News

News

• May 01, 2015 01 May'15

  Government cybersecurity flounders as cybersecurity bills pass House

  News roundup: Many believe the government should help avert cybersecurity woes, yet two House-approved cybersecurity bills are frowned upon. Plus: DDoS increase linked to IoT; Google password alert; 70% put networks at risk with undocumented changes.

• April 30, 2015 30 Apr'15

  How WestJet Airlines nixed network complexity, boosted security

  At an RSA Conference session, attendees learned how WestJet Airlines' Security Architecture Made Simple with software-defined security and automation reduced network turbulence.

• April 30, 2015 30 Apr'15

  Government agencies struggling with security data analytics

  Security data analytics are a must-have for government agencies to stay one step ahead of cyber attackers, according to a study conducted by MeriTalk.

• April 29, 2015 29 Apr'15

  Port monitoring critical to detecting, mitigating attacks using SSL

  As SSL traffic increases, so inevitably will the number of attacks using it to hide. A session at RSA Conference 2015 explained why hackers love SSL, and how enterprises can defend against them.

• April 29, 2015 29 Apr'15

  Secunia: End-of-life software posing a big security risk

  Secunia's quarterly Personal Software Inspector (PSI) report shows that while OS and application patching has remained steady, users may be ignoring end-of-life software and the risks associated with it.

• Sponsored News

  • Part I: Keep the Cloud Your Safe Place

    Sponsored by Forcepoint - Organizations of all sizes have been called upon to swiftly support remote work in order to safeguard the health of their workforce and local communities. As businesses are called upon to scale up remote work procedures for the physical safety of employees, IT teams must accelerate the adoption of technology that ensures their people and data are secure—without hurting productivity or morale. See More

  • Part II: Safeguard Data Everywhere

    Sponsored by Forcepoint - As security teams are tasked with the duty of rapidly scaling up protections for remote workers, one of the key considerations they must keep in mind is how to safeguard data no matter where it resides or travels. This is hardly a new problem. However, the vastly broadened scope of remote work today requires security teams to revisit policies and technologies. Some solutions that may have been sufficient for isolated use cases don't adequately protect a completely distributed workforce. See More

  • Part III: Protect Your People

    Sponsored by Forcepoint - In response to the rapid rise in remote work, cybersecurity teams have increased their efforts to protect their dispersed team’s cyber hygiene. The rapid rise in remote work to protect the health of employees has required cybersecurity teams to scale their efforts to similarly protect the cyber hygiene of these workers as they operate in new conditions. One of the key directives for cybersecurity departments looking to safeguard the people and data within a distributed enterprise is the implementation of cyber defenses that can move with employees and protect them—regardless of their location or device. See More

  View All Sponsored News
• April 29, 2015 29 Apr'15

  IT security and compliance: Get leadership on board to find balance

  At an RSA Conference 2015 session, finance information security officer Steve Winterfeld explained why having complementary IT security and compliance strategies requires leadership buy-in and cooperation.

• April 29, 2015 29 Apr'15

  RSA Conference 2015 recap: Record attendance, record stakes

  This year's RSA Conference once again broke the previous year's attendance record. Is the show getting too big for San Francisco? Plus key takeaways and final words from our executive editor.

• April 28, 2015 28 Apr'15

  Comparing the top SSL VPN products

  Expert Karen Scarfone examines the top SSL VPN products available today to help enterprises determine which option is the best fit for them.

• April 28, 2015 28 Apr'15

  Open source threat model aims to make enterprise safer with less work

  An open source threat model is aiming to be a repository for risk assessment with the aim of allowing enterprise to focus on creating the right security controls for each business.

• April 28, 2015 28 Apr'15

  Despite benefits, skepticism surrounds bug bounty programs

  Some people think bug bounty programs are the answers to vulnerability woes, yet others remain skeptical of the negative impacts they present. RSA Conference panelists discussed both sides of one of today's hottest and most controversial IT topics.

• April 28, 2015 28 Apr'15

  Insider threat programs need people, not technology

  A panel discussion at RSA Conference 2015 outlined strategic methods enterprises can use to build and advocate for an insider threat program.

• April 27, 2015 27 Apr'15

  DevOps explained: Why experts call DevOps and security a perfect match

  At RSA Conference 2015, a pair of DevOps proponents explained why the nascent movement to integrate development and IT operations staff pays security dividends.

• April 27, 2015 27 Apr'15

  New study shows enterprise security confidence high but defenses low

  A new study from network security firm Fortinet shows that enterprise security confidence levels are high despite a lack of comprehensive security measures.

• April 27, 2015 27 Apr'15

  WordPress vulnerable to stored XSS bug, researchers find

  A researcher has released a proof-of-concept exploit for a WordPress vulnerability leveraging stored XSS, which could lead to remote code execution on affected servers.

• April 27, 2015 27 Apr'15

  On healthcare data security, not all security pros see unique challenges

  At an RSA Conference 2015 discussion on healthcare data security, experts with decades of experience perceive a unique challenge, while security pros see similarities with other verticals.

• April 24, 2015 24 Apr'15

  Long-duration advanced persistent threat attacks now the norm, say experts

  Threat experts at RSA Conference 2015 say today's most dangerous attack techniques reflect a shift toward long-duration attacks that are often nearly impossible to detect.

• April 24, 2015 24 Apr'15

  Clarity needed to cultivate next-gen cybersecurity workforce

  Millennials are hesitant to pursue a career in cybersecurity, mainly because they aren't sure exactly what the job entails -- and if they have the proper training for it.

• April 24, 2015 24 Apr'15

  NIST wants help building the one ID proofing system to rule them all

  The U.S. government wants to solve the weaknesses in online ID proofing systems, but it needs the help of enterprise and security professionals in order to overcome privacy concerns and other issues.

• April 24, 2015 24 Apr'15

  Insecure SSL coding could lead to Android man-in-the-middle attacks

  Researchers have found thousands of apps that feature insecure coding practices in implementing SSL protocols, which could lead to Android man-in-the-middle attacks.

• April 23, 2015 23 Apr'15

  Opportunity abounds for those with both business, security skills

  Executives now listen to their security managers but experts speaking at the RSA Conference 2015 say infosec leaders must learn business security skills and think long term.

• April 23, 2015 23 Apr'15

  RSA attendees ponder how to trim bloated security portfolios

  At a roundtable discussion at RSA Conference 2015, security admins pondered what to do about bloated security portfolios.

• April 23, 2015 23 Apr'15

  Effective data breach response plans hinge on human preparedness

  Experts at a Verizon event at RSA Conference 2015 say no data breach response plan is complete until certain human factors are considered.

• April 23, 2015 23 Apr'15

  Pescatore on security success: Breach prevention is possible

  At RSA Conference 2015, John Pescatore offered real-world case studies proving that information security technologies can help prevent data breaches.

• April 22, 2015 22 Apr'15

  Industry experts warn only cyberliability insurance covers breaches

  Cyberliability insurance gains popularity as industry experts warn that, contrary to popular belief, general insurance won't protect against cyberattacks.

• April 22, 2015 22 Apr'15

  Can supply chain security assuage Huawei security concerns?

  Huawei's U.S. CSO pitched the rigor of its supply chain security processes to RSA Conference 2015 attendees, but they remained skeptical at best on whether to trust the Chinese networking and security vendor.

• April 22, 2015 22 Apr'15

  Mobile malware is not a serious threat, Damballa shows

  An Atlanta-based threat prevention company says the chances of acquiring mobile malware infection are as slim as the chance of being struck by lightning.

• April 22, 2015 22 Apr'15

  Government cybersecurity experts push for better information sharing

  At RSA 2015, former federal officials called for better government cybersecurity cooperation between agencies and with the private sector.

• April 22, 2015 22 Apr'15

  Threat intelligence programs maturing despite staffing, tech obstacles

  A Forrester analyst told RSA Conference 2015 attendees that enterprise threat intelligence programs are maturing, though obstacles like nascent technology and hard-to-find employees mean some firms may never reach full maturity.

• April 21, 2015 21 Apr'15

  Yoran: RSA, information security industry needs 'radical change'

  New RSA President Amit Yoran says business as usual isn't stopping the evolving threat landscape, and hints at radical changes coming to the information security industry and within RSA itself.

• April 21, 2015 21 Apr'15

  Raytheon cybersecurity bolstered by Websense acquisition

  Vista sells majority stake in security provider Websense to boost Raytheon cybersecurity defense amidst copious information breaches.

• April 21, 2015 21 Apr'15

  Waratek grabs RSA Innovation Sandbox honors

  Runtime application self-protection startup Waratek wins coveted RSA Innovation award.

• April 21, 2015 21 Apr'15

  SIMDA botnet down: 770,000 infected computers rescued

  INTERPOL collaborated with Trend Micro, Microsoft and Kaspersky to take down botnet affecting 770,000 users.

• April 20, 2015 20 Apr'15

  Successful women in security tout need for mentoring, encouragement

  Female infosec pros say the industry needs to do more to not only encourage women to pursue infosec careers, but also help mentor them along the way.

• April 20, 2015 20 Apr'15

  Hiring millennials key to reducing security workforce shortage

  At RSA Conference 2015, speakers at an (ISC)2 panel said attracting and hiring millennials is a huge key to alleviating the worsening information security workforce shortage.

• April 17, 2015 17 Apr'15

  Machine versus the bots: Does your website pass the Turing 2.0 test?

  New Web security models use browser behavior and polymorphism to protect against data theft and fraud.

• April 17, 2015 17 Apr'15

  Patch Tuesday's Windows HTTP.sys flaw under attack

  A critical vulnerability in Windows HTTP.sys was detailed as part of Microsoft's April Patch Tuesday, and the flaw is already being actively exploited in the wild.

• April 17, 2015 17 Apr'15

  Microsoft cybersecurity strategy: Time for another Bill Gates email

  Opinion: Executive Editor Eric Parizo says Microsoft's security strategy may have once been the benchmark for other vendors to emulate, but in 2015 the software giant's priorities lie elsewhere.

• April 16, 2015 16 Apr'15

  Oracle Critical Patch Update features important Java SE updates

  The latest Oracle Critical Patch Update includes fixes for close to 100 vulnerabilities, but one expert says there is a critical update for Java on the desktop that needs immediate attention.

• April 15, 2015 15 Apr'15

  PCI DSS 3.1 debuts, requires detailed new SSL security management plan

  PCI DSS 3.1 grants merchants about 14 months to nix flawed SSL and TLS protocols, but demands they quickly provide detailed new documentation on how they plan to make the transition.

• April 14, 2015 14 Apr'15

  April 2015 Patch Tuesday addresses critical HTTP.sys flaw

  Microsoft's April 2015 Patch Tuesday release is lighter than usual with 11 total bulletins, but experts say that system admins should immediately install a critical HTTP.sys patch for Windows Server.

• April 14, 2015 14 Apr'15

  'Redirect to SMB' vulnerability affects all versions of Windows

  The new 'Redirect to SMB' vulnerability is an update to an 18-year-old flaw that can lead to man-in-the-middle attacks on all versions of Windows.

• April 14, 2015 14 Apr'15

  Sony Pictures hack used easily available malware, destroyed computers

  A '60 Minutes' interview Sunday revealed that not only did Sony Pictures fall victim to well-known, off-the-shelf malware, but that the attackers also destroyed thousands of computers and servers after stealing the data.

• April 14, 2015 14 Apr'15

  Verizon DBIR 2015 tackles data breach cost predictions

  In its 2015 Data Breach Investigations Report, Verizon debuts data breach cost estimates based on newly available data, and also advocates for better threat intelligence sharing among different industries facing common threats.

• April 13, 2015 13 Apr'15

  Cybersecurity risks masked by controversial vulnerability counts

  Experts have split opinions regarding the correct methodology for counting vulnerabilities, but all agree that focusing on numbers can mask real cybersecurity risks.

• April 10, 2015 10 Apr'15

  Ways to secure Web apps: WAFs, RASP and more

  Protecting a Web application increasingly means tuning your protections to the individual characteristics of your applications. There’s more than one way to go about this, though. In this three-part guide we review best practices for taking your Web...

• April 10, 2015 10 Apr'15

  Chrome security under fire from third-party extension

  Security researchers say Webpage Screenshot, a popular third-party extension for Google Chrome, was secretly collecting end-user browsing data. Its true purpose and how Google missed it remain up for debate.

• April 10, 2015 10 Apr'15

  Tech, security M&A activity booms thanks to mobile, cloud

  News roundup: Technology and security acquisitions have seen some healthy activity in 2015, driven by two key trends. Plus: 75% of users aren't vulnerable to Heartbleed?; White House hack tied to phishing; first state digital ID law.

• April 09, 2015 09 Apr'15

  SANS: Enterprises overconfident in ability to detect insider threats

  Enterprises may be increasingly aware of insider threats and believe they can find and stop them, but a new SANS Institute survey suggests they may be overconfident and lack the necessary insider threat-detection technology.

• April 08, 2015 08 Apr'15

  Experts disagree on growth, complexity of cybersecurity threats

  The Websense 2015 Threat Report claims that cybersecurity threats are getting more complex, but one expert says the trends aren't anything new.

• April 08, 2015 08 Apr'15

  Dyre malware returns to rob banks of millions

  Financial malware Dyre, in tandem with social engineering, was used in a new campaign to steal millions from financial institutions, according to IBM researchers.

• April 06, 2015 06 Apr'15

  In first Android Security Report, Google cites drop in Android malware

  Google's first Android Security Report claims that malware on the platform was found on fewer than 1% of devices in 2014, but experts question if the ecosystem is really as safe as it has ever been.

• April 05, 2015 05 Apr'15

  Amid SSL security issues, enterprises face many problems, few answers

  Experts say even enterprises that carefully secure TLS may still be at the mercy of the numerous security issues affecting the SSL ecosystem.

• April 03, 2015 03 Apr'15

  The transaction that lasts forever

  Whether or not you think Bitcoin has a future, it has a couple of very interesting technological elements that will probably have a life of their own. The aspect that everyone talks about is that ...

• April 03, 2015 03 Apr'15

  U.S. cyberattacker sanctions program causes stir on social media

  News roundup: President Obama's executive order allowing sanctions on cyberattackers has been met with mixed reaction. Plus: Threat intelligence perception versus reality; healthcare breach consequences; Verizon tosses supercookie.

• April 02, 2015 02 Apr'15

  Massive GitHub DDoS attack tied to Chinese government

  Security experts say the largest DDoS attack in GitHub history, which lasted five days, was the work of the Chinese government.

• April 02, 2015 02 Apr'15

  Obama threatens foreign cyber attackers with sanctions

  US president Barack Obama has signed an executive order establishing a framework for the US to impose sanctions on foreign cyber attackers

• April 01, 2015 01 Apr'15

  NSA’s big data security analytics reaches the enterprise with Sqrrl

  Competition for Hadoop-based analytics may put tools and services within reach for large and midsize organizations, says Robert Richardson.

• April 01, 2015 01 Apr'15

  Information security jobs unfilled as labor pains grow

  Why cybersecurity hiring is the real cyberwar.

• April 01, 2015 01 Apr'15

  Defending against the digital invasion

  As attackers move beyond “spray and pray” tactics to advanced persistent threats -- having better security than your competitors is no longer enough. Targeted attacks today are often for financial gain through extortion and threats to expose or ...

• March 31, 2015 31 Mar'15

  Amid growing SSL concerns, Qualys expands free public SSL tester

  Qualys has added a free, public API to its SSL testing services, which will enable an enterprise to test any website or server for SSL vulnerabilities.

• March 31, 2015 31 Mar'15

  New PCI SSC penetration testing guidelines aim to be more prescriptive

  The PCI SSC has issued prescriptive new supplemental guidance on penetration testing in an effort to reverse current trends and improve merchant compliance.

• March 30, 2015 30 Mar'15

  PCI DSS 3.1 set for April 2015 release, will cover SSL vulnerabilities

  The PCI Security Standards Council has confirmed that PCI DSS 3.1 will be released in just a few weeks. According to a Gartner analyst, the surprise new release could cause major problems for merchants.

• March 27, 2015 27 Mar'15

  Is the RSA 2015 'booth babe' ban a win for women in security?

  News roundup: The ban of "booth babes" at RSA Conference 2015 has been met with praise; does it equal an increase of women in infosec? Plus: Cyberthreat data-sharing bill advances; Flash flaw exploited days after patching; new twist on Google Play ...

• March 27, 2015 27 Mar'15

  Social engineering techniques are becoming harder to stop, experts say

  As more data moves online, social engineering techniques are becoming increasingly advanced and traditional training methods may not be enough to keep enterprises safe.

• March 25, 2015 25 Mar'15

  Study finds lack of investment in mobile app security

  The Ponemon Institute says enterprises are devoting millions of dollars to mobile application development, but barely any of the money is focused on security.

• March 25, 2015 25 Mar'15

  Major browser makers revoke unauthorized Chinese TLS certificates

  Google, Microsoft, and Mozilla have revoked unauthorized TLS certificates issued by an intermediate certificate authority that could have been used in man-in-the-middle attacks.

• March 25, 2015 25 Mar'15

  Secunia: Better vulnerability reporting doesn't mean more patches

  Secunia's 2015 Vulnerability Report shows that better vulnerability reporting and awareness of flaws doesn't necessarily mean vendors offer more patches or focus on the most critical issues.

• March 24, 2015 24 Mar'15

  BandarChor: New ransomware based on old malware family emerges

  Antivirus vendor F-Secure discovered BandarChor, a type of ransomware based on an existing malware family.

• March 23, 2015 23 Mar'15

  Open source security tool indicates Android app vulnerability spike

  A new open source security tool from CERT, dubbed 'Tapioca,' shows that Android app vulnerabilities are ubiquitous, according to new research from IBM.

• March 23, 2015 23 Mar'15

  Cisco IP phones vulnerable to eavesdropping; no patch available yet

  Cisco says a vulnerability in some of its IP phones for SMBs could allow eavesdropping. A fix is not yet available, but Cisco has offered mitigation techniques.

• March 20, 2015 20 Mar'15

  At 2015 Pwn2Own competition, browser exploits in the spotlight

  News roundup: Researchers at the 2015 Pwn2Own exploited every major Web browser, casting doubt on browser security once again. Plus: high-severity OpenSSL update; IE being phased-out in Windows 10; Americans dodging online surveillance.

• March 18, 2015 18 Mar'15

  Experts: Consumer Privacy Bill of Rights may ease privacy compliance

  The Consumer Privacy Bill of Rights proposed by the Obama administration is a good first step, according to experts, and may simplify privacy compliance for enterprises currently dealing with many different state laws.

• March 17, 2015 17 Mar'15

  Yahoo’s attempt to kill off passwords raises security concerns

  Yahoo’s attempt to kill off passwords by introducing an on-demand one-time passcode option for its email services has raised security concerns

• March 17, 2015 17 Mar'15

  Microsoft warns of fake SSL certificate for Windows Live

  Microsoft has warned that a fake security certificate has been issued for the Windows Live domain that could be abused by attackers

• March 16, 2015 16 Mar'15

  Microsoft re-releases EMET 5.2 to fix IE bug

  Update: Microsoft has re-released Enhanced Mitigation Experience Toolkit version 5.2 to correct a bug involving IE 11.

• March 13, 2015 13 Mar'15

  Hillary Clinton email debate highlighted by security mistakes

  News roundup: Hillary Clinton's decision to use a private email domain and server has created a firestorm over her email security mistakes. Plus: OpenSSL audit, Blue Coat acquisition, more Equation details emerge.

• March 13, 2015 13 Mar'15

  Does Rowhammer mark a new wave of hardware vulnerabilities?

  Experts agree that the Rowhammer vulnerability likely isn't an immediate threat to enterprises, but disagree on whether hardware vulnerabilities are about to reach a tipping point.

• March 11, 2015 11 Mar'15

  Verizon 2015 PCI report: More achieve PCI compliance, but fail to keep it

  The 2015 edition of the Verizon PCI report shows enterprises are, on the whole, getting better at achieving full PCI compliance. Unfortunately, few can sustain it.

• March 11, 2015 11 Mar'15

  Study warns security certificates, cryptographic keys are in peril

  A growing number of cryptographic keys and security certificates are being abused, according to a new study from cybersecurity firm Venafi and the Ponemon Institute.

• March 11, 2015 11 Mar'15

  HP enterprise security: Can acquisitions lead to cohesive strategy?

  Through acquisitions Hewlett-Packard has built a formidable lineup of enterprise security offerings, but experts question whether a strong brand can overcome legacy technology and a lacking endpoint strategy.

• March 10, 2015 10 Mar'15

  March 2015 Patch Tuesday: Microsoft offers quick FREAK fix

  Microsoft's March 2015 Patch Tuesday bulletins include a fix for the FREAK vulnerability, as well as five critical fixes, but surprisingly, an expert says one of the fixes deemed non-critical actually demands immediate attention.

• March 10, 2015 10 Mar'15

  Venmo struggles put spotlight on mobile payment security

  The mobile payment app maker responds to criticism by stepping up security with better verifications and notifications for email and phone number changes.

• March 10, 2015 10 Mar'15

  Rowhammer takes a big swing at DRAM memory security

  Google's Project Zero has detailed a new proof-of-concept exploiting the "rowhammer" DRAM flaw to allow for root access on various operating systems.

• March 09, 2015 09 Mar'15

  For threat intelligence programs, ROI evaluation proves tricky

  Threat intelligence programs are taking root in many enterprises, but experts say variables like disparate service offerings, pricing models and response capabilities make ROI evaluation a vexing proposition.

• March 09, 2015 09 Mar'15

  Group claiming links to Isis hacks small business websites

  The FBI is investigating the hacking of a number of SME websites in the US and Europe by people claiming affiliation with Islamic State

• March 06, 2015 06 Mar'15

  Adobe's new twist on bug bounty programs: No cash for bug hunters

  News roundup: Bug bounty programs can offer big rewards to researchers, unless Adobe is handing out the prizes. Plus: Signal 2.0 encryption app; app cloning risk increasing; Angler adopts 'domain shadowing' capability.

• March 05, 2015 05 Mar'15

  Microsoft confirms Windows vulnerable to FREAK attack

  The serious HTTPS FREAK exploit was thought to only affect Android, iOS, and MacOS, but Microsoft has confirmed that it also affects all supported versions of Windows.

• March 05, 2015 05 Mar'15

  Emerging cyberthreats exploit battle between compliance and security

  While regulatory compliance is valuable and necessary for enterprises, cyberthreat experts say a compliance-centric security strategy may leave organizations with few resources to ward off emerging cyberthreats.

• March 05, 2015 05 Mar'15

  China and US cross swords over software backdoors

  Barack Obama criticises Chinese plans to force tech firms trading in China to share encryption keys and put backdoors in software

• March 04, 2015 04 Mar'15

  Big data security analytics: Can it revolutionize information security?

  Demetrios Lazarikos describes the security big data system he implemented at retail giant Sears, as well as how it helped thwart retail fraud activity and how he convinced executives to support the implementation.

• March 04, 2015 04 Mar'15

  Why Hillary can't mail

  Reporting by The New York Times notwithstanding, it appears to this non-lawyer that Hillary Clinton probably didn't break any laws by using a personal email account to conduct state business. But ...

• March 04, 2015 04 Mar'15

  Maturing NoSQL database security is key to big data analytics

  NoSQL database security has taken a backseat to performance in Hadoop-based security big data analytics systems, but that may soon change thanks to growing demand and maturing NoSQL security products.

• March 03, 2015 03 Mar'15

  Amid Apple Pay fraud, banks scramble to fix Yellow Path process

  Banks are rushing to fix sloppy authentication processes at the heart of rising Apple Pay fraud. Experts also worry about potential fraud with other mobile payment systems.

• March 02, 2015 02 Mar'15

  Q&A: Marcus Ranum chats with AT&T's CSO Ed Amoroso

  There's no shortage of new security technology, but enterprise integration is still a major hang-up, says AT&T's chief of security.

• March 02, 2015 02 Mar'15

  Uber database breach source of stolen driver information

  Following the theft of data affecting about 50,000 of its drivers, Uber says it has filed a subpoena to obtain GitHub data that may pinpoint the source of its data breach.

• March 02, 2015 02 Mar'15

  New scrutiny on bug bounties: Is there strength in numbers?

  Bug bounty programs are a cool idea and often work, so why haven't they taken off for non-tech companies?

• March 02, 2015 02 Mar'15

  Is the bug bounty program concept flawed?

  Looking for security vulnerabilities? Tread lightly. The benefits of vulnerability rewards programs are great, but so are the risks.

• March 02, 2015 02 Mar'15

  US retailer Natural Grocers investigates data breach

  Natural Grocers is the latest US retailer to announce it is investigating a possible data breach involving customer payment cards

• February 27, 2015 27 Feb'15

  Data breach consequences: Get breached, make money?

  News roundup: Data breaches aren't associated with soaring stock prices, but recent examples show breaches may boost stocks. Plus: Gemalto confirms possibility of GHCQ/NSA hack; Target breach costs company $162 million; Superfish swims on.

• February 26, 2015 26 Feb'15

  HP: Threat intelligence sources need vetting, regression testing

  According to HP Security Research, threat intelligence best practices can be difficult to implement, and even the most trustworthy sources must be tested for fidelity.