A small Indiana charity that provides support services to cancer patients is the latest apparent victim of a hacker identified as "TheDarkOverlord," an extortionist who has been tormenting the healthcare sector since last summer. But the organization is refusing to pay a ransom to retrieve lost data.
The National Institute of Standards and Technology has published its initial draft of its first revision to its cybersecurity framework, which is designed to help critical infrastructure operators and other organizations safeguard their digital assets.
Companies involved in mergers and acquisitions are increasingly targeted with cyberattacks that could potentially derail the deals, says Bryce Boland of FireEye, who outlines the risks and offers tips for mitigating them.
In this edition of the ISMG Report: An FTC complaint filed against a camera manufacturer could signal the start of a trend to regulate IoT security. Also, Donald Trump adviser Rudolph Giuliani's cybersecurity credentials are questioned, and a terrorist shooting prompts new privacy guidance.
In a reminder that healthcare organizations continue to be targeted by more than just crypto-locking extortionists, a cyberattack against an NHS trust didn't involve ransomware - as some initial reports suggested - but rather a never-before-seen Trojan.
Dutch police reveal they arrested an e-commerce website developer on charges of installing backdoors that allowed him to siphon 20,000 email addresses and passwords, which he then allegedly used to commit fraud using some old-school tactics.
Critical issues that must be addressed to pave the way for broader exchange of health information are expanding the use of multifactor authentication and data encryption and making broad improvements in identity management, says David Kibbe, M.D., president and CEO of DirectTrust.
Malware designed to get ATMs to spit out their cash - advanced when it first debuted - has been upgraded, according to a report from FireEye. Now, the Ploutus-D malware talks to legitimate ATM middleware, enabling it to target machines from 40 vendors. What does this mean for financial institutions?
A researcher claims WhatsApp has dismissed his finding that there's a backdoor in the application that could allow attackers to unlock encrypted messages. But the controversy is more nuanced - and for most of us, much less threatening - than it might first appear.
Yet another study reveals that millions of people are picking weak passwords, with "123456" remaining our collective favorite. Rules requiring stronger passwords and not forcing passwords to expire both could help boost security.
Examining the causes of a cyberattack that blacked out Ukraine's power system leads the latest edition of the ISMG Security Report. Also, a report on the Anthem breach and commentary on President-elect Donald Trump's characterization of cybersecurity.
Rudy Giuliani, the former New York mayor who's been tapped by U.S. president-elect Donald Trump to lead a cybersecurity corporate outreach program, runs a security consulting firm with a website that's been given a failing grade for its security.
Yet another power blackout in Ukraine was the result of attackers striking via spear-phishing emails and malware, researchers have confirmed. Ukraine's president blamed the campaign on Russia and said it disrupted a number of critical infrastructure targets.
Although HIPAA requires healthcare organizations to conduct a periodic security risk analysis focused on systems containing PHI, larger entities should also perform more comprehensive security self-assessments, advises CISO David Loewy of SUNY Downstate Medical Center, who explains his approach.
A list of "super user" passwords - and a default username - now circulating online appears to allow unauthorized access to some webcam video streams, security researchers warn. If confirmed, it would be yet another massive internet of things security failure by a device manufacturer.