Credit card giant Mastercard envisions a future where consumers make purchases not only from smartphones, but via virtual assistants, cars and other connected machines. But with hackers trolling the dark corners of the web to grab financial gain with minimal effort, Mastercard must also be able to vet and secure purchases in mere milliseconds.To facilitate its vision for a veritable Cambrian explosion in digital payments, Mastercard is using sophisticated fraud analytics systems and software, which is being increasingly augmented with artificial intelligence (AI) technologies, Ed McLaughlin, president of operations and technology at Mastercard, tells CIO.com. AI can help software and connected systems facilitate more secure payments than a human checking out at a kiosk using the traditional plastic card — even one with a chip embedded in it.Tech to replace humans, manage concept drift"What's most important is to take the human out of the loop," McLaughlin says. "It's about how … [Read more...] about 3 ways Mastercard uses AI to fight fraud
Who doesn't love free software?Infosec professionals are fortunate to have many good free tools for a range of tasks. The following list of two dozen tools include everything from password crackers to vulnerability management systems to networks analyzers. Whatever your security role is, you'll find something useful here.MaltegoPaterva develops this forensics and open-source intelligence app, designed to deliver a clear threat picture for the user's environment. It will demonstrate the complexity and severity of single points of failure as well as trust relationships that exist within the scope of one's infrastructure. It pulls in information posted all over the Internet, whether it's the current configuration of a router on the edge of the company network or the current whereabouts of your company's vice president. The commercial license does have a price tag, but the community edition is free with some restrictions.OWASP Zed Attack Proxy (ZAP)The Zed Attack Proxy (ZAP) is a … [Read more...] about 24 best free security tools
source Getty Kanye West tweeted out videos of himself on his computer on Monday. If you look closely, one of the videos shows his MacBook – and what appears to be black tape covering the laptop’s camera. This is Kanye West, a world famous musician and fashion designer. Lately, he’s been stirring up some controversy by posting videos of himself watching Scott Adams, the former cartoonist and current right-wing provocateur. There’s a lot to notice in the short videos, and Kanye may just be stoking the fires of controversy for the fun of it. But wait a minute… pic.twitter.com/ZAWui0eXDI — KANYE WEST (@kanyewest) April 23, 2018 Let’s zoom in: source Kanye West/Business Insider On the laptop Kanye is watching, it definitely looks like he’s placed tape over the MacBook’s camera. It’s a fairly paranoid move – but for someone of Kanye’s stature, it may … [Read more...] about Kanye West covers his laptop camera with tape
As my long-time readers know, I’m dedicating the rest of my professional career to promoting a data-driven computer security defense. In a nutshell, it’s about using a company’s local data from its own experiences to create a more efficient and effective computer security defense.I’ve been strongly pushing a data-driven defense for nearly a decade, including a whitepaper, book, and multiple presentations including this one. Companies not using their own data to construct better defenses is behind the rash of easy hacking these days. It leads to inefficient and ineffective defenses, which almost certainly allow more hackers and malware to get into a company.Despite the benefits of a data-driven defense, changing a company’s culture to adopt it is hard. The lessons I’ve learned can help ease the effort.Expect pushbackI have been surprised by the amount of pushback I’ve received for saying that we, as an industry, should be better using our own … [Read more...] about Is your defensive security data-driven?
The Securities and Exchange Commission (SEC) issued new guidance in February, urging senior executives and board members to pay closer attention to cybersecurity. However, the recommendations, while more stringent than what was in place before, don't go far enough, critics say, and, more importantly, lack teeth.No consequences for failureIn a set of recommendations about disclosures of cybersecurity risks back in 2011, the SEC said that companies need to "disclose the risk of cyber incidents if these issues are among the most significant factors that make an investment in the company speculative or risky."The agency clarified that this did not require businesses to talk about specific technical details of those risks. As a result, the disclosures that companies did make were not particularly useful, according to a 2014 study by PricewaterhouseCoopers and the Investor Responsibility Research Center Institute. Instead, the disclosures "rarely provide differentiated or actionable … [Read more...] about SEC’s new cybersecurity guidance falls short