Filter By:

Type

Topic

Recent Blogs & Podcasts

IANS Executive Communications

\ Executive Communications 

Covering significant InfoSec events using business language to brief the Board and C-Suite.

Executive Communications

Get notified that IANS will be covering a news story.

Word Document

Get a story breakdown within 6 hours of the news being published.

PowerPoint Document

For major stories, a PowerPoint will be delivered within 24-36 hours.

Follow Up

Subsequent updates will be provided for developing stories.



May 14, 2018 | Encryption, Digital Signatures, Certificates, Tokenization

 EFAIL Vulnerability Exposes Encrypted Email

On May 14, 2018, security researchers tweeted details and launched a website (efail.de) explaining how attackers could exploit “EFAIL” vulnerabilities to extract plain text from encrypted emails. The vulnerability impacts both the Pretty Good Privacy (PGP) and S/MIME methods of email encryption, which are commonly used in Microsoft Outlook. 

Read More »


May 3, 2018 | Recruiting, Hiring and Retention

 Cybersecurity Skills Gap: Too Many Threats, Too Few Professionals

The global shortfall of information security professionals is expected to reach 3.5 million by 2021, according to Cybersecurity Ventures. Meanwhile, organizations believe only half of the applicants they receive for infosec positions are qualified for the jobs, and another 53 percent of organizations face delays as long as six months to find and hire qualified candidates.

Read More »


April 20, 2018 | Insider Threats

 SunTrust Banks Discloses Insider Theft of Customers’ Personal Data

On April 20, 2018, SunTrust Banks Inc., announced that it is investigating a former employee who is alleged to have printed out the personal data of 1.5 million customers and potentially tried to share it with a “criminal third party." SunTrust, the 12th largest U.S. commercial bank by assets, stated that the potentially compromised information includes the names, addresses, account balances and phone numbers of customers. Affected customers have been notified and the alleged theft did not appear to include user IDs, passwords or Social Security numbers.

Read More »


February 23, 2018 | Enterprise and IT Compliance Management

 SEC Releases New Guidance on Cybersecurity Risk Disclosures

On February 21, 2018, The Securities and Exchange Commission (SEC) released “interpretive guidance to assist public companies in preparing disclosures about cybersecurity risks and incidents.” The document formally clarifies how the SEC expects firms to handle disclosures of “material risks” related to cybersecurity.

Read More »


November 22, 2017 | Data Breaches

 Uber Tries to Cover Up Breach by Paying Hackers to Delete Data

On November 21, 2017, Bloomberg reported that Uber attempted to conceal an October 2016 data breach impacting 57 million customers by paying the hackers $100,000 to delete the stolen data and keep quiet. The compromised data included names, email addresses and phone numbers of 50 million Uber riders around the world, as well as the personal information of 7 million drivers.

Read More »


October 16, 2017 | Wireless Networks

 KRACK Weakness in WPA2 Wi-Fi Security Protocol

On October 16, 2017, researchers disclosed a major weakness in the Wi-Fi Protected Access 1 (WPA1) and WPA2 security protocols. WPA2 is the most widely used Wi-Fi security standard in the world. The disclosure was a proof-of-concept, and there are currently no confirmed reports of this vulnerability, known as KRACK (an acronym for Key Reinstallation Attacks), being actively exploited in the wild.

Read More »


October 11, 2017 | Cloud Application and Data Controls

 Accenture Data Left Unsecured on Public AWS S3 Cloud Storage Bucket

On September 17, 2017, cybersecurity firm UpGuard privately alerted Accenture to the fact that some of its sensitive information (including client-specific information, passwords and credentials, and encryption keys) was stored on a publicly accessible, unsecured Amazon Simple Storage Service (S3) storage unit -- called a “bucket.” The data could be downloaded by anyone who knew the web address -- no password was required.

Read More »


October 6, 2017 | Vendor and Partner Management

 Russian Hackers’ Breach of NSA via Kaspersky Software

In 2015, Russian-government backed hackers stole classified National Security Agency (NSA) data on U.S. cyber-offensive capabilities, according to a Wall Street Journal report on Tuesday, October 5th. The stolen information included details on how the U.S. defends against cyberattacks and the techniques it uses to penetrate foreign networks.

Read More »