Flaws highlighted by researchers at Black Hat Europe could be used to bypass self-encrypting drives' crypto, defeat Windows BitLocker, fool self-driving cars, mess with oil and gas ERP systems and more.
A government audit of Internal Revenue Service financial statements reveals deficiencies in internal information security controls, including missing security updates, insufficient audit trails and monitoring for certain key systems and use of weak passwords.
As the Department of Health and Human Services gears up for its second round of HIPAA compliance audits, the focus will shift to using these audits for potential enforcement actions, including financial settlements, predicts attorney Anna Spencer.
Here's how police and intelligence officials in Europe and the United States are collaborating to identify and disrupt the network of people that planned, supported and launched the Nov. 13 terror attacks in Paris.
The continuous integration tools that many software developers rely on are often misconfigured or lack security controls, thus putting code at risk, security expert Nikhil Mittal claims at Black Hat Europe.
Because hackers often find a way to stick around or repeat their network intrusions after remediation efforts are completed, organizations need to ramp up their "continuous detection" efforts, says security expert Wendi Whitmore of CrowdStrike.
In the wake of massive health data breaches, four U.S. Senators are demanding that the Department of Health and Human Services provide details about how it tracks medical ID theft and fraud and assists victims. But is HHS positioned to address the issues?
Financial institutions no longer can rely on strong passwords or even two-factor authentication to secure their customers' data. Instead, they must weed out fraudsters through the use of behavioral analytics and passive biometrics, Ryan Wilk of NuData Security says in this video interview.
The annual Black Hat Europe conference launched on an introspective note, with security expert Haroon Meer using a best-selling book on individuals' workplace failures to argue that it's time for information security professionals to stop making excuses.
Although the U.S. Office of Personnel Management has granted the Department of Homeland Security permission to hire 1,000 cybersecurity specialists, that authorization doesn't ensure that 1,000 experts will be hired anytime soon.
A data breach potentially affecting 16,000 patients at a group of Texas pediatric clinics spotlights the challenges in preventing and detecting breaches involving insiders who are authorized to access records.
As cyberattacks become more sophisticated, organizations need to convert data into proactive threat intelligence, says Jim Penrose of Darktrace. In a video interview, he describes the concept of an "Enterprise Immune System."
An upcoming Verizon report on health data breaches illustrates that the data is at risk at organizations outside of the healthcare sector, and not just at hospitals, clinics, insurers and their business associates, says security expert Suzanne Widup of Verizon Enterprise Solutions.
Banks need to prepare for many more massive cyberattacks along the lines of the sophisticated campaign that hit JPMorgan Chase and other financial services organizations, says Javelin Strategy & Research's Al Pascual, who offers risk management insights.