Security News

Such risk extends beyond anti-hacking laws, implicating copyright law and anti-circumvention provisions, electronic privacy law, and cryptography export controls, as well as broader legal areas such as contract and trade secret law. Our Guide gives the most comprehensive presentation to date of this landscape of legal risks, with an eye to both legal and technical nuance.

Imperium announced the release of a significantly upgraded version of its flagship ID-validation tool RelevantID. This major release is designed to help market research and panel organizations combat the rise of highly sophisticated synthetic identity frauds that are becoming increasingly difficult to catch using conventional fraud-detection models. New RelevantID additionally includes FraudProbabilityScore, a machine-learning model that assesses passive and behavioral data, returning an extremely precise fraud assessment that detects fraud, bots, and jumpers/ghost completes in surveys.

The latest in a flurry of actions this week, tied to foreign threats against U.S. computer systems, includes sanctions by the Department of the Treasury. The Trump administration sanctioned a Russia government research institution on Friday claiming it was behind a series of cyberattacks using the highly destructive Triton malware.

New research from RiskRecon and the Cyentia Institute pinpointed risk in third-party healthcare supply chain and showed that healthcare's high exposure rate indicates that managing a comparatively small Internet footprint is a big challenge for many organizations in that sector. There is a silver lining: gaining the visibility needed to pinpoint and rectify exposures in the healthcare risk surface is feasible.

The Silent Librarian campaign has re-emerged for the fall school session, actively targeting students and faculty at universities via spear-phishing campaigns. The goal is to harvest not just logins to sell online, but also proprietary university research and data, researchers said.

In the amicus brief it filed, Voatz suggests that only authorized security research should be considered lawful, but not independent security research, even if in good faith. "It is clear security research has tangibly improved the safety and security of systems we depend upon. It is not a given that this vital security work will continue. A broad interpretation of the CFAA would magnify existing chilling effects, even when there exists a societal obligation to perform such research," the letter reads.

Cybersecurity is becoming increasingly important as more businesses collect, share, and use more data as part of their practice. You do not need to be a cybersecurity expert to understand that this is a booming industry.

Almost 40% of senior security leaders said that when they held crisis exercises, there was inaction from the business and those most critical in crisis were missing in cybersecurity training. "In the first 30-minutes of a crisis, it is highly unlikely you're thinking of your plan. It's the real-life, crisis simulation training that prepares organizations to effectively respond to security incidents. Micro-drills, or very focused exercises, designed to address particular risks, must make their way into the mix. Much like exercising to stay fit, this needs to happen with regularity in dynamic environments, and involve all the right people, in order to keep current and be effective."

IRONSCALES plans to use the funding to further accelerate its aggressive growth strategy through market expansion and ongoing research and development of its email security platform. "While we weren't actively seeking capital, partnering with Jump was too good of an opportunity for us to pass up," said Eyal Benishti, IRONSCALES founder and CEO. "With this Series B extension, and with Jump and McNulty on our team, we will be able to accelerate our marketplace momentum through investments in both people and technology, helping reduce the risk from what has become a global email phishing epidemic."

Apple's long anticipated Security Research Device program has launched, giving select security researchers access to testable iPhones that will make it easier for them to find iOS vulnerabilities. To be eligible for the program, researchers must be a membership Account Holder in the Apple Developer Program and have a "Proven track record of success" in finding security issues on Apple platforms.