Leading the latest edition of the ISMG Security Report: England's Court of Appeal rejects U.S. extradition request for suspected hacker Laurie Love. Also, what took Uber and Partners Health so long to come clean about their respective data breaches?
Do healthcare entities face a growing risk of being hit with cryptocurrency mining attacks, which have become more common in other sectors? A Tennessee hospital may be the first victim in the sector, and some security experts predict many more such incidents.
Uber CISO John Flynn tells a U.S. Senate subcommittee that the company should have told the public sooner about its 2016 data breach. He says the company's attempt to position its $100,000 payoff to hackers as a bug bounty was not appropriate.
A Canadian museum had multiple points of possible infiltration to protect: employees with memory sticks, phishing attacks, visitors and contractors connecting to Wi-Fi, and exhibit computers. Additionally, the museum had prevented ransomware attacks in the past, but needed to increase its level of protection.
A malware incident at Partners HealthCare that was detected last spring but was only recently determined to have exposed patient data illustrates that confirming a data breach through a forensics investigation can be difficult and time-consuming.
A hacking team dubbed "Group 123" with apparent ties to the government of North Korea has been exploiting a zero-day vulnerability in the Flash browser plug-in, likely to hack high-value targets. Adobe has released an emergency Flash update with security fixes. Or organizations could simply stop using Flash.
The Department of Justice has charged two men, arrested in Connecticut near the scene of a jackpotting attack against a drive-up ATM, with bank fraud stemming from a malware attack. Police say they recovered $9,000 in $20 bills, as well a black box and other equipment from the suspects' car.
Apple and Cisco say they've partnered with insurers Aon and Allianz to offer cyber insurance policies for organizations that meet best security practices and use products from the technology companies. The partnership follows increasing interest in cyber insurance as a hedge against hacking risks.
The reality of just being able to know what's in the environment is to know where organisations are vulnerable so they can then take the right approaches to addressing it.
A frustrating factor with WannaCry is that it leveraged a known vulnerability, one that had been disclosed for over a month. The patch had...
Lauri Love, a British man accused of 2012 and 2013 hack attacks against U.S. government computers - including systems operated by the Federal Reserve, U.S. Army and NASA - has won his legal bid to quash a U.S. extradition request. But he still faces a potential trial in England.
Orwell got it wrong: People are less likely to surrender their privacy to a totalitarian state than to the lure of sharing holiday snaps, cat videos or the route and time they took for their latest cycling, jogging or kiteboarding outing, as captured by a wearable fitness device.
In 2014, the Department of Defense (DoD) issued instructions that replaced DoD Information Assurance Certification and Accreditation Process (DIACAP) with the Risk Management Framework (RMF). The RMF is designed to be managed as a continual process as the risk posture evolves over time for each information...
The fact that Federal agencies are prime targets for the most sophisticated cyber threats is undeniable. If cyberattacks are inevitable, then robust capabilities for security investigation, threat hunting, and rapid response are essential. Government cybersecurity professionals require visibility across their silos of...
The booming interest and sometimes surging values of cryptocurrencies are drawing the interest of cybercriminals on a scale never seen before - including attacks aimed at trying to steal computing power to mine cryptocurrency.