A cryptocurrency investor is suing AT&T for $240 million, alleging he lost $24 million in virtual currency after the carrier failed to stop two separate attacks where his phone number was commandeered by attackers. The incident highlights the dangers of using a phone number as an authentication channel.
Ransomware. Phishing. Credential stuffing. These are among the top threats to financial institutions of all sizes. But small-to-midsized ones are particularly challenged to detect and respond to threats. Arctic Wolf's Todd Thiemann discusses the value of managed detection and response.
As the HIPAA security rule turns 20, it's time for regulators to make updates reflecting the changing cyberthreat landscape and technological evolution that's happened over the past two decades, says security expert Tom Walsh.
Although there's widespread agreement that addressing security early in the software development cycle is an essential component to any breach prevention strategy, implementing DevSecOps can prove challenging.
Securing the public cloud is not as challenging as it used to be, but too many organizations are still taking the wrong approach, says Microsoft's Jonathan Trull. Understanding the shared responsibility model for security is critical, he says.
Security silos persist because stakeholders within the enterprise security ecosystem are focused on their own key performance indicators, says Abdallah Zabian of DXC Technology, who suggests a more holistic approach is needed.
Forty-eight percent of customers drop the products and services of organizations that have had a publicly-disclosed data breach. This is but one of the findings of the new 2018 Global State of Online Digital Trust study commissioned by CA Technologies. CA's David Duncan analyzes the results.
One measure of why it's so difficult for organizations to keep their software patched and better secured: Of the nearly 20,000 unique vulnerabilities in 2,000 products cataloged last year, only half involved Microsoft, Adobe, Java, Chrome or Firefox software, says Flexera's Alejandro Lavie.
Reddit suffered a data breach in June after attackers managed to bypass its SMS-based two-factor authentication system. User data from 2007 and before was compromised. Security experts say the breach should serve as a reminder that using any two-factor authentication is better than none.
The solution providers in the fraud solution industry offer logic
designed to track users and prevent malicious activity by
capturing and analyzing behavioral characteristics across
the entire session, from login to check out and everything in
between. These solutions compare known customer behavior
in the case...
Most cybersecurity tools are designed to help identify, alert on, and in some cases prevent a particular type of malicious activity. Current technologies send alerts and may even prevent specific types of attacks, but the burden remains with the organization to figure out whether that alert is meaningful in a broader...
Finding threats in your big data can be like finding a needle in a haystack. Splunk Enterprise Security streamlines the process by extracting indicators of compromise (IOCs) in your threat intelligence data to help you pinpoint potential attack activity in your enterprise.
Download this whitepaper to learn about a...
Modern SIEM solutions go far beyond basic log managers and manual processes.
With 200,000 security threats a day, you need lightning-fast protection. A good SIEM should be able to detect an array of threats and threat indicators - such as phishing attacks, malware, credential theft, lateral movement and data...
Silicon Valley employees are increasingly calling on executives to restrict the use of facial recognition technology, mobilized in part by the U.S. government's previous policy of separating children from parents at the border. Experts say facial recognition regulations are needed - and quickly.