(IN)SECURE Magazine Notifications RSS

Subscribe to (IN)SECURE Magazine Notifications RSS feed
Daily information security news with a focus on enterprise security.
Updated: 8 min 17 sec ago

Most Facebook users aren’t aware that Facebook tracks their interests

7 hours 53 min ago

Too many Facebook users aren’t aware that the company uses the information provided by them and their actions on the platform and outside of it to create a list of their traits and interests, which is then used by to target them with relevant ads. The survey According to the results of a new Pew Research Center surveys, which polled a representative sample of US-based, adult Facebook users: 88% discovered that the site had generated … More →

The post Most Facebook users aren’t aware that Facebook tracks their interests appeared first on Help Net Security.

Mining malware evades agent-based cloud security solutions

8 hours 7 min ago

Cloud infrastructures are a growing target for threat actors looking to mine cryptocurrency, as their vast computational power allows them to multiply the mining malware’s effect. Keeping its presence from being noticed as long as possible is, naturally, a goal worth striving for and criminals are coming up with new ways to achieve it. One of the approaches, employed by a threat group dubbed Rocke, is to uninstall agent-based cloud security products before downloading the … More →

The post Mining malware evades agent-based cloud security solutions appeared first on Help Net Security.

New infosec products of the week: January 18, 2019

8 hours 23 min ago

XebiaLabs launches new DevOps risk and compliance capability for software releases The XebiaLabs DevOps Platform provides a single pane of glass for technical and business stakeholders to track the release chain of custody across the end-to-end CI/CD toolchain, from code to production. And, with visibility into security and compliance issues, teams can take action to ensure that release failure risks, security vulnerabilities, and IT governance violations are resolved early in the software delivery cycle. ExtraHop … More →

The post New infosec products of the week: January 18, 2019 appeared first on Help Net Security.

New requirements for the secure design and development of modern payment software

8 hours 38 min ago

The PCI Security Standards Council (PCI SSC) published new requirements for the secure design and development of modern payment software. The PCI Secure Software Standard and the PCI Secure Lifecycle (Secure SLC) Standard are part of a new PCI Software Security Framework, which includes a validation program for software vendors and their software products and a qualification program for assessors. The programs will be launched later in 2019. “Innovation in payments is moving at an … More →

The post New requirements for the secure design and development of modern payment software appeared first on Help Net Security.

Protecting privileged access in DevOps and cloud environments

8 hours 52 min ago

While security strategies should address privileged access and the risk of unsecured secrets and credentials, they should also closely align with DevOps culture and methods to avoid negatively impacting developer velocity and slowing the release of new services. Example of tools in the DevOps pipeline Despite this, 73 percent of organizations surveyed for the 2018 CyberArk Global Advanced Threat Landscape report have no strategy to address privileged access security for DevOps. Key recommendations The report … More →

The post Protecting privileged access in DevOps and cloud environments appeared first on Help Net Security.

Risk managers see cybersecurity as the biggest threat to business

9 hours 8 min ago

Sword GRC canvassed amost 150 risk managers from highly risk-aware organizations worldwide for their opinions. Overall, cybersecurity was seen as the biggest risk to business by a quarter of organizations. In the UK, Brexit and the resulting potential economic fall-out was cited as the biggest risk to business by 14% of risk managers. The most notable regional variation was in the US where 40% of organizations see cybersecurity as the most threatening risk. The most … More →

The post Risk managers see cybersecurity as the biggest threat to business appeared first on Help Net Security.

Amazon Web Services announces AWS Backup

Thu, 01/17/2019 - 22:30

Amazon Web Services released AWS Backup, a backup service that makes it faster and simpler for customers to back up their data across AWS services and on-premises, helping customers meet their business and regulatory backup compliance requirements. AWS Backup makes protecting storage volumes, databases, and file systems easier by giving customers a single service to configure and audit the AWS resources they backup, automate backup scheduling, set retention policies, and monitor recent backups and restores … More →

The post Amazon Web Services announces AWS Backup appeared first on Help Net Security.

Immuta expands GRC expertise to help enterprises build data science programs

Thu, 01/17/2019 - 22:00

Immuta revealed that financial services industry veteran Richard Geering has joined as the company’s Vice President of Governance, Risk, and Compliance (GRC), reporting to CEO Matthew Carroll. Richard joins Immuta from the Royal Bank of Canada (RBC), where he served as Chief Operational Risk Officer for Investor and Treasury Services. He brings 25 years of experience in financial services and risk management, with broad domain knowledge in data analytics. Working alongside Immuta’s product and sales … More →

The post Immuta expands GRC expertise to help enterprises build data science programs appeared first on Help Net Security.

Advanced Fraud Solutions partners with Q6 Cyber to fight card fraud

Thu, 01/17/2019 - 21:30

Advanced Fraud Solutions and Q6 Cyber unveiled that they have partnered to integrate Q6 data feeds directly into the TrueCards fraud prevention software platform. TrueCards is a tool allowing financial institutions’ fraud teams to monitor card holder transactions for test sites, breaches, and common points of compromise (CPC). Q6 Cyber employs an approach to monitoring the “Digital Underground,” including the DarkWeb and DeepWeb. Leveraging years of law enforcement and intelligence experience in the dark corners … More →

The post Advanced Fraud Solutions partners with Q6 Cyber to fight card fraud appeared first on Help Net Security.

Onapsis signs agreement to acquire ERP cybersecurity company Virtual Forge

Thu, 01/17/2019 - 21:00

Onapsis has entered into a definitive agreement to acquire privately-held Virtual Forge, headquartered in Heidelberg, Germany. Onapsis’s platform is the cybersecurity solution that protects the ERP systems and business-critical applications of the world’s largest organizations. Founded in 2006, Virtual Forge is the provider of solutions to prevent, detect and remediate cybersecurity and compliance risks in customizations and extensions of SAP applications. The combination of Onapsis and Virtual Forge will empower customers to have visibility, incident … More →

The post Onapsis signs agreement to acquire ERP cybersecurity company Virtual Forge appeared first on Help Net Security.

773 million records exposed in massive data breach

Thu, 01/17/2019 - 06:43

Someone has compiled a massive collection of email addresses and plain text passwords, apparently from 2000+ hacked databases, and has made the trove freely available for download via the MEGA cloud storage service. The set – dubbed Collection #1 – also ended on a popular hacking forum after it was removed from MEGA. Is your email address or password included in the set? Troy Hunt, the security researcher known for his Have I Been Pwned? … More →

The post 773 million records exposed in massive data breach appeared first on Help Net Security.

Compromised ad company serves Magecart skimming code to hundreds of websites

Thu, 01/17/2019 - 02:00

Security researchers have flagged a new web-based supply chain attack by one of the cybercriminal groups that fall under the Magecart umbrella. The attackers managed to compromise Adverline, a French online advertising company with a European-focused clientele, and inject payment card skimming code into one of its JavaScript libraries for retargeting advertising. The targets “Web-based supply chain attacks compromise vendors that supply code often used to add or improve site functionality. This code integrates with … More →

The post Compromised ad company serves Magecart skimming code to hundreds of websites appeared first on Help Net Security.

2019 cybersecurity workforce: Recruiting vs. re-skilling

Thu, 01/17/2019 - 01:45

The cybersecurity talent gap is not just an IT industry crisis. It’s one with global ramifications. As the inevitable march towards digitalizing the world continues, it brings with it a steady stream of new opportunities for bad actors to take advantage of systems and exploit vulnerabilities both new and old. Cybercrime is becoming increasingly lucrative as the barrier to entry is lowered daily, with sophisticated and easy-to-use tools available for purchase on the dark web. … More →

The post 2019 cybersecurity workforce: Recruiting vs. re-skilling appeared first on Help Net Security.

Cyber risk management and return on deception investment

Thu, 01/17/2019 - 01:30

This article is fifth in a five-part series being developed by Dr. Edward Amoroso in conjunction with the deception technology team from Attivo Networks. The article provides an overview of how deception fits into information risk management strategies and how organizations can answer C-level ROI questions for justifying deception. Cyber risk management and deception Perhaps the most foundational objective for any enterprise cyber security team is the proper management of risk. Too often, teams get … More →

The post Cyber risk management and return on deception investment appeared first on Help Net Security.

How IT organizations are transforming to meet the demands of the digital economy

Thu, 01/17/2019 - 01:15

The 2019 State of Application Services report from F5 Networks showed that organizations regard application services as vital for cloud adoption and, ultimately, for success in today’s app-driven digital economy. Emerging application services like ingress control and IoT gateways are on the rise, and together with established services such as firewalls and global server load balancing, are enabling companies to adapt to the requirements of today’s multi-cloud world. “Applications are now the most valuable asset … More →

The post How IT organizations are transforming to meet the demands of the digital economy appeared first on Help Net Security.

Encryption is key to protecting information as it travels outside the network

Thu, 01/17/2019 - 01:00

A new Vera report reveals stark numbers behind the mounting toll of data breaches triggered by cybercrime and accidents. One of the most recognized and mandated security controls, installed encryption tools protect just four percent of breached files. Meanwhile, compliance-focused mindsets and perimeter-driven encryption deployments keep organizations’ encryption investments fundamentally misaligned with how employees and business partners use crown jewel data. Vera surveyed cybersecurity and IT decision-makers at North American organizations across healthcare, finance, government … More →

The post Encryption is key to protecting information as it travels outside the network appeared first on Help Net Security.

ExtraHop turns security analysts into threat experts with Reveal(x) winter 2019

Wed, 01/16/2019 - 23:00

ExtraHop released new capabilities designed to help Security Operations Center (SOC) and Network Operations Center (NOC) teams identify and safeguard critical assets, detect late-stage and insider threats, and transform security analysts into threat experts with streamlined investigation workflows. Demand for business agility and uptime have accelerated the modernization of IT, which is now dynamic and distributed – from the data center, to cloud infrastructure and SaaS, to remote sites and device edges. These changes introduce … More →

The post ExtraHop turns security analysts into threat experts with Reveal(x) winter 2019 appeared first on Help Net Security.

Aerohive announces cloud management for its A3 Secure Access Management solution

Wed, 01/16/2019 - 22:00

Aerohive Networks released the cloud management for its A3 Secure Access Management solution. A3 brings an approach to Corporate, BYOD, Guest, and IoT client device onboarding, authentication, and network access control (NAC). First launched in May 2018 as an on-premises solution, Aerohive now introduces a new deployment option for A3 with cloud-based monitoring and, expected in Q2, configuration for all customer sites, while localized tasks like device onboarding and access-control enforcement will be executed by … More →

The post Aerohive announces cloud management for its A3 Secure Access Management solution appeared first on Help Net Security.

BigID and Ionic Security partner to enhance data governance and privacy for multi-cloud compliance

Wed, 01/16/2019 - 21:30

BigID and Ionic Security partner to enable organizations to automate policy enforcement and auditability driven by data intelligence. The partnership removes barriers to cloud adoption for organizations struggling with compliance, allowing them to take a consolidated and granular approach to protecting sensitive data by integrating BigID discovery and classification with the Ionic Data Trust Platform’s real-time policy management. Together, BigID and Ionic provide an automated, accurate, and scalable solution that identifies, classifies, and enforces data … More →

The post BigID and Ionic Security partner to enhance data governance and privacy for multi-cloud compliance appeared first on Help Net Security.

FireEye president Travis Reese joins Waterfall Security board of directors

Wed, 01/16/2019 - 21:00

Waterfall Security Solutions unveiled that cyber security veteran and industry leader Travis Reese is joining Waterfall’s board of directors. Mr. Reese is currently the president of FireEye and was the president and chief operating officer at Mandiant before Mandiant was acquired by FireEye in 2013. “We welcome Mr. Reese to Waterfall’s board,” said Lior Frenkel, CEO and Co-Founder of Waterfall Security Solutions. “With Waterfall’s Unidirectional Security Gateways having gone mainstream in a growing number of … More →

The post FireEye president Travis Reese joins Waterfall Security board of directors appeared first on Help Net Security.

Pages