Intel has had a challenging time lately on the vulnerability front. It has issued yet another patch for its Management Engine after a researcher was able to extract two types of encryption keys. The problem was a repeat of one that Intel patched just last year.
The new Apple Watch 4, which includes a sensor that can conduct an electrocardiogram, spotlights the emergence of consumer apps that appear to cross over into the territory of medical devices, raising potential cybersecurity concerns.
Effective "SecOps" involves revamping security processes that are inconsistent and ad hoc to make them targeted and consistent, says Rapid7 CEO Corey Thomas, who describes the roles of automation and orchestration.
Security technology innovations entering the market are getting attached as features to an infrastructure that is fundamentally broken and an enforcement model that cannot operate in real time, says Matthew Moynahan, CEO at Forcepoint.
U.S. prosecutors have accused a 34-year-old North Korean man of involvement in some of the most destructive and profitable cyberattacks ever seen, including the WannaCry ransomware outbreak, the Sony Pictures Entertainment breach and the theft of $81 million from Bangladesh Bank.
Intelligence adaptive authentication represents the latest advance in authentication and risk analysis - with a dose of machine learning - to help organizations authenticate users and battle fraud in real time, says OneSpan's Will LaSala.
Organizations should be on guard for attacks involving an apparent variant of Hermes ransomware - dubbed Ryuk - that attempts to encrypt network resources. It has already victimized several global organizations in the U.S. and elsewhere, according to a federal alert, which offers mitigation advice.
Increasingly, threat hunting is a practice that enterprises want to understand and implement. But it is not always feasible to do so in-house, given the demand for resources and skills. That's where managed threat hunting enters, says CrowdStrike's Jennifer Ayers.
Canada, which has a head start on the adoption of digital payments, has learned some valuable security lessons that could be beneficial to the U.S., says Gord Jamieson of Visa. He'll be a featured speaker at ISMG's Fraud & Breach Prevention Summit: Toronto, to be held Sept. 11-12.
A recent hacker attack targeting a revenue cycle management software and services vendor, which impacted more than 31,000 patients at 11 healthcare organizations, illustrates the potentially broad security risks posed by business associates.
Keeping endpoint security up to date is a struggle for small to mid-sized companies that have less resources than larger companies, yet have the same risk of attack. And that risk is only increasing. In 2017, the number of ransomware attacks increased by 30x and the number of breaches increased by 40%.
While tech-support scams have proliferated for years, the FBI says losses tied to such fraud are now higher than ever. Google has pledged to crack down on fake tech-support listings. But fraudsters regularly employ a variety of channels, including cold calls, pop-up windows and phishing emails.