Security is a journey not a destination. What's been deployed today may be found
to have a vulnerability tomorrow. Operating systems like Windows Server 2003 and
2008, which were once trusted building blocks for critical applications, are now
potential liabilities as time goes on and maintenance comes to an end and...
A HIPAA-related enforcement case in Massachusetts involving two insider breaches alleges a trail of missteps, including failure to take prompt action after receiving tips about potential misuse of patient information. What can other entities learn from the mistakes?
Kenrick Bagnall, a former IT executive who is now a detective constable with the Toronto Police, offers unique insights on public/private partnerships and how enterprises can work better with investigators in the event of a breach.
Massive, well-resourced companies are still using live customer data - including their plaintext passwords - in testing environments, violating not just good development practices but also privacy laws. That's yet another security failure takeaway from last year's massive Equifax breach.
Those of you who are CISOs and have been conducting awareness programs for years realize that ''the devil is in the details" when building a successful program. Initial attempts to get an awareness program started are usually done by trial and error- but this hit-and-miss approach is often ineffective or frustrating....
Scotland's Arran Brewery fell victim to a Dharma Bip ransomware attack that infected its Windows domain controller and crypto-locked files and local backups, leading to the loss of three months' worth of sales data. The brewery refused to pay the attackers' two bitcoin ransom demand.
Credit bureau Equifax has been hit with the maximum possible fine under U.K. law for "multiple failures" that contributed to its massive 2017 data breach, including its failure to act on a critical vulnerability alert issued by the U.S. Department of Homeland Security.
Online retailer Newegg is investigating a malware attack that may have stolen customers' payment card details for more than a month. Security firms have traced the heist to Magecart, a loose affiliation of cybercrime gangs also tied to payment card data breaches at British Airways and Ticketmaster.
The biggest security budget in the business cannot save you from also suffering one of the biggest breaches. The key is: Do you have the right skills and technology deployed to defend your critical assets? Michael Malone and Ben Johnson of Datashield, an ADT company, make the case for outsourcing.
Criminals operating online continue to target cryptocurrencies, leverage phishing and other social engineering attacks, as well as tweak age-old scams - including Nigerian prince emails - for the modern age. So warns Europol in its latest Internet Organized Crime Threat Assessment.
If you're going to hack, why not go for the gold? That appears to have been the impetus behind an unusual data breach at the government-owned Perth Mint in Western Australia, which says personal details for 3,200 customers stored in an old database were compromised.
From the sudden spread of WannaCry and Petya/NotPetya,
to the swift growth in coinminers, 2017 provided us with
another reminder that digital security threats can come
from new and unexpected sources. With each passing year,
not only has the sheer volume of threats increased, but the
threat landscape has become...