Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

The UPS Store said on Wednesday that computer systems at several of its franchised center locations had been infected with stealthy malware that went undetected by its anti-virus software and exposed customer payment data.
Researchers have discovered a flaw in the WordPress Mobile Pack plugin that can be exploited to access password-protected posts.
Chinese hackers reportedly exploited the infamous “Heartbleed” vulnerability in OpenSSL to compromise Community Health Systems and steal patient data.
Community Health Systems, Inc., one of the largest hospital operators in the United States, said hackers managed to steal the records of 4.5 million patients.
Israeli cybersecurity startup GuardiCore, announced on Monday that it has closed an $11 million round of funding led by Battery Ventures.
Pretty Good Privacy (PGP), the popular email privacy and authentication software is fundamentally broken and it's time for it to "die," says Matthew Green, a well known cryptographer and research professor at Johns Hopkins University.
The assets of numerous organizations are at risk because their former employees continue to have access to sensitive corporate applications even after they leave the company.
The use of virtualized systems in a enterprise environments can provide many benefits, but these systems need some special attention paid to security, Symantec said in a new report examining threats to virtual environments.
European security firm Gemalto has agreed to buy data protection firm SafeNet for $890 million in cash.
Hypervisors have become an important part of enterprise environments and while they should normally reduce the attack surface, experts warn that they can be plagued by security vulnerabilities that could be leveraged by malicious actors.

FEATURES, INSIGHTS // Data Protection

rss icon

Adam Ely's picture
Security teams and lines of business have reached a turning point on BYOD. It’s now become more important than ever for the CISO to figure out how to manage risk without inhibiting users.
Mark Hatton's picture
The fall of a high-profile CEO due to security concerns makes me envision a scenario where security is now given a more prominent role on the executive team, with more emphasis placed on avoiding the breach in the first place.
Joshua Goldfarb's picture
When performing incident response, an organization should proceed through various stages by following its incident response process. While all stages are important, when an enterprise is attacked, the highest priority quickly becomes moving rapidly from detection to containment.
Jon-Louis Heimerl's picture
When it comes to the security responsibilities of vendors, answers are still often behind where they need to be. What are some things to think about in the way you manage your security with your vendors?
Chris Hinkley's picture
When the development cycle moves quickly, it will often bypass security. When rapid development equates to shoehorning security controls in after the fact, we’re left with an approach that has potentially disastrous consequences.
Mark Hatton's picture
The oversight for the protection of healthcare information is only getting tighter, and it is incumbent upon the security teams to ensure healthcare professionals have all the tools necessary to improve patient outcomes, while we worry about keeping the bad guys away.
Wade Williamson's picture
If criminals can’t use or sell stolen data without being caught, then the data quickly becomes worthless. As a result it’s critical to understand what happens to data after a breach.
Jon-Louis Heimerl's picture
The concepts of defense in depth have been with us for years -- hundreds of years, if not thousands. Maybe we can learn something from those architects of warfare from the Middle Ages?
Michael Callahan's picture
While I’d argue the point that the chip and PIN system is better and more secure than the mag stripe, it’s not what caused these or what will prevent future malware attacks.
Torsten George's picture
While security monitoring generates big data, in its raw form it remains only a means to an end. Ultimately, information security decision making should be based on prioritized, actionable insight derived from the data.