Why organizations need a risk-based approach to securing payment card data [Q&A]
The Payment Card Industry Data Security Standard (PCI DSS) has done much to cut credit card fraud by ensuring that businesses comply with the rules.
But Charles White founder and chief executive of UK-based risk consultancy Information Risk Management (IRM) argues that it has now become little more than a tick box activity which enterprises go through to gain accreditation.
App collusion is not a myth anymore
Up until today, app collusion for malicious purposes has been in the domain of myths and urban legends, but according to a new report by Intel Security, no more.
The security firm released its latest security report, entitled McAfee Labs Threats Report: June 2016, in which it says that it had found some apps capable of app collusion.
AT&T fends off 200,000 malware attacks every day
AT&T has revealed that its network is constantly under the threat of attack by cybercriminals looking for ways to breach its security.
Each day the company detects over 30 billion malicious scans being deployed to find weaknesses in its network. Cybercriminals often use such scans to detect security vulnerabilities that could be exploited in future attacks. Researchers at AT&T also noted how the number of ransomware attacks increased significantly, with as many as 1.5 million new attacks occurring between 2013 and 2015.
Major websites are vulnerable to advanced bots
Pretty much every top website, in retail, financial services, consumer services, OTA members (Online Trust Alliance), news and media, and top US government agencies, is vulnerable to advanced bots, new research says.
Bot detection and mitigation company Distil Networks, analyzed 1,000 top websites in these verticals, and how they behave against crude, simple, evasive and advanced bots. All of the verticals performed quite well against crude bots, (75 percent in consumer services, 70 percent in government, 65 percent in financial services, 64 percent in news and media, 78 percent in retail and 67 percent in OTA members), but when it comes to advanced bots, one percent is the best result found.
Most countries unprepared for General Data Protection Regulation
The EU's General Data Protection Regulation (GDPR) intended to strengthen data protection is due to come into force in May 2018, yet new research from content management company Metalogix shows IT professionals in many countries aren't prepared for it.
Among the top IT considerations for a cloud archiving solution, GDPR readiness ranked only fourth, named by 26 percent, behind security (79 percent), administrative control (50 percent), and service level agreements (44 percent).
Apple: Developers must use App Transport Security by 2017
Apple has announced that the deadline by which app developers must enable App Transport Security (ATS) in all apps is 1 January 2017. ATS is not a new feature of iOS 10, having been introduced in iOS 9 and it increases the security of data transferred over the web by apps.
With ATS enabled, apps are forced to use the far more secure HTTPS rather than HTTP, and this is something we've become accustomed to looking out for when browsing the web. At the moment, developers are able to disable ATS, but from the end of the year this will no longer be possible.
Retailers aren't spending on the right areas to protect data
The retail sector has been the subject of some of the most high profile data breaches in recent years. Add to this the willingness of customers to switch allegiance in the event of a breach and it's clear the industry needs to take security seriously.
A new survey from enterprise data protection specialist Vormetric in conjunction with 451 Research focuses on retail companies, detailing IT security spending plans, perceptions of threats to data, rates of data breach failures and data security stances.
IT vs security pros: Handling appsec
A new report into corporate app security, conducted by runtime application security visibility and protection company Prevoty, shows significant discrepancies between IT and security professionals, when it comes to app security.
The report, entitled "The Real Root Cause of Breaches -- Security and IT Pros at Odds Over AppSec", is based on a poll of more than 1,000 IT and security professionals and says there are major divides in how these two groups handle app updates, app security tuning and backlogging.
EMEA businesses too slow to detect a data breach
It takes businesses in the EMEA region (Europe, Middle East, Africa) three times longer than businesses elsewhere in the world to detect a breach, mostly because they’re forced to detect such hits themselves instead of relying on outside help.
Those are the general conclusions of the first Mandiant M-Trends EMEA Report. The report, released by security experts FireEye, is based upon the statistics collected during investigations in the region, done by Mandiant’s leading consultants in 2015.
Symantec buys Blue Coat Systems
Symantec has decided to purchase Blue Coat Systems for $4.65 billion in a move that will allow it to more thoroughly protect its users from a variety of threats online.
The deal will also see Blue Coat’s CEO, Greg Clark, become Symantec’s new CEO. This will help the company fill the role which has been vacant since its previous chief executive, Michael brown stepped down in April due to poor financial results.
IoT has too many devices and not enough security
As Internet of Things devices expand their reach into the enterprise, they make greater demands on security.
New research from cyber security specialist ForeScout Technologies reveals that while IT professionals acknowledge the growing number of IoT devices on their networks, they are unaware of how to properly secure them.
More than half of board members are willing to sack security execs for poor reporting
The decisions that board level executives make on cyber security are very dependent on the quality of the reports they receive from front line management.
A new report from cyber risk analysis specialist Bay Dynamics, carried out in conjunction with Osterman Research, looks at how boards of directors see cyber security reports. Among its findings are that 59 percent of board members say that one or more IT security executives will lose their job as a result of failing to provide useful, actionable information.
SailPoint extends open identity management platform
Since threats to enterprise systems often come from stolen or compromised credentials, managing user identity is a vital part of modern security.
Access control specialist SailPoint is announcing a plugin framework for its SailPoint IdentityIQ platform that will allow customers and partners to develop extensions to the core product features, so they can move towards a more identity-aware organization.
Internet of Things devices are NSA's latest target
The Internet of Things (IoT) may be the US National Security Agency’s next potential target for spying and collecting data according to a comment made by its deputy director at a recent military technology conference.
During the conference, which was held in Washington DC on June 10, deputy director of the NSA Richard Ledgett said that the agency is considering potential ways it could collect data from internet-connected devices such as smart appliances and pacemakers.
Encryption-focused Apple File System (APFS) replacing HFS+ on macOS, iOS, tvOS, watchOS
Apple was quite boisterous at WWDC today regarding its operating systems and services. Quite frankly, I was blown away at all the ways the company is looking to improve its customers' lives, but some folks were apparently underwhelmed. Oh well, you can't please everyone, I suppose.
For some reason, Apple was fairly quiet about one huge change -- it is replacing the HFS+ file system. Based on the more-than-30-year-old HFS, it is apparently time to move on. What is the upcoming file system called? The unimaginatively "Apple File System". The encryption-ready file system will be used on macOS, iOS, tvOS, and watchOS.
© 1998-2026 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.