In August 2019, someone at Japan’s Toyota Boshoku Corp. received fraudulent payment instructions by email to send 4 billion yen (about $37 million) to a third party — which they did. “We became aware that the directions were fraudulent shortly after the leakage,” the company disclosed in a statement. The company reacted quickly once it…
When it comes to protecting the growing infrastructure at Polaris Alpha, CISO Eric Schlesinger believes in a people-and-processes approach over a tools-based approach. But five years from now, those priorities will likely shift. “I believe that machine learning and AI are the future to security operations. An ‘artificial analyst’ can replace one or two full-time…
The world of email encryption has changed significantly in the past few years. The leading tools are evolving, each in their own way: HPE/Voltage SecureMail is now part of Micro Focus, part of an acquisition of other HPE software products Virtru Pro has extended its product with new features and integrations Inky no longer focuses…
Consumers are more worried now about their protected health information (PHI) being compromised, thanks to high-profile breaches like Anthem and Allscripts. The recent RSA Data Privacy Report surveyed 7,500 consumers in Europe and the US. It showed that 59 percent of the respondents were concerned about their medical data being compromised. Thirty-nine percent were worried…
In the latest major cloud security foul-up, Capital One suffered a data breach, which affected 100 million people in the United States, and 6 million in Canada. It wasn’t just Capital One caught with their security pants down. We now know hacker Paige A. Thompson stole terabytes of data from more than thirty other companies,…
Security researchers found a remotely exploitable critical vulnerability in a building management system used by businesses, hospitals, factories and other organizations to control things like ventilation, temperature, humidity, air pressure, lighting, secure doors and more. The vendor has released a firmware update, but hundreds of these systems are still exposed on the internet, highlighting the…
Before the General Data Protection Regulation (GDPR) became official in May 2018, I heard a similar story from many CISOs. Data privacy programs were legal exercises focused on data classification and governance. Yes, there were security angles around compliance, DLP, and incident response, but legal had oversight around which data was considered as private and…
Penetration testers and attackers have a new tool in their arsenal that can be used to automate phishing attacks in a way that defeats two-factor authentication (2FA) and is not easy to detect and block. The tool makes such attacks much easier to deploy, so organizations should adapt their anti-phishing training accordingly. The new toolkit…
New protections for consumers, such as the EU’s General Data Protection Regulation (GDPR)— which is celebrating its first anniversary, and the new California Consumer Privacy Act (CCPA), provide consumers with added protections to ensure their privacy and prevent issues related to data theft or misuse. They do this by defining what is meant by personally…
A new report that looked at millions of connections from IoT devices present on enterprise networks found that over 40% of them do not encrypt their traffic. This means a large number of such devices are exposed to man-in-the-middle (MitM) attacks where hackers in a position to intercept traffic can steal or manipulate their data….
Business email compromise attacks cost millions, losses doubling each year
