Security Experts:

Privacy & Compliance
long dotted

NEWS & INDUSTRY UPDATES

Critical infrastructure, and national security, public and private organizations must at least encrypt their data; even if legislators and regulators have to mandate encryption requirements, ICIT says. [Read More]
Chinese authorities say they have uncovered a massive underground operation run by Apple employees selling computer and phone users' personal data. [Read More]
Router and switch LEDs can be used to stealthily exfiltrate sensitive data from air-gapped computers, researchers demonstrate [Read More]
A government contractor has been charged for leaking a classified NSA report on Russia election hacking to The Intercept [Read More]
Crowdfunding initiative for buying Shadow Brokers exploits canceled. Researchers cite legal reasons, including Russia (FSB) involvement [Read More]
Researcher discovers unprotected Amazon S3 bucket storing sensitive military data belonging to a US combat support and intelligence agency [Read More]
Many organizations believe an attack on their medical devices will likely occur in the next year, but few are taking significant steps to prevent attacks [Read More]
Rep. Tom Graves (R-Ga.) has released an updated version (PDF) of his draft Active Cyber Defense Certainty (ACDC) Act. [Read More]
Summary and roundup of this new products, surveys and cybersecurity industry comments on the upcoming General Data Protection Regulation (GDPR). [Read More]
Researchers analyzed pacemakers from four major vendors and found that the third-party libraries they use have over 8,000 known vulnerabilities [Read More]

FEATURES, INSIGHTS // Privacy & Compliance

rss icon

Lance Cottrell's picture
By surreptitiously monitoring and engaging with potential attackers and malware developers you can successfully gain information about emerging attack methods, patterns, and practices in the cyber underground.
Jim Ivers's picture
With the advent of connected devices, privacy and security have become tightly linked because theft of private data is often the goal of malicious attacks.
Jim Ivers's picture
Enlightened toy manufacturers likely begin to embrace the basic concepts of IoT security and build connected toys that can be trusted by parents.
Travis Greene's picture
Reducing the amount of personal data subject to GDPR is a critical step towards minimizing the amount of risk that GDPR will expose.
Erin O’Malley's picture
Today, we expect ultimate convenience. But at what cost? More and more, I’m left wondering whether modern conveniences—grâce à today’s advanced technologies—are truly worth the risk.
Steven Grossman's picture
The PCI DSS 3.2 should greatly help companies reduce third party vendor risk, and is starting to shift from just a check-the-compliance-box activity to a more continuous compliance model.
Jim Ivers's picture
If a car’s systems can be hacked to disable critical systems, then attacks can also be used to extract information. Similar to IoT, if data is being collected, data can be exfiltrated.
David Holmes's picture
The portion of encrypted traffic keeps rising, so IT security administrators will be forced to do more SSL decryption if they are to get any value at all out of their fancy security tools.
Travis Greene's picture
To understand why return on Access Governance is lower versus other security technologies, we first need to understand why Access Governance is implemented in the first place.
David Holmes's picture
In the initial hours after the Paris attacks by Islamic terrorists, when the PlayStation 4 rumor was first circulating, I decided to see exactly what kind of encryption the PS4 uses for its messaging system.