A commentary on the need for developers to be more deliberate in securing IT products leads the latest edition of the ISMG Security. Also featured: A report on Congress tackling voting machine security.
U.S. government agencies now find themselves having to comply with Binding Operational Directive 18-01 to enhance email and web security. But what are the immediate tasks for agencies to undertake?
Download this eBook on enhancing email and web security and learn about:
The toughest compliance task facing...
We all see the headlines about high-profile breaches that started because of a phishing exploit. But how severe is the global email infiltration problem?
90 percent of data breaches investigated by the secret service, law enforcement, and forensic companies start from an email infiltration, according to the the...
Organizations are rapidly migrating services and data to cloud infrastructure, creating a new "cloud generation" of users who bring with them a new set of endpoint security concerns. How should these issues be prioritized and addressed? Naveen Palavalli of Symantec details new strategies and solutions.
Apple's latest desktop operating system, High Sierra, has a massive vulnerability that allows anyone to create, without a password, a "root" account that has access to all files on the computer. It's the third authentication-related fumble found in High Sierra since its general release in September.
When Arbor Network's Paul Bowen looks at the IoT threat to healthcare, he's concerned about how medical devices are conceived, created and connected. And he says device manufacturers are dangerously behind the maturity curve when compared to threats actors.
Give crooks credit for topicality: They remain loathe to miss a trick. Indeed, hardly any time elapsed after Uber came clean about the year-old breach it had concealed before crack teams of social engineers unleashed appropriately themed phishing messages designed to bamboozle the masses.
Download this guide that provides tactical guidelines to assist Federal agencies in complying with the DHS Binding Operational Directive (BOD) 18-01 requirements.
This guide details:
Required Actions Overview
Required Actions - Email Security
Required Actions - Web Security
Status of Implementation
To meet the DHS Binding Operational Directive (BOD) 18-01, Federal agencies were required to submit an agency plan of action to improve email and web security by November 15th.
If this deadline came and went without submission - we have you covered.
Download this guide to creating an effective agency plan of...
A House committee is urging HHS to act soon on a recommendation made by its cybersecurity task force: Develop a description of the cyber risks of components of medical devices. But a task force member says Congress should be pressing HHS to take action on all of the panel's recommendations, not just one.
Security experts are awaiting more details from Intel about two classes of vulnerabilities in its chips that could put organizations' most trusted data at risk. Millions of computers are affected, and computer manufacturers must prepare and distribute customized patches.
Recent versions of Windows have a security problem: They're not random enough, CERT/CC warns. The problem centers on certain uses of ASLR, which is designed to block return-oriented programming techniques and code reuse attacks.
It's frightening what criminals can buy on the dark web. But it's even scarier that they may be buying your own security certificates to use against you. Venafi recently sponsored a six-month investigation into the sale of digital code signing certificates on the dark web. Conducted with the Cyber Security Research...
Our increased dependence on machines is so profound that even the definition of machine is undergoing radical change. The number and type of physical devices on enterprise networks has been rising rapidly, but this is outstripped by the number of applications and services they host.
At the same time, cloud adoption...