Attackers - likely operating from China - have been surreptitiously hacking into global telecommunications providers' networks to quietly steal metadata and track subscribers - and those with whom they communicate - as part of an ongoing cyber espionage operation, warns security firm Cybereason.
More organizations are deploying single sign-on mechanisms when they move to software-as-a-service applications to help enhance authentication and control access, says Moshe Ferber, chairman of the Israeli chapter of the Cloud Security Alliance.
Iran is increasing its malicious cyber activity against the U.S, which could manifest in attacks that render computers unusable, a top U.S. cybersecurity official says. The warning comes after the U.S. reportedly targeted Iranian computer systems in response to the downing of a surveillance drone.
Identity and access management continues to be a top medical device cybersecurity challenge, says security expert Mark Sexton of the consultancy Clearwater, who offers a variety a risk mitigation tips.
Too many organizations around the world take a "bare minimum" approach to third-party risk management, says Jonathan Ehret, founder of the Third Party Risk Association, who offers risk mitigation insights.
Hackers have repeatedly stolen valuable data - including launch codes and flight trajectories for spacecraft - from NASA's Jet Propulsion Laboratory in recent years, according to a new inspector general audit, which describes weak security practices.
The early days of email attacks - so much noise in the form of malware, spam and links - have given way to attacks that often rely on little more than words, and email gateways often struggle to arrest social engineering ploys, says Michael Flouton of Barracuda Networks.
Many cybersecurity tools are designed to block or allow specific activities based on prescribed rules, but with insider breaches continuing, enterprise protection also requires real-time reaction to actual user behavior, says Carl Leonard of Forcepoint.
Attackers crave insider-level access to IT infrastructure and regularly target insiders - and especially administrators- to steal their credentials, says BeyondTrust's Karl Lankford, who advises organizations to ensure they manage, monitor and audit all privileged access.
Provisioning and deprovisioning employee credentials is a critical component of mitigating insider threats, says Andrew Clarke of One Identity, who discusses the importance of identity and access management.
The latest edition of the ISMG Security Report analyzes the security and privacy implications of Facebook's new digital currency - Libra. Also featured: Discussions on the rise of machine learning and IT and OT collaboration on cybersecurity.
When migrating systems, data and applications to the cloud, a critical security step is to involve compliance auditors in the process as early as possible, says Thien La, CISO at Wellmark Blue Cross Blue Shield. He'll be a featured speaker at ISMG's Healthcare Security Summit on June 25 in New York.