Internet of things devices are vulnerable to an array of potential cyberattacks, including zero-day exploits, distributed denial-of-service attacks and passive wiretapping, according to a new GAO report, which cites mitigation advice from experts.
In an in-depth interview, Verizon's Ashish Thapar analyzes the results of the company's latest Data Breach Investigations Report, noting, for example, the spread of cyberespionage in several sectors worldwide. He also shares insights on effective mitigation strategies.
Adam Mudd has been sentenced to a two-year prison term after he pleaded guilty to developing and selling "Titanium Stresser," an on-demand DDoS attack tool tied to over 1.7 million attacks worldwide. Separately, Britain's high court ruled that Lauri Love can fight a U.S. extradition request.
Biometric adoption and demand by consumers is increasing rapidly. Next-gen solutions now exist for organizations to bring secure, frictionless authentication to their consumers using biometric solutions. Michael Lynch of InAuth shares insights.
When she first joined the Los Angeles County district attorney's office, Maria Ramirez prosecuted street gangs. Now she's cracking down on cyber gangs and is opening her case file to share lessons learned from cases involving business email compromise and ransomware.
When it comes to vulnerability management, many organizations opt to protect only their most critical security gaps - but, meanwhile, the criminals exploit the secondary vulnerabilities. Kevin Flynn of Skybox Security explains why context is everything in managing vulnerabilities.
The security landscape has shifted significantly for financial services organizations. And now they must use digital transformation as the impetus to evolve their cybersecurity strategies, says Bruce Roton of Level 3.
Like many other inventions now common in modern life, distributed cybercrime may seem trivial today. But this concept emerged little more than a decade ago and has already dominated the threat landscape.
Canadian authorities narrowly escaped a data breach by stopping an intrusion at the country's statistics agency. The cyberattack used a zero-day vulnerability in Apache Struts 2, which has now been patched.
The source code for the Mirai botnet has been updated to launch DDoS amplification/reflection attacks, although so far that capability hasn't been used, says Gary at Arbor Networks. Even so, DDoS defense planning remains essential.
When it comes to massive DDoS attacks powered by the likes of a Mirai botnet, "the sky is not falling," says ESET security researcher Cameron Camp. But organizations do need to prepare - and here's where to start.
With Verizon's data breach investigations team finding that 90 percent of breaches trace to a phishing or other social engineering attack, lead investigator Chris Novak says that using multifactor authentication should be a no-brainer for all organizations.
To meet the increasing customer demands for effective solutions, security vendors must ensure their products work together well, says Dr. Mike Lloyd of RedSeal. This is particularly essential to achieving "digital resilience," the ability to promptly detect and respond to network intrusions, he says.
Our objective, as the industry's largest global media organization, is to bring you the most important bits from the conference, whether you attended the event or are experiencing the content now for the first time. Call this the Best of RSA Conference 2017.