Locky ransomware leaves a desktop message instructing victims to visit a darknet site to pay a ransom. (Source: Comodo)

Locky Ransomware Returns With Two New Variants

Mathew J. Schwartz • August 18, 2017

Locky is back. After falling off the radar last year, the ransomware is once again being distributed via massive spam campaigns - run by the Necurs botnet - in the form of two new variants named Diablo and Lukitus.

Anti-Malware

Kaspersky Withdraws Antitrust Complaints Against Microsoft

Latest

Cybersecurity

Scottish Parliament Repels Brute-Force Email Hackers

Mathew J. Schwartz • August 18, 2017

Hackers have been targeting the Scottish Parliament in a "brute force cyberattack" aimed at guessing users' email passwords. Security experts say it's unlikely that state-backed attackers would resort to such a blunt assault.

Cybersecurity

Philips to Fix Vulnerabilities in Web-Based Health App

Jeremy Kirk • August 18, 2017

Philips plans to fix alarming vulnerabilities in a web-based application used to track patient radiation exposure. Versions of the DoseWise Portal mistakenly shipped with errors, including hard-coded credentials for a database and lack of encryption for patient data.

Anti-Malware

New Exploit Kit: A Closer Look

Joan Goodchild • August 18, 2017

The latest edition of the ISMG Security Report leads with a closer look at a new exploit kit and whether it represents a resurgence in these types of criminal packages. Also featured: a discussion of new vehicle security concerns and communications advice for CISOs.

Breach Preparedness

Medical Device Cybersecurity: Legal Concerns

Marianne Kolbasuk McGee • August 17, 2017

Healthcare organizations need to consider a number of legal issues when it comes to cybersecurity incidents involving medical devices, attorney Thomas Barnard explains in an in-depth interview.

Breach Preparedness

Supply Chain Woes, Again: NetSarang Popped

Jeremy Kirk • August 16, 2017

There's little defense against software updates that have been seeded with malicious code. Kaspersky Lab says attackers planted a backdoor in software updates from network management vendor NetSarang.

CISO

3 Questions Successful Security Leaders Should Ask

Joan Goodchild • August 16, 2017

Communication consultant Michael Santarcangelo outlines three key questions CISOs should ask at the outset of any project to convey security's value and clearly set expectations

Anti-Malware

Analysis: Another Medical Device Security Issue

Joan Goodchild • August 15, 2017

In this latest edition of the ISMG Security Report we learn more about certain Siemens medical devices containing vulnerabilities that could allow hackers to remotely execute arbitrary code. Also: a report on Kaspersky Lab dropping its complaint against Microsoft and part 2 of an election security interview.

Endpoint Security

Improving the Cybersecurity of IoT, Medical Devices

Marianne Kolbasuk McGee • August 15, 2017

How could the private sector benefit from steps federal agencies are taking to improve the cybersecurity of the internet of things and medical devices? In an in-depth interview, two experts at UL who are working closely with the agencies explain the potential impact.

Fraud

Texas Physician Gets 35-Year Sentence in Huge Fraud Scheme

Marianne Kolbasuk McGee • August 11, 2017

A Dallas physician has been sentenced to 35 years in federal prison and ordered to pay more than $268 million in restitution for his role in a huge Medicare and Medicaid fraud conspiracy involving billing for unnecessary home healthcare services.

Breach Notification

Creating Cyber Plan to Thwart Those Seeking to Sway Elections

Eric Chabrow • August 11, 2017

Leading the latest edition of the ISMG Security Report: An interview with the head of a new cyber initiative to help political campaigns and local, state and federal election officials safeguard America's electoral process. Also, analyzing the evolving characteristics of the healthcare breach.

Cybersecurity

Health Data Security: Making Progress?

Marianne Kolbasuk McGee • August 10, 2017

Yet another survey confirms that despite high-profile cyber threats, many healthcare organizations still have relatively skimpy information security budgets - a continuing area of concern for CISOs. Find out how security practitioners and analysts interpret the results of the 2017 HIMSS Cybersecurity Survey.

Anti-Malware

Here's How Ugly Infosec Marketing Can Get

Jeremy Kirk • August 10, 2017

Security vendors are known to sprinkle hyperbole among their claims. But the strategy has backfired for DirectDefense, which mistakenly cast endpoint protection vendor Carbon Black as a contributor to the "world's largest pay-for-play data exfiltration botnet."