Writing the obituary for the lifeless Neutrino exploit kit leads the latest edition of the ISMG Security Report. Also, judging the value of the Department of Health and Human Services' wall-of-shame website of healthcare sector breaches.
A new dump from WikiLeaks has revealed an apparent CIA project - code named "CherryBlossom" - that since 2007 has used customized, Linux-based firmware covertly installed on business and home routers to monitor internet traffic and exploit targets' devices.
GDPR is in effect, and in one year, regulators will start to assess penalties against enterprises not in conformance with the regulation. How prepared are entities? Will it take a high-profile penalty to get the world's attention? Michael Hack of Ipswitch weighs in.
Cybercriminals and nation-state threat actors are beginning to act alike - and that's bad news for cybersecurity leaders and their enterprises, says Eward Driehuis of SecureLink. Here are the trends to track.
Clothing retailer Buckle says malware installed on its point-of-sale systems apparently stole customers' payment card details for nearly six months. Buckle's warning, which follows a breach alert from Kmart, shows the fight against payment card fraud is far from over.
Sixty-five percent of security leaders consider their organizations' security postures to be above average or superior. But only 29 percent are very confident in their security controls. Neustar's Tom Pageler analyzes results of Strategic Cybersecurity Investments Study.
Former U.S. CISO Gregory Touhill says the federal government must rethink how it hardens its workforce to prevent cyberattackers from succeeding. Organizations, he says, should regularly conduct cybersecurity exercises to help build their cyber defense.
Britain's security services have reportedly concluded that the WannaCry ransomware outbreak was launched by Lazarus group, a hacking team tied to North Korea. Attribution aside, security experts question how many organizations can defend themselves against Lazarus attacks.
The CEO of the company that crippled WannaCry's ransomware component explains to Congress how the worm continues to attack unpatched systems at increasing rates. Also, creating a healthcare cybersecurity framework.
Despite the efficiencies of cloud services, security remains a significant barrier of entry for many organizations. Mark Urban of Symantec offers advice to help security leaders navigate past cloud complexity and chaos.
Good news: The Neutrino exploit kit - once a major exploit kit player - appears to have disappeared from the cybercrime scene. While it's unclear if Neutrino is gone for good, rivals have already filled any gaps in the market.
The U.S. government on Wednesday issued its most direct and technically detailed advisory about North Korea's hacking activity to date, warning that the country continues to target U.S. media, aerospace, financial and critical infrastructure sectors.
Victims of Jaff and EncrypTile ransomware can take advantage of two new free tools from security firms that exploit weaknesses in the malware crypto to forcibly crack encrypted files on demand - no potential ransom-payment required.
It's easy to draw a direct link between high-profile breaches and the compromise of user credentials. But it requires a phased approach to actually improve privileged access management, says Barak Feldman of CyberArk.
Microsoft fears that nation-state actors may unleash viral code that could devastate users. On Tuesday, it released software fixes again for its older operating systems in hopes of averting a repeat of last month's infection of tens of thousands of computers with ransomware.