Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

The APT has been observed conducting espionage campaigns against organizations in government, healthcare, high-tech, and transportation sectors in Hong Kong, the Philippines, and Taiwan. [Read More]
Citizen Lab has discovered another player in the controversial mobile spyware business, blaming a tiny North Macedonia company called Cytrox as the makers of high-end iPhone implants. [Read More]
Security researchers at Google’s Project Zero picks apart the notorious FORCEDENTRY iPhone exploit and finds a never-before-seen hacking roadmap for which there is no defense. [Read More]
Early-stage startups Ermetic and Dazz raise a combined $130 million to build products to automate and remediate cloud security tasks. [Read More]
In the final Patch Tuesday release for 2021, Redmond warns of a zero-day flaw being exploited in the wild by the Emotet malware operation. [Read More]
Enterprise security response teams are bracing for impact as public exploits -- and in-the-wild attacks -- circulate for a remote code execution flaw in the Apache Log4j Java logging utility. [Read More]
A group for ex-Google software engineers has raised $5 million in seed funding to tackle software supply chain security. [Read More]
IronScales, a company that leverages artificial intelligence to keep email accounts safe, this week announced it has raised $64 million in Series C funding. [Read More]
The sideshow of a disagreement between privacy activist Max Schrems and the Irish Data Processing Commission (DPC) has evolved into a full-blown row – Schrems vs Facebook now includes Schrems vs the Irish DPC. [Read More]
Israeli startup that helps organizations securely adopt software-as-a-service (SaaS) has closed a $19 million Series A funding round led by Intel Capital. [Read More]

FEATURES, INSIGHTS // Compliance

rss icon

Jalal Bouhdada's picture
Jalal Bouhdada, Founder and Principal ICS Security Consultant at Applied Risk, discusses the implications of the new EU Directive on Security of Network and Information Systems (NIS)
Steven Grossman's picture
Why do we seem to need layer upon layer of regulation and guidance to try to ensure a more secure business world? Is it working?
Travis Greene's picture
Reducing the amount of personal data subject to GDPR is a critical step towards minimizing the amount of risk that GDPR will expose.
Steven Grossman's picture
The PCI DSS 3.2 should greatly help companies reduce third party vendor risk, and is starting to shift from just a check-the-compliance-box activity to a more continuous compliance model.
Travis Greene's picture
To understand why return on Access Governance is lower versus other security technologies, we first need to understand why Access Governance is implemented in the first place.
Torsten George's picture
To achieve continuous compliance and monitoring, organizations are forced to automate many otherwise manual, labor-intensive tasks.
Torsten George's picture
The NIST Cybersecurity Framework is an important building block, but still just the first step towards implementing operationalized defenses against cyber security risks.
James McFarlin's picture
U.S tech giants are playing a game of high-stakes global brinksmanship around who has rights to control their data, which impacts their European growth prospects, business models, and ultimately stock valuations.
Mark Hatton's picture
The oversight for the protection of healthcare information is only getting tighter, and it is incumbent upon the security teams to ensure healthcare professionals have all the tools necessary to improve patient outcomes, while we worry about keeping the bad guys away.
Nimmy Reichenberg's picture
With the release of PCI-DSS 3.0, organizations have a framework for payment security as part of their business-as-usual activities by introducing more flexibility, and an increased focus on education, awareness and security as a shared responsibility.