Data Protection

Data Protection news, analysis, research, how-to, opinion, and video.

wordpress dot org
xss wordpress

password stolen

Identity as an attack surface

Mobile computing, cloud apps and tele-working have effectively made the de-perimeterization of IT security a “fait accompli”. In the process, these redrawn battle lines have created new challenges for CSOs and new points of entry for...

The hardware roots of trust

With recent revelations that some chip manufacturers are working with National Security Agency (NSA) to insert backdoors and cryptographic weaknesses into their products, what due diligence should be done to ensure hardware security? ...

Frustrated man with head on computer

6 hard truths security pros must learn to live with

Caveat emptor: Security solutions will always fall short in addressing the fundamental flaws of securing IT systems


Police breaks up cybergang that stole over $15 million from banks

Romanian authorities detained 25 suspected members of an international gang of cyberthieves who hacked into banks and cloned payment cards

may cover

Boards are on high alert over security threats

Fear of cyberattacks has corporate directors on edge. CIOs must paint a realistic view of the company's security posture and steer the conversation toward managing business risk.

rsa moscone south

166816 (Z66816): A post-RSA Conference recap

Default credentials: Ignored by those who should be paying attention, and collected by everyone else, they're the reason most breaches don't need to be too technical.


With ransomware on the rise, cryptographers take it personally

The security industry is not doing enough and it's going to get worse, they said

Hard Truths of IT Security

Don’t count on people to prevent data breaches

As malware gets more sophisticated and hostile, columnist Rob Enderle says we can’t always count on people to do the right thing. He offers his plan to deal with the weak link.

Waving the Ukrainian Flag

Are we witnessing a cyber war between Russia and Ukraine? Don't blink - you might miss it

The term “cyber war” is often misused and misunderstood, but there is a clear and concise definition with a high bar of what constitutes one. The ongoing War in Ukraine, also known as the War in Donbass, meets the standard of cyber...


Hackers exploit Magento e-commerce vulnerability

The flaw has a patch but it's not yet been applied by all

network monitoring

Fox-IT releases answer to NSA's 'Quantum Insert' attack

A couple of years ago, among the trove of documents released by Edward Snowden, there was information about a "man-on-the-side" attack called Quantum Insert

7 keys

Key management is the biggest pain of encryption

Most IT professionals rate the pain of managing encryption keys as severe, according to a new global survey by the Ponemon Institute


The international effort to confront international cybercrime

Top cyber officials in the U.S. and UK pledge to work together – and with business.

rsa conf 2015

RSAC 2015: RSA Conference (Day 4)

All this week, Salted Hash is in San Francisco for the annual RSA Conference (RSAC). Each day we'll update the blog with breaking news and other details from the show. Today we're going to talk about passwords.

Windows bugs

Microsoft kicks off two-month Spartan bug bounty program

Microsoft today launched a short-term bug bounty program for its new Project Spartan browser, saying entries would be accepted until June 22.

Freshman members of the incoming U.S. 114th Congress pose for a class photo on the steps of the U.S.

US House approves cyberthreat sharing bill; privacy concerns remain

The legislation would allow some customer information to be passed to the NSA, opponents said

listening thinkstock

Having ‘the ear of the CEO’ is key to battling cyberthreats

Former FBI director stresses the importance of an enterprise-wide approach to cybersecurity, while Congress considers legislation to promote sharing threat information.

sec threat access thinkstock

Insider threats force balance between security and access

Security experts caution that non-malicious actors within the enterprise are the more challenging aspect of the insider threat, calling for rethinking policies to better tailor employee and vendor access.

Load More