At three of the world's largest information security events in 2018, Information Security Media Group's team of editors conducted about 200 video interviews with industry thought leaders, who provided timely insights on important topics. Here's your guide to those interviews.
Warning: Attackers behind the recently revealed Facebook mega-breach may still be able to access victims' accounts at some third-party web services and mobile apps, and Facebook has offered no timeline for when a full lockdown might occur - although there are no signs of third-party account takeovers.
Suzanne Spaulding, former undersecretary for the Department of Homeland Security, says a key way to ensure public confidence in the security of U.S. elections is to rely on paper ballots for voting or as backups for electronic balloting.
Healthcare organizations often fail to address five fundamental elements of a solid cybersecurity program, says security expert Mark Johnson of the consultancy LBMC Information Security, who formerly was CISO at Vanderbilt University and Medical Center.
Step away from the social media single sign-on services, cybersecurity experts say, citing numerous privacy and security risks. Instead, they recommend that everyone use password managers to create unique and complex passwords for every site, service or app they use.
While Facebook has invalidated 90 million users' single sign-on access tokens following a mega-breach, researchers warn that most access token hijacking victims still lack any reliable "single sign-off" capabilities that will revoke attackers' access to hyper-connected web services and mobile apps.
As new payment options continue to emerge via mobile phones and internet of things devices, the PCI Security Standards Council is broadening its security efforts, starting with a new standard for contactless payments coming early next year, says Troy Leach, PCI SSC's chief technology officer.
In its ongoing quest to improve the state of medical device cybersecurity, the FDA has announced a number of key moves - including the release of a security "playbook," plans to leverage information sharing and analysis organizations and an effort to update its 2014 premarket guidance for manufacturers.
To comply with GDPR, Facebook has notified Ireland's data privacy watchdog about the massive breach it has suffered, resulting in 50 million accounts being exposed. But Irish authorities have signaled that Facebook has failed to share all of the information they would have expected to see.
Facebook says that whoever hacked 50 million user accounts, putting the privacy of those users' personal data at risk, did so by abusing its "View As" privacy feature. Facebook says the attack successfully targeted three separate bugs in its video-uploading functionality.
Facebook revealed Friday that it had discovered a breach that affected almost 50 million user accounts. Attackers exploited a vulnerability that enabled them to steal "access tokens," digital keys that keep users logged in so they don't need to re-enter their password.
Several days after the Port of San Diego was hit by a crypto-locking ransomware attack, incident response efforts remain underway and many port systems remain offline. Port officials say the attacker has demanded a ransom, payable in bitcoin, for the promise of a decryption key.
Because business associates have been culprits in heath data breaches impacting millions of individuals, healthcare entities need to be diligent in taking steps to reduce the persistent risks these vendors pose, says privacy and security expert Susan Lucci.