As cloud computing services evolve, the cloud opens up entirely new ways for potential attacks. Cloud systems and images have operating system and component vulnerabilities just like those in the enterprise. For example, Heartbleed, Shellshock and other major bugs can affect cloud systems, and there are new issues to...
The web may be largely funded thanks to online advertising, but the threat posted by malicious advertisements continues to escalate. Indeed, the latest malvertising scheme, uncovered by security firm Confiant, served 1 billion malicious advertisements.
We are amidst a new "machine identity crisis," says Jeff Hudson, CEO of Venafi. And unless we tackle this growing challenge of how to secure machine-to-machine communication, then enterprise IT and security departments are likely to be overwhelmed.
This edition of the ISMG Security Report takes a look at how ready healthcare organizations are for GDPR compliance. Also featured: comments from Alberto Yepez of Trident Capital on the 2018 outlook for information security companies and a summary of the latest financial fraud trends.
The browser is the window to the web. But what's going in the background during that browsing is opaque to most users. A new experiment shows how the computing power of tens of thousands of computers could be unknowingly harnessed to crack passwords, harvest cryptocurrencies or conduct DDoS attacks.
Fresh research into mobile apps designed to control ICS systems from afar has unearthed unnerving findings. More than 20 percent of mobile ICS apps have issues that could allow an attacker to influence an industrial system.
An analysis of FBI Director Christopher Wray's comments about how encryption poses complications for law enforcement officials leads the latest edition of the ISMG Security Report. Also featured: The former CISO of the state of Michigan sizes up cybersecurity forecasts.
Following the alert over Meltdown and Spectre vulnerabilities, the U.K. Information Commissioner's Office is warning that failures to patch today could be punished with fines under GDPR once enforcement of the data protection law begins later this year.
Open source and third-party components help developers build and deploy applications faster. But with increased speed comes greater risk that could lead to fraud. Vulnerabilities in components are a hidden cost of free software. And their widespread use creates opportunities for attackers looking to exploit the most...
As the healthcare sector implements a variety of new applications and increasingly moves to the cloud, it has a fresh opportunity to address security, says Daniel Bowden, CISO at Sentara Healthcare, who discusses best practices.
In the Face of Advanced Threats, is Your Organization's Security Posture Reactive or Proactive?
Today's most advanced threat actors - whether external or internal - are stealthier than ever and able to hide within one's systems for days, weeks or even months as they gather intel and prepare to strike. Sixty-one...
SSH keys provide the highest level of access rights and privileges for servers, applications and virtual instances. Cyber criminals want this trusted status and invest considerable resources into acquiring and using SSH keys in their attacks.
Even though SSH keys are the credentials that provide the most privileged...
It's frightening what criminals can buy on the dark web, but it's even scarier that they may be buying your own security certificates to use against you. Venafi recently sponsored a six-month investigation into the sale of digital code signing certificates on the dark web. Conducted with the Cyber Security Research...
"Machines" as we know them are going through an identity crisis. Our increased dependence on them is so profound that even the definition of machine is undergoing radical change. The number and type of physical devices on enterprise networks has been rising rapidly, but this is outstripped by the number of...
Finding an effective breach prevention provider is critical in order to safeguard an organization's assets. NSS Labs subjected nine cybersecurity market leaders to comprehensive, rigorous testing to determine how well each product handled current advanced threats and attack methods. All vendor products were evaluated...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.co.uk, you agree to our use of cookies.
