An examination of the maturing of cybercrime leads the latest edition of the ISMG Security Report. Also, understanding the Intel Active Management Technology flaw.
Reporting software vulnerabilities can be legally dicey, particularly if the affected company has not previously had contact with computer security researchers. A Sydney consultant recently experienced both ends of the spectrum while investigating building management software.
While the federal health data breach tally shows that hacker incidents continue to rise in 2017, regulators are offering up some insights from their investigations into a handful of ransomware-related breaches reported in 2016.
The critical Active Management Technology flaw in many Intel chipsets' firmware can be remotely exploited using any password - or even no password at all - to gain full access to a system, security researchers warn. Numerous systems and even ATMs will require forthcoming firmware fixes.
The U.S. Social Security Administration will implement multifactor authentication starting June 10, sending a passcode via SMS or email. The revised scheme comes after an ill-planned effort last July.
The latest draft version of the Trump administration's cybersecurity executive order is similar to the previous version and lays out a plan to secure U.S. federal government and critical infrastructure IT that could have come out of the Obama White House.
The Department of Homeland Security is warning IT service providers, healthcare organizations and three other business sectors about a sophisticated cyberattack campaign that involves using stolen administrative credentials and implanting malware on critical systems.
CISOs are increasingly being asked by management and boards to predict what the cost of a breach or cyber incident might be. But most still need to develop good predictive metrics, says Benjamin Dean, president of Iconoclast Tech.
As the practice of crimeware as a service matures, the defensive game for security leaders completely changes, says Michelle Cobb of Skybox Security. She explains how organizations should respond.
In his world travels, Steve Durbin of the Information Security Forum sees the global cybersecurity industry coming of age. But he also sees the steady maturation of cybercriminals and their schemes. How can organizations best counter the changing threat landscape?
As an assistant U.S. attorney in northern Georgia, Nathan Kitchens has seen scores of cybercrime cases - especially ransomware attacks and business email compromises. And he has two words of advice to potential victims: Be prepared.
Security practitioners are debating the role deception technologies can play in a security strategy. But how does the latest technology actually work? Sahir Hidayatullah, CEO and co-founder of Smokescreen Technologies, offers some insights.
MDLive has filed a motion to dismiss a class action lawsuit that alleges the telehealth application vendor violated users' privacy by "secretly monitoring, collecting, and transmitting their usage of the app, and sharing it with a third-party vendor."
Score another one for social engineering: A phishing campaign used a bogus "Google Docs" app to trick people into surrendering full access to their Google accounts and contacts. Before Google squashed the campaign, up to 1 million of its users may have fallen victim.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.