Latest

►

Cybersecurity

Why Banking Needed a New Cybersecurity Profile

Tom Field  •  December 10, 2018

The Financial Services Sector Coordinating Council recently unveiled the Cybersecurity Profile - a framework that integrates widely used standards and supervisory expectations to help financial institutions develop cyber risk management programs. Josh Magri of the Bank Policy Institute outlines key elements.

Anti-Fraud

Face Off: Researchers Battle AI-Generated Deep Fake Videos

Mathew J. Schwartz  •  December 7, 2018

The easy availability of tools for designing face-swapping deep-fake videos drove Symantec security researchers Vijay Thaware and Niranjan Agnihotri to design a tool for spotting deep fakes, which they described in a briefing at the Black Hat Europe 2018 conference in London.

Cybercrime

Australia Passes Encryption-Busting Law

Jeremy Kirk  •  December 7, 2018

Australia's Parliament has passed new laws enabling it to compel technology companies to break their own encryption. Although the government argued the laws are needed to combat criminal activity and terrorism, opponents argued the powers could creep beyond their scope and weaken the security of all software.

Cybercrime

GOP Hacking Incident: What Happened?

Nick Holland  •  December 7, 2018

An update on the hacking of email accounts of four senior aides within the National Republican Congressional Committee leads the latest edition of the ISMG Security Report. Also featured: An analysis of when the first major fines for violations of the EU's GDPR could be issued.

►

Compliance

Legal and Compliance: 3 Questions for CISOs

Tom Field  •  December 6, 2018

What are three burning questions regarding legal and compliance issues that enterprise security leaders should ponder as they head into 2019? Ed Amoroso, former CISO of AT&T and current CEO of TAG Cyber, outlines the questions and possible answers.

►

General Data Protection Regulation (GDPR)

GDPR and You: What's Changed?

Tom Field  •  December 6, 2018

Enforcement of the European Union's General Data Protection Regulation began May 25. What has happened since then? And how has the privacy dialogue evolved in the U.S.? Attorney Jay Kramer shares insights on how organizations are now approaching privacy.

►

3rd Party Risk Management

NY Cybersecurity Reg Compliance: Focus on Vendor Risk

Tom Field  •  December 6, 2018

As of March 1, 2019, covered entities will be required to be in compliance with the New York Department of Financial Services Cybersecurity Regulation Section 500.11, the Third Party Service Provider Security Policy. What are the key requirements? Attorney Ted Augustinos, a partner at Locke Lord LLP, outlines the new...

3rd Party Risk Management

Applying Secure Multiparty Computation Technology

Geetha Nandikotkur  •  December 6, 2018

Israel-based Yehuda Lindell, a cryptography professor, describes how to use secure multiparty computation technology to protect cryptographic keys and describes other potential security applications.

Cyberwarfare / Nation-state attacks

Top Republican Email Accounts Compromised

Jeremy Kirk  •  December 5, 2018

Thousands of emails from four senior aides within the National Republican Congressional Committee were exposed after their accounts were compromised for several months earlier this year, Politico reports. Few details have been released about the incident, which was investigated by Crowdstrike.

Cybercrime

Black Hat Europe: The Power of Attribution

Mathew J. Schwartz  •  December 5, 2018

To combat cyberattacks, more nations must not only hold nation-state attackers accountable, but also better cooperate by backing each other's attribution, said Estonian politician Marina Kaljurand, who chairs the Global Commission on the Stability of Cyberspace, in her opening keynote speech at Black Hat Europe 2018.

►

Compliance

Using the New 'Cybersecurity Profile' Tool

Tom Field  •  December 5, 2018

Financial institutions of all sizes can use a new Cybersecurity Profile tool to help them comply with a variety of regulations and implement the NIST Cybersecurity Framework, says Denyette DePierro of the American Bankers Association.

Cloud Security

Kubernetes Alert: Security Flaw Could Enable Remote Hacking

Jeremy Kirk  •  December 4, 2018

A severe vulnerability in Kubernetes, the popular open-source software for managing Linux applications deployed within containers, could allow an attacker to remotely steal data or crash production applications. Microsoft and Red Hat have issued guidance and patches; they recommend immediate updating.