Cybersecurity Strategy: Planning for the Future

Varun Haran • June 21, 2018

Three key challenges facing security practitioners worldwide are visibility, metrics and orchestration, says Vishal Salvi, CISO for India's tech powerhouse Infosys. The threat landscape, rather than compliance, is driving security decisions, he says.

Artificial Intelligence & Machine Learning

EU Claims Kaspersky Lab Software 'Confirmed as Malicious'

Latest

Next-Generation Technologies & Secure Development

Breaking Down Silos to Make Intelligence Actionable

Varun Haran • June 21, 2018

Many organizations are looking for pre-defined logic for effectively consuming threat intelligence across information silos, rather than collecting intel and then having to define the logic to make it actionable themselves, says Greg Singh of Skybox Security.

Data Loss

Tesla Accuses Insider of Stealing Gigabytes of Data

Mathew J. Schwartz • June 21, 2018

Electric car manufacturer Tesla has sued a former employee for sabotage, alleging that he "unlawfully hacked the company's confidential and trade secret information and transferred that information to third parties" while leaving a trail designed to implicate other employees.

Data Breach

Phishing Defense: Block OAuth Token Attacks

Jeremy Kirk • June 21, 2018

Just one click: That's all it takes for a victim to inadvertently grant attackers access to their email account via a third-party application. Here's how to spot signs of OAuth-related hacking and how to defend against it.

Fraud Management & Cybercrime

Ransomware: No Longer Sexy, But Still Devastating

Mathew J. Schwartz • June 21, 2018

We need to talk about ransomware, says James Lyne, global research adviser at Sophos: "It's not the big, sexy security topic that it once was, but there's some really interesting evolution in their tactics." Lyne rounds up the latest tactics and describes how machine learning is offering new defensive hope.

Anti-Malware

Geopolitical Instability Is CISOs' Latest Challenge

Mathew J. Schwartz • June 20, 2018

The latest challenge to face CISOs: Finding the best way to keep their organization secure while at the same time navigating political edicts that may lack any technical detail or present solid facts or alternatives to suspect technology, says Jaya Baloo, CISO of KPN Telecom.

Authentication

Credential Stuffing Attacks: How to Combat Reused Passwords

Mathew J. Schwartz • June 20, 2018

For attackers, "credential stuffing" - using stolen usernames and passwords to log into any site for which a user reused their credentials - is the gift that keeps on giving, says security researcher Troy Hunt. Here's how organizations can mitigate the threat.

Cybercrime

Massive CIA Hacking Tool Leak: Ex-Agency Employee Charged

Mathew J. Schwartz • June 19, 2018

The U.S. Department of Justice has charged a former CIA officer, 29-year-old Joshua A. Schulte, with providing 8,000 documents that describe the agency's offensive malware tools and practices to WikiLeaks, which published them in 2017 as the "Vault 7" archive.

Cybersecurity

Cybersecurity Insurance: How Underwriting Is Changing

Nick Holland • June 18, 2018

Cybersecurity insurers, faced with growing demand, are looking for new ways to better measure their risks, says Aleksandr Yampolskiy, CEO of SecurityScorecard. So some are moving toward more carefully scrutinizing the cybersecurity postures of their potential clients.

Breach Notification

PageUp Breach: Job Winners Hit Hardest

Jeremy Kirk • June 15, 2018

Nearly three weeks after human resources software vendor PageUp discovered malware on its system, the tally of what data was exposed remains unclear, although successful job applicants appear to have been hardest hit.

Global Compliance

Making the Most of ISO Standards

Suparna Goswami • June 15, 2018

Many companies don't understand the value of security standards and just use them as a marketing tool, says Agnidipta Sarkar of DXC Technology.

Authentication

Analysis: Distraction Tactics Used in Banco de Chile Hack

Nick Holland • June 15, 2018

Leading the latest edition of the ISMG Security Report: An analysis of how distraction tactics were used during a $10 million SWIFT-related hack at Banco de Chile. Also, a wrapup of Infosecurity Europe.

Cyberwarfare / Nation-state attacks

Visual Journal: Infosecurity Europe 2018

Mathew J. Schwartz • June 14, 2018

When June arrives in the United Kingdom, that means it's time for the annual Infosecurity Europe conference in London. Here are visual highlights from this year's event, which featured 240 sessions, 400 exhibitors and an estimated 19,500 attendees.