Many ethical hackers and other security professionals, such as penetration testers, have weaponized cloud platforms to host online attack infrastructure or have used the platforms to conduct reconnaissance, according security researchers at Texas Tech University.
Organizations deploying deception technology must make sure to integrate it with other technologies to reap the full benefits of intrusion alerts, says Anuj Tewari, global CISO at IT Services HCL Technologies.
When organizations eventually allow employees to return to their offices after the COVID-19 crisis subsides, they may discover "more network intrusions, data exfiltration and data breaches," says U.K. cybercrime expert Andrew Gould, who implores organizations to report these incidents to authorities.
The latest edition of the ISMG Security Report discusses recent research on the cyberthreats in multicloud environments and how to mitigate them. Also featured: A ransomware risk management update; tips on disaster planning.
Britain's failure to contain COVID-19 - despite Prime Minister Boris Johnson promising a "world-beating" effort - now includes a failed digital contact-tracing app. A new version, built to work with Apple and Google APIs, may be released by winter. Really, what's the rush?
Digital transformation may have occurred over a weekend in March, but the effects will be felt - and secured - for years to come. How will global enterprises in 2021 validate identities, defend networks without perimeters and secure a permanent remote workforce? A panel of CEOs and CISOs shares strategies.
Since the advent of the COVID-19 crisis, many enterprises have moved new workloads to the cloud. But have they been just as swift to adopt cybersecurity best practices in these multi-cloud environments? IBM's Limor Kessem analyzes a new cloud security study.
An internal CIA report from 2017 - just released in heavily redacted form - found that the agency's failure to secure its own systems facilitated the massive "Vault 7" data breach that enabled classified information, including details of 35 CIA hacking tools, to be leaked to WikiLeaks.
Increasingly, organizations are turning to encryption to help solve multiple security issues, whether it's protecting data, managing risk or meeting government regulations. While managing all these encryption keys can be complex, Brad Beutlich of nCiper Security doesn't believe it has to be this way.
Why do so many enterprises remain chained to outdated and vulnerable identity and access management technologies - legacy systems that rely on passwords, eat budgets and kill productivity? Baber Amin of Ping Identity and Ramnath Krishnamurthi of LikeMinds Consulting preview a new virtual roundtable on Modernizing IAM.
Jewelry retailer Claire's says Magecart attackers hits its e-commerce store, hosted on Salesforce Commerce Cloud, and stole an unspecified number of customers' payment card details. Security firm Sansec, which discovered the breach, says Magecart attacks have grown more targeted during lockdown.
Delivery Hero, the online food delivery service, has confirmed a data breach of its Foodora brand. Breached information includes personal details for 727,000 accounts - names, addresses, phone numbers, precise location data and hashed passwords - in 14 countries.
As digital transformation technologies such as containers and connected devices are changing business models, organizations are finding new ways to secure data with encryption. John Grimm of nCipher Security walks through how the use cases for encryption are keeping up with the times.