Password security guidance: Do block users from picking commonly used passwords. But to avoid a usability nightmare, don't block users from picking any password that's ever been seen in a data breach, security experts advise.
A list of weak credentials for vulnerable Internet of Things devices has prompted a new effort to notify their owners. The fear is of another mass, IoT-fueled DDoS attack along the lines of last year's Mirai attacks.
Yes, malware commonly targets the Windows operating system. But if you limit malware analysis to Windows OS, you're leaving gaping vulnerabilities, says Christopher Kruegel of Lastline Inc. Here's how to maximize your analysis.
The FBI has arrested Chinese national Yu Pingan on charges that he was a "malware broker" for a remote-access Trojan called Sakula that was used in the massive breaches of Anthem and the U.S. Office of Personnel Management, among other organizations.
Analyzing Donald Trump's cybersecurity policy seven months into his administration highlights the latest edition of the ISMG Security Report. Also, Cybersecurity Coordinator Rob Joyce disses Kaspersky Lab on network TV.
The never-ending stream of bad information security news is fueling a virtual gold rush for companies offering protection. A new report from Forrester predicts a healthy growth rate over the next five years, with some specific technologies expected to see double-digit growth.
A judge has designated the case against Marcus "MalwareTech" Hutchins, who's been accused of creating and selling the Kronos banking Trojan, as "complex" after his defense requested more time to review chat logs, malware samples and other evidence submitted by prosecutors.
Extradited Canadian national Karim Baratov, who's been accused of helping the Russian intelligence officers who allegedly ordered up the hacking of 500 million Yahoo users' accounts, pleaded not guilty to related charges in a San Francisco federal courtroom.
Crew error - not hacking - remains the most likely explanation for this week's deadly collision between a U.S. Navy guided-missile destroyer and a merchant oil and chemical tanker off the coast of Singapore, experts say.
The latest ISMG Security Report leads with information security guru Ron Ross discussing changes coming to the National Institute of Standards and Technology's catalog of IT security and privacy controls. Also, challenges facing an upgraded U.S. Cyber Command.
Beyond the emotion, the arrest of security researcher Marcus Hutchins last month on charges that he developed and sold banking malware has thrust information security researchers into the legal limelight and highlighted just how much law enforcement agencies rely on them.
Ukraine's central bank has warned state-owned and private banks that a new malware campaign targeting financial services firms across the country may be a prelude to a new assault of Not-Petya proportions, Reuters reports.
Carbon Black rolled with the punches last week after it was accused of exposing customer data via a bug in one of its endpoint detection products. It turned out there was no bug. But the company has gone back and uncovered a bug that did expose customer data, albeit on a small scale.
A report claims British intelligence agency GCHQ knew in advance that the FBI planned to arrest WannaCry "hero" Marcus Hutchins when he visited the United States for the annual Black Hat and Def Con conferences last month. The information security community asks: Is that justice?
At ISMG's recent New York Fraud & Breach Prevention Summit, attendees interacted with technology solution providers and other thought leaders, gaining practical insights on solving real-world problems.