Bad news for anyone who might have hoped that the data breach problem was getting better. "Anecdotally, it just feels like we're seeing a massive increase recently," says Troy Hunt, the creator of the free "Have I Been Pwned?" breach-notification service. Unfortunately, he says, the problem is likely to worsen.
Bug bounty myths: All such programs must be public, run nonstop, pay cash to bug-spotters and allow anyone to join. But HackerOne's Laurie Mercer says such programs often run as private, invitation-only and time-limited endeavors, sometimes offering only swag or public recognition.
Organizations are increasingly relying on threat intelligence to help them better identify malicious behavior before it hits the network - or users encounter it - including using domain name system analysis to track emerging campaigns, says Corin Imai of DomainTools
A group of 22 state attorneys general, mainly from Democratic-leaning states, are demanding Congress offer local officials more support - including grants and equipment standards - to improve election infrastructure security in the run-up to the 2020 presidential contest.
Defending organizations against attackers is more challenging than ever. "The complexity and sophistication of the threats has increased," says Cisco's Mark Weir. "What we're seeing a lot of at the moment as well is intellectual property theft."
Implementing new technologies and best practices can help healthcare organizations dramatically improve their detection of data breaches, says Mitch Parker, CISO of Indiana University Health System, who will be a featured speaker at ISMG's Healthcare Security Summit on June 25 in New York.
The annual Infosecurity Europe conference this year returned to London. Here are visual highlights from the event, which featured over 240 sessions and more than 400 exhibitors, 19,500 attendees and keynotes covering data breaches, darknets, new regulations and more.
Some federal agencies inappropriately continue to rely on knowledge-based authentication to prevent fraud and abuse even though this method is no longer trustworthy because so much personal information that's been breached is readily available to fraudsters, a new
U.S. Government Accountability Office report notes.
Yet another warning has been issued about the BlueKeep vulnerability in older versions of Microsoft Windows. The latest comes from the Department of Homeland Security, which tested a remote code execution exploit.
Not all that crashes has been hacked. To wit, this past weekend there were multiple major outages, including much of Argentina and Uruguay going dark, as well as U.S. retailer Target's system problems leaving customers unable to pay for goods. But none of these outages were due to cyberattacks.
Data in non-production environments represents a significant percentage of total enterprise data volume. Non-production environments also carry more risk than production environments because there are more direct users, says Ilker Taskaya of Delphix, who discusses how organizations can reduce that risk.
Medical device vendor Becton Dickinson and U.S. federal regulators have issued security alerts about vulnerabilities that potentially put certain infusion pump products from the manufacturer at risk for remote hacker attacks.