Leveraging intelligence culled from the Dark Web will help boost information security for enterprises, says Avi Rembaum of Check Point Software Technologies.
Equifax has yet to describe how its site was breached, except to blame a vague "U.S. website application vulnerability." But some security experts suspect that an unpatched flaw in Apache Struts, fixed by Apache in March, might have been exploited.
The Singapore arm of AXA Insurance Group says a web application flaw exposed the personal data of thousands of insurance customers to hackers. Experts weigh in on what can be done to prevent such incidents.
A major operation to cleanse websites of digital certificates created under questionable circumstances is underway. Google has issued the orders: Purge digital certificates that were issued by Symantec before June 1, 2016.
It isn't a specific product to be purchased and deployed, but RSA's concept of business-driven security is a new strategy to help improve communication between the operations and risk managers within security organizations. RSA's Ben Smith describes how to start.
Only 38 percent of banking/security leaders have high confidence in their organization's ability to detect and prevent fraud, according to the latest ISMG Faces of Fraud Survey. John Gunn of VASCO Data Security weighs in on how to improve that confidence.
The notion of patching the most critical vulnerabilities is outdated and ineffective thanks to today's black market for exploit kits, says Kevin Flynn of Skybox. Evaluating the exposure and context of holes in your organization is crucial to shoring up defenses, he says.
The Russian cyber espionage group known as Pawn Storm, which has been around since 2004, has shifted gears to focus on cyber propaganda efforts, and security professionals need to be aware of the changing threat, says Ed Cabrera of Trend Micro.
Many organizations are uncertain about the overall effectiveness of their security strategy because they are still in the dark about aspects of their risk posture, says Brian Soldato of NSS Labs. Conducting a few pen tests a year is not enough, he stresses.
The massive Equifax data breach has already led to the filing of more than 30 lawsuits against the data broker - one demanding up to $70 billion in damages. At least five state attorneys general have launched formal investigations, while several Congressional committees have promised hearings.
To prepare for more ransomware attacks, organizations need to follow a consistent model of connected, synchronized security, says Sophos' Sunil Sharma, managing director for India and SAARC.
In the wake of increasing cybersecurity concerns, the government of India wants to leverage indigenously developed security solutions to protect telecom networks. But some security experts say that could prove difficult.
In the wake Equifax saying hackers may have stolen 143 million consumers' personal details, the company is already facing sharp questions over the robustness of its security defenses as well as reports that three executives sold stock after the breach was discovered, but before the news became public.
Credit reporting agency Equifax said Thursday a web application flaw exposed 143 million U.S. consumers' records to hackers, a startling breach from a company that ironically offers services to protect consumers from identity theft.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.