FBI Plans to Monitor Social Media May Spark Privacy …

A new initiative to pull data from social media platforms may clash with policies prohibiting the use of information for mass surveillance. The Federal Bureau of Investigation wants to intensify its monitoring of Facebook, Twitter, and other social media platforms to detect potential threats. But its plans may collide with privacy policies and, potentially, Facebook’s
Read more
1 Comment

Is My Development Environment at Risk?

Development environments pose a few unique risks to the organization. Question: What threats to developers and development environments should I know about, and how do I defend against them? Brad Causey, CEO at Zero Day Consulting: Developers should be on the lookout for several threats. First, be wary of what libraries and thirty-party code you integrate
Read more
1 Comment

Modern-Day SOCs: People, Process & Technology

As businesses look to the future and invest in next-generation tools, here are some considerations for more effective planning. As security operations centers (SOCs) continue to evolve, enterprises are challenged with enhancing their ability to detect cyberthreats and keep themselves from harm, according to a recent report about building successful SOCs from the Information Security Forum (ISF).
Read more
1 Comment

New Vulnerability Risk Model Promises …

Taking into account more factors than the current CVSS makes for a better assessment of actual danger. BLACK HAT USA 2019 – Las Vegas – Vulnerabilities happen. There’s nothing new or mysterious about that. Neither is there mystery around the fact that something must be done to address vulnerabilities. But out of the thousands of
Read more
1 Comment

How Behavioral Data Shaped a Security Training …

A new program leveraged behavioral data of employees to determine when they excelled at security and where they needed improvement. BLACK HAT 2019 – Las Vegas – As human error continues to top data breach causes, security leaders grapple with how to get employees to care about, and adopt, stronger security habits. “When you think
Read more
1 Comment

Slow Your Roll Before Disclosing a Security Incident

Transparency rules, but taking the right amount of time to figure out what happened will go a long way toward setting the record straight. Security incidents happen all the time, but when one actually strikes an organization, security professionals often find themselves uncertain whether it needs to be disclosed to the public or shared with
Read more
1 Comment

Researchers Show Vulnerabilities in Facial Recognition

The algorithms that check for a user’s ‘liveness’ have blind spots that can lead to vulnerabilities. BLACK HAT USA 2019 – Las Vegas – The multifactor authentication that some have touted as the future of secure authentication is itself vulnerable to hacks as complex as injected video streams and as simple as tape on a
Read more
1 Comment

Security Culture Is Everyone’s Culture

In his Black Hat USA keynote, Square’s Dino Dai Zovi discussed lessons learned throughout his cybersecurity career and why culture trumps strategy. BLACK HAT USA 2019 – Las Vegas – Cybersecurity no longer has to worry about getting attention, said Black Hat founder Jeff Moss in his introduction to the keynote that kicked off the
Read more
1 Comment

Buttigieg Campaign Adds a CISO

Democratic presidential hopeful Pete Buttigieg’s campaign reportedly may be the first to bring a security exec on board.
Read more
1 Comment

New Speculative Execution Vulnerability Gives CISOs …

The vulnerability, dubbed SWAPGS, is an undetectable threat to data security, similar in some respects to Spectre and Meltdown. Bogdan Botezatu, director of threat research at BitDefender, leans across the table in a hotel lobby coffee shop to make his point. “When you’re a CISO, there is no single of vulnerability you’re aware of that
Read more
1 Comment