In the latest "Proof of Concept," David Pollino, former CISO of PNC Bank, and Ari Redbord, head of legal and government affairs at TRM Labs, join ISMG editors to discuss ethical concerns for CISOs, cryptocurrency regulations, and potential foreign interference in the U.S. midterm elections.
The specter of Chinese data collection on U.S. citizens hung over Capitol Hill in a pair of hearings as lawmakers asked whether an open internet can survive challenges such as Beijing hacking and TikTok. An executive for the short-form video app made a rare appearance before a Senate committee.
A White House agency today told U.S. federal government IT vendors they must attest to using secure software development techniques. Self-attestation "is a bit of a compliance activity, but it's a pretty light compliance activity," says former federal CISO Grant Schneider.
In this episode of "Cybersecurity Unplugged," U.S. Air Force Chief Software Officer Nicolas M. Chaillan, a former DHS and DOD adviser, shares his opinions about the government's handling of DevSecOps and cybersecurity, where progress is being made and where more work needs to be done.
The United States hit Iran with a new round of sanctions after linking Tehran with the July cyberattack against Albania. The sanctions are more symbolic than material in effect but send a message that hacking U.S. allies has consequences.
The latest ISMG Security Report discusses a new phishing-as-a-service toolkit designed to bypass multifactor authentication, the decision by Lloyd's of London to exclude nation-state attacks from cyber insurance policies, and challenges at Okta after it acquired customer identity giant Auth0.
Federal officials recently froze the assets of Ethereum blockchain cryptocurrency mixer Tornado Cash, stating that civil and potentially criminal penalties await those who use the service. On this week's "Sound Off," crypto expert Ari Redbord explains why the sanctions are "exceptional."
The latest edition of the ISMG Security Report explores the possible unintended consequences of banning ransom payments, the challenges of opening a cyber intel firm during wartime, and the need for more clarity in the regulation of cryptocurrency firms.
Cyberspace is a battlefield with no physical or geographic boundaries. During wartime, targets on land, sea, air and space are vulnerable to cyberthreats and opportunities, and nations face many uncertainties about when and how to respond to attacks, says BAE Systems' Miriam Howe.
Ransomware gets the headlines, and phishing sets off the most alerts, but business email compromise costs enterprises the most - more than $43 billion since 2016. U.S. Secret Service agents Stephen Dougherty and Michael Johns discuss the criticality of rapid detection and response.
Applying international laws used for armed conflicts to the cyber domain remains elusive because of a lack of precedent and poor visibility in cyberspace. This uncertainty and a failure to establish rules means cyber law hasn't grown as other legal fields have, a defense expert says.
A probe into alleged use of Pegasus spyware on Indian citizens identified malware on five of the 29 volunteers who submitted their devices for forensic examination. The nature of the malware was not disclosed, but Chief Justice of India said New Delhi did not cooperate with investigators.
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including implications of the Russia-Ukraine cyberwar, the former CISA director’s somber message to the industry at Black Hat, and how the cryptocurrency landscape is changing.
As the Russia-Ukraine war continues, Ukrainian government cybersecurity official Victor Zhora says that the country's computer emergency response team has tracked more than 1,600 online attacks and that defensively, "wipers continue to be the biggest challenge."
The Cl0p ransomware group has been attempting to extort Thames Water, a public utility in England. Just one problem: the group attacked an entirely different water provider. Through ineptitude or outright lying, this isn't the first time that a ransomware group has claimed the wrong victim.