To avoid devastating financial losses, boards and the C-suite must have a deep understating of the cyber risks their organizations’ face. Here’s what they need to hear from the security team
There should be little doubt about cybersecurity’s importance in 2016 given the amount of attention the topic has garnered in the past decade. Board directors and top leadership are under pressure from all sides: from federal and state regulators, from business partners seeking to tackle third-party vendor cyber risks, and from shareholders and their class-action lawyers ready to sue the moment a breach is announced.
Read More Darkreading
Every time you type “Google.com” into your browser, what you get is a search engine used by billions. What you don’t see? A complicated string of actions kicking into high gear behind the scenes, turning your URL into language that any computer or server in the world can understand and, ultimately, spit out as a Web page.
Read More Thewashingtonpost
Despite a few tweaks, the government’s web snooping bill still targets the use of encryption — but it is the other powers contained in the law that may worry privacy advocates more.
New bill gives police and intelligence agencies the legal powers to hack into devices or networks, with a warrant, to gain access to communications.
Read More ZDNet
VMware has released updates for some of its products to address several vulnerabilities, including an information disclosure issue rated critical.
In an advisory published on Thursday, the company revealed that VMware NSX and vCloud Networking and Security (vCNS) are plagued by a critical input validation flaw (CVE-2016-2079). The vulnerability can be exploited by a remote attacker to gain access to sensitive information.
Read More Securityweek
The country’s government is planning on blocking the internet from civil servants starting next year in the interest of security.
By this time next year, Singapore’s civil servants will have lost access to the internet.
The change, which was announced yesterday, is designed to prevent any leaks from work emails and shared government documents, as well as to safeguard the country’s serves from malware,The Straits Times reported.
Read More CNet
New ‘smart’ tokens and risk-based factors deliver tighter security, but setups remain complex and user interfaces need a facelift.
Due to numerous exploits that have defeated two-factor authentication, either by social engineering, remote access Trojans or various HTML injection techniques, many IT departments now want more than a second factor to protect their most sensitive logins and assets.
In the three years since we last reviewed two-factor authentication products, the market has responded, evolving toward what is now being called multi-factor authentication or MFA, featuring new types of tokens.
Read More Networkworld
Tech firms and privacy groups are fighting back against an amendment that would give the FBI a top-level view of “electronic communication transactional records” (ECTRs) without the need for a warrant in terrorism and spy cases.
ECTRs include everything from the websites you’ve visited to how long you browsed a particular page. It’s all up for grabs as part of an amendment to the Electronic Communications Privacy Act being considered this week by the Senate Judiciary Committee. The legislation would expand the government’s ability to collect data using a National Security Letter, or NSL, which doesn’t require a court order and typically includes a gag order saying the recipient cannot publicly acknowledge the letter.
Read More Cnet
Check Point’s security research team has discovered vulnerabilities in Facebook’s standard online Chat function, and its separately downloaded Messenger app.
The vulnerabilities, if exploited, would allow anyone to essentially take control of any message sent by Chat or Messenger, modify its contents, distribute malware and even insert automation techniques to outsmart security defences.
Read More Helpnetsecurity