Technology organizations say Australia's anti-encryption law passed in December 2018 is already undermining trust in their local operations. The comments come as a Senate committee is reviewing the law - passed in a hurry in December - to consider whether to amend it.
The good news for security leaders: Because of SSL/TLS, nearly every bit of web data in transit is now encrypted. The bad news: Threat actors are now masking their attacks inside of encrypted traffic.
Download this eBook transcript of a recent interview with Kevin Stewart of F5 Networks on SSL visibility and learn...
Forty-three states have reached a settlement with Neiman Marcus over its 2013 data breach, one of several breaches from that period blamed on in-memory malware. The retailer will pay $1.5 million and must use encryption and tokenization to protect card data.
The Marriott mega-breach is calling attention to whether organizations are storing too much data and whether they're adequately protecting it with the proper encryption steps. Experts offer insights on making the right moves.
Marriott International's digital forensic investigation now counts not 500 million but an "upper limit" of 383 million customers affected by the four-year mega-breach of its Starwood reservations system. The hotel giant now says the breach also exposed more than 5 million unencrypted passport numbers.
Encrypting and decrypting traffic consumes a lot of computational power, so many security inspection solutions either don't decrypt at all or take such a huge performance hit that they pass along encrypted traffic just to keep up. Whether its traffic coming into your application or internal traffic going out to the...
The increase of SSL/TLS traffic indicates that organizations are more and more focused on safeguarding the integrity of the data that flows through their Internet-facing applications.
However, the concurrent growth of malware hidden within that encrypted traffic is cause for concern. Without visibility into your...
The benefits offered by TLS 1.3 are substantial, but more comprehensive encryption also makes it tougher to spot malicious traffic and defend against attacks hidden in that encrypted traffic. You may need to take a new approach to get the visibility you need while simultaneously preserving your performance gain...
Australia's Parliament has passed new laws enabling it to compel technology companies to break their own encryption. Although the government argued the laws are needed to combat criminal activity and terrorism, opponents argued the powers could creep beyond their scope and weaken the security of all software.
Once again, a supposedly secure service allegedly marketed to criminals has proven to have limits. Dutch police have busted a "cryptophone" operation, allowing them to decrypt more than 258,000 encrypted chat messages, leading to a drug lab bust, 14 arrests and the seizure of cash, drugs and weapons.
The disagreements continue over Australia's efforts to pass legislation that would help law enforcement counter encryption. Technology companies and civil liberties organizations contend the latest draft of legislation would allow for too much secrecy and imperil privacy and security.
Massive, well-resourced companies are still using live customer data - including their plaintext passwords - in testing environments, violating not just good development practices but also privacy laws. That's yet another security failure takeaway from last year's massive Equifax breach.
Credit bureau Equifax has been hit with the maximum possible fine under U.K. law for "multiple failures" that contributed to its massive 2017 data breach, including its failure to act on a critical vulnerability alert issued by the U.S. Department of Homeland Security.