Equifax says it continues to field queries from U.S. lawmakers about the full extent of its massive 2017 data breach, which occurred after an attacker exploited its unpatched Apache Struts web application. Research finds that many more organizations are using unpatched Struts applications.
Security leaders need to align business goals and risks to be able to gain buy-in for security initiatives, which is the only way to achieve a cultural change in the organization, says Sameer Ratolikar, CISO of India's HDFC Bank.
In an exclusive in-depth analysis, a panel of security experts sizes up key steps many Indian organizations still need to take to comply with the European Union's General Data Protection Regulation, which will be enforced starting May 25.
You're the new kid on the cybersecurity block. You believe you have a unique solution to address an unresolved challenge in the security stack, and beta customers are bullish on your company's potential. We asked: "So what?" What makes these companies different? See startups deliver their quick pitch.
A vulnerability in a government-run website designed to assist employees in linking to their Provident Fund retirement accounts with their Aadhaar numbers was targeted by hackers, reportedly exposing data on millions.
Cybersecurity and fraud prevention functions need to start working more closely together to share and leverage cross-functional knowledge that can help improve security, says Michael Thelander of iovation.
Security still remains an afterthought when many organizations are adding new technologies to provide a differentiated customer experience, says Anna Convery of Radware, who recommends a change in approach.
Twitter has apologized after it discovered that it had been inadvertently storing users' passwords in plaintext in an internal log, potentially putting them at risk. Twitter has blamed a bug for the fault and recommends all users change their passwords immediately.
Australia's Commonwealth Bank has confirmed that two magnetic tapes containing transaction information for 19.8 million accounts went missing two years ago after mishandling by a subcontractor. A forensic investigation concluded the tapes were likely destroyed, and no fraudulent activity has been detected.
Despite the buzz about digital transformation, most enterprises remain overwhelmed by having to support and secure legacy technologies, says Mark Loveless of Duo Security. How can they simultaneously protect their legacy systems while securing their future?
What matters most, right now, to the information security community? At RSA 2018, RSA's president said WannaCry was a wakeup call for vulnerability and risk management. Other experts see artificial intelligence, machine learning and secure coding as hot trends.