Latest

Anti-Malware

New Exploit Kit: A Closer Look

Joan Goodchild  •  August 18, 2017

The latest edition of the ISMG Security Report leads with a closer look at a new exploit kit and whether it represents a resurgence in these types of criminal packages. Also featured: a discussion of new vehicle security concerns and communications advice for CISOs.

Cybersecurity

Fresh Vehicle Hack Disables Airbags, Anti-lock Brakes

Jeremy Kirk  •  August 17, 2017

The 30-year-old protocol used by motor vehicle sensors to communicate may have to be rewritten following a proof-of-concept "error flooding" attack that can disable airbags, parking sensors and safety systems.

Breach Preparedness

Supply Chain Woes, Again: NetSarang Popped

Jeremy Kirk  •  August 16, 2017

There's little defense against software updates that have been seeded with malicious code. Kaspersky Lab says attackers planted a backdoor in software updates from network management vendor NetSarang.

CISO

3 Questions Successful Security Leaders Should Ask

Joan Goodchild  •  August 16, 2017

Communication consultant Michael Santarcangelo outlines three key questions CISOs should ask at the outset of any project to convey security's value and clearly set expectations

Anti-Malware

Analysis: Another Medical Device Security Issue

Joan Goodchild  •  August 15, 2017

In this latest edition of the ISMG Security Report we learn more about certain Siemens medical devices containing vulnerabilities that could allow hackers to remotely execute arbitrary code. Also: a report on Kaspersky Lab dropping its complaint against Microsoft and part 2 of an election security interview.

Endpoint Security

Improving the Cybersecurity of IoT, Medical Devices

Marianne Kolbasuk McGee  •  August 15, 2017

How could the private sector benefit from steps federal agencies are taking to improve the cybersecurity of the internet of things and medical devices? In an in-depth interview, two experts at UL who are working closely with the agencies explain the potential impact.

Breach Preparedness

Anthem Breach Lesson: Why Granular Access Control Matters

Marianne Kolbasuk McGee  •  August 14, 2017

Healthcare organizations can learn important lessons - including the need for granular data access control - from the costly proposed settlement of the breach lawsuit against health insurer Anthem, says Bill Fox, a former federal prosecutor.

Fraud

Texas Physician Gets 35-Year Sentence in Huge Fraud Scheme

Marianne Kolbasuk McGee  •  August 11, 2017

A Dallas physician has been sentenced to 35 years in federal prison and ordered to pay more than $268 million in restitution for his role in a huge Medicare and Medicaid fraud conspiracy involving billing for unnecessary home healthcare services.

Anti-Malware

Here's How Ugly Infosec Marketing Can Get

Jeremy Kirk  •  August 10, 2017

Security vendors are known to sprinkle hyperbole among their claims. But the strategy has backfired for DirectDefense, which mistakenly cast endpoint protection vendor Carbon Black as a contributor to the "world's largest pay-for-play data exfiltration botnet."

Data Breach

Nationwide Insurance Breach Settlement: $5.5 Million

Howard Anderson  •  August 9, 2017

Nationwide Mutual Insurance Co. will pay a $5.5 million settlement and update its security practices as a result of an agreement with attorneys general in 32 states and the District of Columbia in the wake of a 2012 data breach affecting more than 1.2 million individuals.

Breach Response

FireEye's Post Mortem: Analyst Didn't Change Passwords

Jeremy Kirk  •  August 8, 2017

It's a red-faced moment for FireEye. The company says an investigation reveals that an attack against an analyst's personal online accounts was enabled by the employee's continued use of compromised login credentials.

Anti-Malware

Backstory on Arrest of Marcus Hutchins

Eric Chabrow  •  August 8, 2017

The latest edition of the ISMG Security Report leads with a report on the charges brought against Marcus Hutchins, the "accidental hero" who stoped the WannaCry malware outbreak. Also featured: reports on advances in attribution and new legislation to secure vulnerable medical devices.