Security vendor Novetta recently led an independent investigation into the 2014 Sony breach. What lessons were learned, and how do they apply to today's threat landscape? Novetta's Peter LaMontagne shares key findings.
MacKeeper failed to alert customers earlier this year that for at least four weeks, its anti-virus software wasn't receiving regular signature updates. Industry experts say any such delay is unacceptable for an AV vendor.
The increase in breaches is having a positive impact on IT security employment, as headlines about one cybersecurity incident after another serve as recruiting tools for skilled cyber defense workers. The IT and IT security workforce reached record levels this past quarter.
Cybercriminals are sneaking banking Trojans onto systems via the legitimate remote-access tool Ammyy Admin, researchers at Kaspersky Lab warn. The attacks are a reminder to watch for legitimate applications that may have been Trojanized.
At the Black Hat event in Las Vegas later this month, researchers plan to reveal vulnerabilities in hooking engines, a critical component of security software and other applications, including Microsoft Office.
Examining the human factor in the age of cyber conflict and the new healthcare challenge concerning ransomware highlight this edition of the ISMG Security Report. Also, hackers target the Republican convention.
The GOP platform - adopted at the convention that nominated Donald Trump for president - doesn't mention the term 'hack back' but states: "We ... make clear that users have a self-defense right to deal with hackers as they see fit." Some cybersecurity experts claim the platform encourages "cowboy" justice.
The Federal Reserve's strategy for oversight of the U.S. migration toward faster payments won't change in the wake of the heists that exploited SWIFT payments, says Fed official Marianne Crowe. The long-term security of U.S. payments has always been a priority for the Fed's study of faster payments, she says.
FireEye has dealt with more disruptive data breaches over just the past year than it has since the company was founded 12 years ago. Charles Carmakal, vice president with the company's Mandiant forensics unit, shares tips for handling a breach.
The federal agency that enforces HIPAA has been very busy lately, taking numerous steps to reiterate the importance of safeguarding patient data and stressing the need to prepare a breach response plan. But the agency still needs to improve transparency on breaches involving business associates.
Oregon Health & Science University says it has been slapped with a $2.7 million fine after HHS investigated two data breaches that affected a total of about 7,000 individuals. It's the eighth HIPAA-related settlement announced by HHS so far this year.
Some healthcare entities may be more likely than organizations in other sectors to pay extortionists to unlock data that's been encrypted in ransomware attacks because patients' lives are potentially at risk if data is unavailable, says security expert Kate Borten, who discusses risk management issues.
In just two years' time, RSA analysts have seen a 170 percent rise in incidents of fraud via the mobile channel. What's behind the spike, and what can security leaders do to help their organizations and customers curb fraud losses?
An analysis of the record of the U.K.'s new prime minister, Theresa May, on cybersecurity and online privacy and a report on efforts to create an antidote to ransomware highlight this edition of the ISMG Security Report.
A recent interview about Hillary Clinton's email server controversy drew numerous comments, with respondents divided over whether users will devise ways to circumvent systems safeguards to do their jobs more effectively. Join the conversation.