Tom Field  •  December 7, 2018

As enterprises improve defense of their networks and data centers, cybercriminals increasingly are shifting their efforts to targeting privileged credentials. It's time, then, to take an identity-centric approach to security, says Aneesh Dhawan of Microsoft.

►

Network Performance Monitoring & Diagnostics

Improve Alignment, Enhance Visibility

Tom Field  •  December 7, 2018

To improve enterprise visibility, network and security teams need to align and evolve the way they architect networks, says Gigamon's Ian Farquhar, who shares insights on how to enhance network visibility.

►

Compliance

Legal and Compliance: 3 Questions for CISOs

Tom Field  •  December 6, 2018

What are three burning questions regarding legal and compliance issues that enterprise security leaders should ponder as they head into 2019? Ed Amoroso, former CISO of AT&T and current CEO of TAG Cyber, outlines the questions and possible answers.