Large healthcare companies in the U.S., Europe and Asia are getting hit with a backdoor that comes from a long-observed group, which Symantec calls Orangeworm. The backdoor has been found on X-ray machines and MRIs.
One measure of why it's so difficult for organizations to keep their software patched and better secured: Of the nearly 20,000 unique vulnerabilities in 2,000 products cataloged last year, only half involved Microsoft, Adobe, Java, Chrome or Firefox software, says Flexera's Alejandro Lavie.
Corporate espionage appears to be the motive behind cyberattacks targeting a variety of medical-related equipment and systems, researcher Jon DiMaggio of Symantec says in an in-depth interview about the activities of a hacker group the company has dubbed "Orangeworm."
Incident response is a critical pillar of an effective endpoint security program, one that will gain importance as GDPR enforcement comes into play on May 25. Organizations must be ready to react if and when an incident occurs in order to meet the stringent requirements that apply during an incident.
Abbott Laboratories has issued software updates for certain implantable cardiac devices to address cybersecurity flaws and battery issues that pose potential safety risks to patients. The problems were also the subject of previous warnings by two federal agencies.
After years of focus, the needle is moving positively toward improving medical device security. But what about the growing cybersecurity issues associated with enterprise IoT? Mac McMillan of CynergisTek shares his concerns.
Hot cybersecurity trends under discussion at this year's RSA Conference include artificial intelligence, facial recognition, protecting not just data but also knowledge, as well as rapid data breach response, says Chris Pierson, CEO of Binary Sun Cyber Risk Advisors.
Cybersecurity pros need to apply the Darwinian approach of "survival of the fittest" to cybersecurity to navigate the risk landscape and raise the industry baseline for security, says Dan Schiappa of Sophos.
Thirty-four companies have signed on to the Microsoft-led Cybersecurity Tech Accord, which is aimed at protecting civilians from cybercriminal and state-sponsored attacks. The agreement crucially includes a pledge not to help governments with cyberattacks
The FDA has issued plans for advancing the safety of medical devices, including a proposal to impose new cybersecurity requirements on manufacturers. Some experts say the FDA's plans are a good move, given the current device risk environment, but they warn that some proposals could prove difficult to achieve.
At the opening of the RSA Conference in San Francisco, executives from RSA, Microsoft and McAfee offered an update on the state of cybersecurity, focusing on WannaCry. They called for the industry to work more closely together to protect not just individuals but also society.
As GDPR and other global regulations put a premium on data governance, organizations focus increasingly on the evolution of data loss prevention. Dave Karp of Digital Guardian outlines what this means.