• Mobile SSL failures: More common than they should be

    Securing your mobile application traffic is apparently more difficult than it should be, as researchers Anthony Trummer and Tushar Dalvi discovered when looking into SSL/TLS usage on the Android operating system and applications, as well as on iOS and Windows 8 mobile.

    In this podcast recorded at the Hack in the Box conference in Amsterdam, Trummer, who's a Staff Information Security Engineer at LinkedIn, points out the most common mistakes organizations make when implementing SSL/TLS, and gives instructions on how to avoid them.

  • Why is ERP security so difficult?

    ERP (Enterprise Resource Planning) security has been all over the news lately. From high profile breaches, like the recent U.S. Office of Personnel Management breach, to researchers presenting vulnerabilities in ERP systems at recent security conferences, the visibility of ERP in the security community has never been higher.

    Still, many security professionals aren’t familiar with how ERP systems work and the complexities involved in properly testing them. Why are ERP systems different than other systems?

  • What a business leader should know about the cloud and its impact

    Great companies see business risks as opportunities, and execute strategies accordingly. Such a mentality is compatible with emerging technologies. IT plays a vital role in the deployment of new strategies that mitigate business risk. With the proliferation of so-called cloud services, the execution has become less complicated. The cloud is no longer an emerging phenomenon, and the number of vendors and services offered with the “cloud“ badge has been exploding. Indeed, there are very few companies in the world that are not currently using cloud services in some form.

  • Never underestimate the impact of a data breach

    The growth of cyber-crime and the impact of successful attacks on an organization's bottom-line should not be underestimated; it is anticipated that data breaches will cost businesses up to £1.3tn by 2019, with new threats emerging at the astonishing rate of 390,000 per day. As the threat landscape continues to grow, the responsibility for guarding against damaging cyber attacks and protecting corporate data will lie with all employees.

  • Why location-based social media data is critical for security

    The volume of social content is massive – one billion monthly active users, 500M daily tweets, 70M photos and videos shared everyday based on data from Twitter, Instagram and YouTube alone. There must be an effective strategy in place for listening to and analyzing the sometimes-critical data it brings and turning it into valuable, actionable information for security purposes.

  • We don't know what we don't know

    Citing the latest cyber security statistics is a popular way for security companies to show that they are keeping a watchful eye on the threat landscape. Where does the majority of threats come from? What industries are being targeted? Which countries are involved? Which mobile OS is better? We want answers to these and dozens of questions more, and we want those answers in nice, concise, tweetable metrics.

    But the problem is that we simply don’t know. Sure, some companies claim to know, but here’s a secret: they’re wrong. They might know something, probably even a lot, but not everything.

  • The best way to prevent data breaches? It's not what you think

    Data security breaches seem to be popping up almost daily. From the 2015 IRS breach, to the hacking of federal government employees’ data by China, it’s clear much of our most important data are at risk. Yet, one of the most obvious frontline defenses is often overlooked.

    When people think of hacking attempts, Hollywood makes it seem that it’s a matter of overcoming a computer system or firewall through some brilliant algorithm or brute force attack. But in reality, the easiest way to hack into an organization is through its employees.

  • Data-centric security with RightsWATCH

    The fact that sensitive data seems to increasingly follow a pattern of being leaked, lost or stolen, has forced security professionals to rethink how their organizations can keep their most valuable assets safe.

    In this podcast recorded at Infosecurity Europe 2015, Rui Melo Biscaia, Product Management Director at Watchful Software, talks about RightsWATCH, a state-of-the-art data-centric information security solution that ensures sensitive information can only be used by those that have express authority to do so. Even if sensitive data is leaked, it is rendered useless to unauthorized parties that may acquire it.

  • You've been breached, now what?

    Everybody tends to think that hackers will never ever target them or their company/organization until a breach occurs. We have already published several practical examples explaining why hackers target you and your data. Here, I will try to concentrate on post-incident actions and provide some advice on what to do after you have been hacked.

  • Why vulnerability disclosure shouldn’t be a marketing tool

    I want to talk about a vulnerability disclosure trend that I have recently noticed – a trend that I believe may ultimately cause more harm than good: security vendors using vulnerability disclosure as a marketing tool with the goal of enhancing their company’s bottom line.

Videos      Podcasts


Hospitals advised to stop using vulnerable computerized drug pumps

This is the first time that the US FDA has advised healthcare providers to stop using a medical device because of cybersecurity vulnerabilities.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Aug 4th