How to manage IT risk without killing innovation
Startup slogans are inescapable in tech: Move fast. Break things. Minimum viable product. These are exciting ideas, for sure, but to put them to use in IT, you’ll need to tailor them to your context. For IT executives running established businesses, the risk-reward scenario is different. Thousands or millions of customers depend on your infrastructure….
Cambridge Analytica Says it is ‘No Bond Villain’
Cambridge Analytica claimed Tuesday it was “no Bond villain” as it vehemently denied exploiting Facebook users’ data for the election campaign of US President Donald Trump. The marketing analytics firm stressed it had deleted data about Facebook users obtained in breach of the social network’s terms of service. The information had been gathered via a…
New Crossrider variant installs configuration profiles on Macs
A new variant of the Crossrider adware has been spotted that is infecting Macs in a unique way. For the most part, this variant is still quite ordinary, doing some of the same old things that we’ve been seeing for years in Mac adware. However, the use of a configuration profile introduces a unique new…
Largest inhibitor of cyber insurance market growth? Silent cyber risk
A new study of the UK cyber risk insurance and broker community reveals startling findings. First and foremost, the insurance industry needs to address non-affirmative cyber in a meaningful way. Second, measurement of cyber risk in financial terms is highly deficient among insurance customers and the insurance industry itself. More than three-quarters (77 percent) of UK cyber…
GDPR: It’s an issue of transparency
The General Data Protection Regulation (GDPR) has been on the lips of security professionals for a long time now – but in just over a month, it will become a reality. While it is easy to get stuck with reviewing the potential fines or setting up efficient security procedures to ensure compliance, many are still…
FDA plans to improve medical device cybersecurity
The US Food and Drug Administration (FDA) plans to tackle security issues related to medical devices and has released a plan of action it means to implement in the near future. Broadly, plan is as follows: Establish a robust medical device patient safety net in the US Explore regulatory options to streamline and modernize timely implementation of…
iPhones, iPads Can Be Hacked via ‘Trustjacking’ Attack
A feature that allows users to wirelessly sync their iPhones and iPads with iTunes can be abused by hackers to take control of iOS devices in what researchers call a “Trustjacking” attack. This feature can be enabled by physically connecting an iOS device to a computer with iTunes and enabling the option to sync over…
Tackle Five Top Security Operations Challenges With Threat Intelligence
“Knowledge is of no value unless you put it into practice.” When Russian author Anton Chekhov said this more than a century ago, he very well could have been speaking of threat intelligence. More than 80 percent of cybersecurity professionals polled by SANS (PDF) say that threat intelligence is providing them value. Most organizations are…
New targeted surveillance spyware found on Google Play
A new targeted surveillance app has been found and booted from Google Play. The app, named Dardesh, posed as a chat application and acted as a downloader for a second app that could spy on users. The Dardesh app was spotted and analyzed by Lookout researchers, who dubbed the malware family Desert Scorpion. How was…
BrandPost: How to build a good cyber defense routine
Although it may seem fast-paced and glamorous, the cyber threat landscape is actually more populated with simple, garden-variety attacks than sophisticated and exotic techniques. With free tools and kits, it’s become easier than ever to engage in phishing, cross-site scripting, and other malicious activities. When we imagine all cybercriminals as masterminds using bleeding-edge tools, we…