Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Hackers breached DocuSign systems and stole email addresses, which they used in a spam campaign designed to deliver malware [Read More]
HP has removed the keylogger functionality found by researchers in audio drivers provided for 28 laptops and tablet PCs [Read More]
Experts audited OpenVPN and its cryptography and found only one high severity vulnerability [Read More]
Researchers discovered that a Conexant audio driver shipped with many HP laptops acts as a keylogger [Read More]
Apple recently patched a vulnerability that allowed MitM attackers to steal passwords and other secrets from the iCloud Keychain [Read More]
The FCC said its comment system was disrupted by DDoS attacks, not because too many net neutrality supporters accessed its website [Read More]
Researcher discloses unpatched WordPress vulnerability that could allow an unauthenticated attacker to reset a targeted user’s password [Read More]
Travel technology giant Sabre tells SEC it’s investigating a payment card breach related to a hotel reservations product [Read More]
Meetings recorded on the Fuze collaboration platform did not have sufficient controls to ensure that the recordings were kept private and allowed them to be accessed via an unprotected URL. [Read More]
Hackers breach Unity game engine forum and claim to have stolen 2 million accounts. Unity denies passwords have been compromised [Read More]

FEATURES, INSIGHTS // Data Protection

rss icon

Erin O’Malley's picture
The CIA conducts extensive background investigations and requires polygraph examinations to gain a security clearance, yet a malicious insider apparently made off with a trove of secret CIA hacking tools.
Ashley Arbuckle's picture
The healthcare industry has a lot to gain by digital transformation. However it also has a lot to lose if it doesn’t start with security as a foundation.
Travis Greene's picture
Whether US government officials improve their handling of classified information in the new administration or not, industry can certainty learn from the blunders and reduce risks.
Eddie Garcia's picture
To reduce the chances of falling victim to an insider-driven breach, security and risk professionals should start by learning what their available data can tell them.
Aditya Sood's picture
The cloud is here to stay, and so long as employees use cloud apps from within an organization’s firewall, we’ll always have to wrangle with Shadow IT, Shadow Data and the attendant problems and risks.
Steven Grossman's picture
Beginning November 30, 2016, DoD third party contractors will be required to establish and maintain an insider threat program.
Eddie Garcia's picture
This article explains how to encrypt data in a Hadoop cluster. The tools are available, and if you are brave enough, you could attempt this at home.
Eddie Garcia's picture
A common misconception about native HDFS encryption is the belief that the data is encrypted when written to disk on the data nodes like most disk encryption solutions.
Torsten George's picture
Google Dorking can be used to identify vulnerable systems and trace them to a specific place on the Internet.
Bill Sweeney's picture
Enterprises have to worry about the surface area that is open for attack and the challenge of detecting attacks quickly when they are occurring. In every instance simplification will help.