A hacker is reportedly selling on the dark web copies of databases stolen from three unidentified U.S. healthcare organizations and one unnamed health insurer containing data on millions of patients. Why are such postings becoming more common, and what can organizations do to avoid becoming the next victim?
While PCI compliance is a priority for many U.S. retailers, some major companies in Australia say they'd rather forego the cost of compliance and risk the possibility of steep fines if a card breach occurs.
In an in-depth interview, Michael Sentonas of breach response specialist CrowdStrike discusses how a focus on malware detection may still be leaving organizations exposed and describes the firm's new efforts in the Asia-Pacific region.
With ransomware attacks surging, all organizations should ensure they have an enterprise backup and disaster recovery plan in place, and eliminate all unnecessary, outdated or disused applications and services running on endpoints and servers, says ESET's Mark James.
Adobe Flash security alert redux: All enterprises should immediately update - or delete - all instances of Flash Player, following reports that a zero-day flaw in the Web browser plug-in is being targeted by the new "ScarCruft" APT group.
Preparing for data breaches - to detect them quickly, respond appropriately and ascertain exactly what happened - can help make the difference between a security incident having major or minor repercussions, says CrowdStrike CEO George Kurtz.
A hacker nicknamed Guccifer 2.0 claims to be the lone attacker who breached the Democratic National Committee's systems. The claim contradicts Crowdstrike's conclusion that two Russian state-sponsored groups were involved.
Apple is building "differential privacy" into iOS 10 to try and block attempts to identify or track individual users based on their behavior, keyword searches or other activities. But will the functionality perform as advertised?
The FDA is reviewing comments on its proposed cybersecurity guidance for medical devices, including suggestions that it should beef up the guidance with more details. Meanwhile, the agency has issued new proposed guidance clarifying that manufacturers can share device-generated information with patients.
In the latest ISMG Security Report, our editors analyze Symantec's pending purchase of Blue Coat; vulnerabilities in mobile banking apps; retailers' objections to a national data breach notification bill; and the relaunching of the IRS Get Transcript tool after a breach.
First the hackers came for our credit cards. Now they're taking control of our TVs. Witness the latest version of FLocker - for "frantic locker" - which is designed to lock Android devices, including smart TVs.
A federal watchdog agency will investigate whether government monitoring of medical device security controls is adequate, it announced in an update of its priorities for the rest of this year. In a separate report, it raised serious concerns about the security of the Washington state Obamacare insurance exchange.