Attackers exploiting a buffer overflow in WhatsApp's signaling software to automatically infect devices with malware - without users even having to answer their phone - and then alter call logs to hide attack traces is "a bit of a nightmare scenario," says cybersecurity expert Alan Woodward.
The way many organizations have handled digital onboarding is fraught with risk - including fraud. But Husayn Kassai, CEO of Onfido, envisions a new future that includes a healthy amount of friction and greater security.
Traditionally, enterprises have built networks and then added security elements. But in what he describes as "the third generation of security," Fortinet's John Maddison promotes a model of security-driven networking. Hear how this can improve an organization's security posture.
The latest edition of the ISMG Security Report analyzes the FBI takedown of DeepDotWeb, a dark net portal. Also featured are discussions on healthcare app security and the repercussions of poor coding security.
Typically, organizations see automated or manual attacks - one type or the other. But increasingly cyberattackers are striking with blended attacks, and the growth and impact of these strikes is concerning. Dan Schiappa of Sophos discusses how to improve detection and defense.
Almost a year after it went into full effect, compliance with the EU's GDPR still presents challenges, including monitoring data in a decentralized environment, says Subhajit Deb, CISO at Dr. Reddy's Laboratories. He'll be a featured speaker at ISMG's Fraud and Breach Summit in Bengaluru on May 21.
The latest edition of the ISMG Security Report describes a discussion among "Five Eyes" intelligence agencies at the recent CyberUK conference. Plus, an update on a Huawei 'backdoor' allegation and new research on managing third-party risk.
How far does an organization's risk surface extend, and who are the custodians of all that data? A new research report aims to answer those questions. In a joint interview, Kelly White, of RiskRecon and Wade Baker of the Cyentia Institute offer an analysis.
The good news is: The development of new malware exploits has slowed considerably. The bad news is: That's because the old ones still continue to work so effectively. Adam Kujawa of Malwarebytes Labs talks about the evolution of ransomware and other successful exploits.
To fight against fake news that can influence elections, the government of India should adopt new legislation that creates specific requirements for action by social media companies, says cyber lawyer Karnika Seth.
Access risk: Security leaders understand their governance and technology challenges. But addressing them with new automated tools - and selling these new processes within their organizations? Those are the problems attendees attempted to solve at a recent dinner in Philadelphia.
The latest edition of the ISMG Security Report describes how a Facebook Marketplace glitch created serious privacy issues. Plus: An update on the activities of the FBI's Recovery Asset Team and HSBC whistleblower Everett Stern's preview of keynote address at upcoming ISMG Fraud and Breach Summit in Chicago.
Everett Stern, the whistleblower who called attention to HSBC's international money laundering activities, which ultimately resulted in a $1.9 billion fine, says the crackdown on financial fraud still has a long way to go. He'll be the keynoter at ISMG's Fraud and Breach Summit in Chicago on May 14.
Latha Reddy, India's former deputy national security adviser, says the nation should designate election infrastructure as "critical information infrastructure" to help ensure that cybersecurity is a much higher priority. She also spells out other critical steps.
A warning that a smartwatch marketed to parents for tracking and communicating with their children could be coopted by hackers leads the latest edition of the ISMG Security Report. It also reviews how a DNS hijacking campaign is hitting organizations and how "dark patterns" trick users.