Latest

Breach Response

$115 Million Settlement in Massive Anthem Breach Case

Marianne Kolbasuk McGee  •  June 23, 2017

Health insurer Anthem has agreed to a proposed $115 million deal to settle a class action lawsuit over a 2015 cyberattack that resulted in data breach affecting nearly 78.9 million individuals. If approved, lawyers say it would be the largest data breach settlement ever.

►

Awareness & Training

CISO Thom Langford on Risk and Awareness

Tom Field  •  June 23, 2017

Publicis Groupe CISO Thom Langford discusses how best to measure your organization's true risk appetite and the business value of blending storytelling techniques into your security awareness programs.

►

DDoS

The Weaponization of DDoS

Tom Field  •  June 23, 2017

The Mirai botnet is just the most high-profile example of the new weaponization of DDoS. Attacks are stronger than ever, and multilayer defenses are needed to prevent disruption and distraction, says Darren Anstee of Arbor Networks.

Anti-Malware

The Return of the Luddite: Securing Critical Systems

Eric Chabrow  •  June 23, 2017

The latest edition of the ISMG Security Report leads off with a look at why organizations turn to paper when critical systems can't be secured. Also, how to hack air-gapped systems over the internet.

Fraud

How PayPal Protects Billions of Transactions

Varun Haran  •  June 23, 2017

In an in-depth interview, Guru Bhat, head of engineering at PayPal, describes how the online payments provider has used a mix of sophisticated automation, including machine learning, and human insight to maintain a fraud loss rate of just 0.32 percent.

Breach Preparedness

Hollywood Studio Hit By Cyber Extortion Says: 'Don't Trust Hackers'

Jeremy Kirk  •  June 23, 2017

The back story behind the ransom attack that led to the unauthorized early release of the Netflix series "Orange Is the New Black" is a cautionary tale in dealing with cyber extortionists such as The Dark Overlord.

Anti-Malware

Microsoft Defends AV Handling After Kaspersky Antitrust Lawsuits

Jeremy Kirk  •  June 22, 2017

Microsoft has sought to get in front of a brewing controversy over whether it unfairly disables third-party anti-virus products in Windows 10. The company is seeking to dampen charges that are reminiscent of its years-long legal tangles with global antitrust regulators.

Cybersecurity

Intelligence Panel Learns How to Hack Air-Gapped Voting Systems

Eric Chabrow  •  June 21, 2017

Hackers can breach air-gapped voting machines and tallying systems in an attempt to alter ballots to sway the outcome of an election, a Senate panel has learned. Also, at the hearing, DHS discloses that Russian hackers targeted 21 state election systems before the 2016 election.

Encryption

Crypto in Europe: Battle Lines Drawn

Mathew J. Schwartz  •  June 21, 2017

The European Parliament and European Commission are pushing for mandatory end-to-end encrypted communications, and banning backdoors, as part of the EU's rebooted e-privacy regulation. But the move runs counter to anti-crypto rhetoric being spouted by government ministers in Britain and France.

Anti-Malware

Honda Hit by WannaCry

Mathew J. Schwartz  •  June 21, 2017

One month after the SMB-targeting WannaCry worm outbreak began spreading globally, Honda discovered fresh infections at multiple facilities, and was forced to temporarily idle one plant as a result of the ransomware.

Data Loss

198 Million US Voter Records Left Online For Two Weeks

Jeremy Kirk  •  June 20, 2017

A data analytics firm aligned with the Republican Party says it accepts "full responsibility" after it exposed online a list that includes virtually all U.S. voter registration records along with extensive research that attempts to guess people's political views.

Anti-Malware

'Eulogizing' Neutrino Exploit Kit

Eric Chabrow  •  June 20, 2017

Writing the obituary for the lifeless Neutrino exploit kit leads the latest edition of the ISMG Security Report. Also, judging the value of the Department of Health and Human Services' wall-of-shame website of healthcare sector breaches.