Security vendors are known to sprinkle hyperbole among their claims. But the strategy has backfired for DirectDefense, which mistakenly cast endpoint protection vendor Carbon Black as a contributor to the "world's largest pay-for-play data exfiltration botnet."
The federal tally that lists major health data breaches has hit a new milestone: More than 2,000 breaches have been reported since September 2009. And the tally shows a significant shift in the kinds of breaches being reported.
Nationwide Mutual Insurance Co. will pay a $5.5 million settlement and update its security practices as a result of an agreement with attorneys general in 32 states and the District of Columbia in the wake of a 2012 data breach affecting more than 1.2 million individuals.
About half of today's cyberattacks are malware-free and don't involve having to write any files to disk, says Dan Larson of Crowdstrike. These attacks get around conventional defenses, such as firewalls and antivirus programs, so they require new defenses, he says.
Data breach truism: So many organizations get breached, and remain breached, but don't find out until months or even years later, says Paul White of the cybersecurity firm Cyber adAPT. He offers insights on speeding reaction time by watching for clues.
It's a red-faced moment for FireEye. The company says an investigation reveals that an attack against an analyst's personal online accounts was enabled by the employee's continued use of compromised login credentials.
The latest edition of the ISMG Security Report leads with a report on the charges brought against Marcus Hutchins, the "accidental hero" who stoped the WannaCry malware outbreak. Also featured: reports on advances in attribution and new legislation to secure vulnerable medical devices.
Maxim Senakh, who was extradited from Finland to the United States to face charges related to Ebury botnet attacks, has been sentenced to serve nearly four years in federal prison, after which he will be deported to his native Russia.
The front line to battle Russian hackers is shifting to American courts, according to the lead story in the latest edition of the ISMG Security Report. Also, malware targets Apple's operating system and a preview of the ISMG Fraud and Breach Prevention Summit in New York.
Security expert Troy Hunt has released a massive data set of compromised passwords that's intended to help web services steer users away from picking those that have already been exposed in data breaches.
Gartner's Avivah Litan, a featured speaker at ISMG's Fraud and Breach Prevention Summit in New York on Aug. 8, says hacker attribution is taking on new importance, as traditional methods of determining attack risk and detection linked to indicators of compromise are no longer effective.
Some experts say a federal appeals court's overturning of a lower court's decision to dismiss a class action lawsuit filed against health insurer CareFirst in the wake of a cyberattack could be precedent-setting.
Britain's home secretary claims that "real people" don't really want unbreakable, end-to-end encryption - they just like cool features. Accordingly, she asks, why can't we just compromise and add backdoors, thus breaking crypto for everyone?
FireEye has confirmed that one of its Mandiant breach investigation employee's personal laptops was breached by hackers, and corporate data dumped. The hackers say the leak is the first in a series of "Operation LeakTheAnalyst" attacks against cybersecurity researchers.