Abid Adam, group CISO and group head of privacy, Axiata Group

How This CISO Handles Security in Multiple Business Sectors

Suparna Goswami • December 12, 2019

What challenges does a CISO face when dealing with issues facing several industries? Abid Adam of Axiata Group, a conglomerate based in Malaysia, describes his efforts to manage privacy and security in three diverse sectors.

Artificial Intelligence & Machine Learning

Medical Device Cybersecurity: A Team Approach

Latest

Cyberwarfare / Nation-State Attacks

Securing the 2020 Election

Tom Field • December 13, 2019

In 2016, Retired Brigadier General Francis X. Taylor had a front-row seat to the election interference threat picture. Today, as a leader of U.S. CyberDome, what's his view on how well the U.S. is prepared to protect the 2020 federal election?

Cybercrime

North Korean Hackers Tapping Into TrickBot: Report

Scott Ferguson • December 13, 2019

New research finds that hackers linked to the North Korean government are now renting the botnet created by TrickBot malware, as well as access to a highly customized malicious framework, to help further their goals - including targeting payment systems.

Business Continuity Management / Disaster Recovery

Georgia Wire Manufacturer Struck by Ransomware

Jeremy Kirk • December 13, 2019

A large Atlanta-area manufacturer of wire and cable says it has brought some systems back online after what appears to be a ransomware infection. Southwire Co., based in Carrollton, Georgia, tweeted on Thursday that "we are doing all we can to minimize and resolve this disruption."

Endpoint Security

Analysis: A Better Approach to Cyber Defense

Nick Holland • December 13, 2019

The latest edition of the ISMG Security Report discusses why cyber defense teams need to think more like attackers. Plus, a case study on cross-border payment fraud, and an expert's take on security for the 2020 elections.

3rd Party Risk Management

Is your Organization Suffering From Third-Party "Compliance Drift"?

Tony Howlett • December 13, 2019

Third-party vendors accessing your most critical systems and networks can also bring in security incidents along with all those wonderful things they promised in the sales presentation.

Governance

Scrutiny of Google's Access to Patient Data Intensifies

Marianne Kolbasuk McGee • December 12, 2019

Ascension healthcare system's sharing of data with Google on millions of patients is drawing increased scrutiny from members of Congress as well as privacy advocates. What are the major areas of concern?

Cyberwarfare / Nation-State Attacks

Electrical Grid Cybersecurity Measure Advances

Scott Ferguson • December 12, 2019

A proposal that won U.S. House approval Wednesday calls for crafting a strategy for securing the nation's electrical grid. It also would create a two-year pilot program within the U.S. Energy Department's National Laboratory to identify vulnerabilities within the grid.

Encryption & Key Management

Visual Journal: Black Hat Europe 2019

Mathew J. Schwartz • December 12, 2019

Black Hat Europe returned to London last week, featuring two days of briefings covering topics from cryptography and breach response to exploit development and application security. Plus, a packed business hall offered technical demonstrations. Here are visual highlights of the event.

Blockchain & Cryptocurrency

Five Charged in $722 Million Cryptomining Ponzi Scheme

Scott Ferguson • December 11, 2019

The Justice Department has charged five individuals with running a high-tech Ponzi scheme that allegedly fleeced investors out of $722 million by falsely promising clients big returns as part of a cryptomining operation.

Endpoint Security

Intel Chips Vulnerable to 'Plundervolt' Attack

Jeremy Kirk • December 11, 2019

Intel issued a firmware update on Tuesday to mitigate an attack developed by researchers, dubbed Plundervolt, which uses voltage fluctuations to reveal secrets such as encryption keys. The findings are the latest bad news for Intel as researchers have dug deep into its chip architecture.

Account Takeover

Joker's Stash Celebrates Turkey Day With Stolen Card Data

Mathew J. Schwartz • December 11, 2019

The notorious Joker's Stash carder marketplace has recently listed for sale 460,000 records, including four "Turkey-Mix" batches that feature never-before-seen payment card data that traces to Turkey's 10 largest banks, says cybersecurity firm Group-IB.

Endpoint Security

McAfee Considers Purchase of NortonLifeLock: Report

Akshaya Asokan • December 11, 2019

McAfee's ownership team is exploring a deal to acquire NortonLifeLock, the renamed, publicly traded firm that was formerly the consumer and small business security division of Symantec, according to the Wall Street Journal, which cites "people familiar with the matter."