Enterprises must have meaningful conversations about business risk at all levels and across every department. Risk scoring is a fundamental way of normalizing risk to make sense of complex and disparate data. It enables you to standardize reporting, streamline workflows and communicate risk clearly to stakeholders....
USB devices and ports pose serious risks, and they aren't going away anytime soon. But researchers say they've developed a way to block malicious actions by USB devices to help prevent attacks such as "BadUSB."
Unlike other malware, ransomware practically screams and shouts at victims, and that distinct behavior holds promise for helping to better detect and block ransomware infections, according to Northeastern University security researchers.
A very advanced and targeted cyber-espionage campaign has been active for five years, and employs stealthy malware that can penetrate air-gapped networks and exfiltrate data using multiple techniques, security researchers warn.
Too many organizations have too many disjointed security controls, says Vijay Bharti, Vice President and Head of the Security Unit at Happiest Minds. What do they need? In this interview, Bharti talks about the pressing need for an integrated cybersecurity approach that includes analytics, machine learning and a...
CISOs must be empowered to define the security architecture for smart cities. How? By securing endpoints of known and unknown device categories in the network, says David Dufour, head of security architecture for smart cities at Webroot.
Security firms are warning that they've seen a spike in infections tied to a virulent strain of trojanized Android adware called Shedun - a.k.a. HummingBad - that can root smartphones, survive factory resets and earn cybercriminals big money.
A bitter battle flares up in the fiercely competitive endpoint protection products market, and uncovering the real impact over Hillary Clinton's email server. These items highlight this edition of the ISMG Security Report.
Endpoint protection vendors compete fiercely for customers, and allegations of impropriety are common among rivals. The latest battle pits Sophos against Cylance. Whose version of the story is the truth?
While malware may be used for an initial attack, hackers quickly begin using tools to move around networks that often don't raise suspicion. Here's what to look out for to detect a "low and slow" attack.
Google Project Zero researcher Tavis Ormandy has once again found major vulnerabilities in Symantec's security products. Symantec has released updates, but not all will install automatically - some vulnerable products must be manually updated.
In an in-depth interview, Michael Sentonas of breach response specialist CrowdStrike discusses how a focus on malware detection may still be leaving organizations exposed and describes the firm's new efforts in the Asia-Pacific region.
Adobe Flash security alert redux: All enterprises should immediately update - or delete - all instances of Flash Player, following reports that a zero-day flaw in the Web browser plug-in is being targeted by the new "ScarCruft" APT group.
Preparing for data breaches - to detect them quickly, respond appropriately and ascertain exactly what happened - can help make the difference between a security incident having major or minor repercussions, says CrowdStrike CEO George Kurtz.