Former Yahoo CEO Marissa Mayer may have envisioned spending her post-Yahoo days seeking new work or experimenting with other search engines. Instead, she gets to sit in a Senate hot seat alongside former Equifax CEO Richard Smith, defending past data breach response decisions.
The acting director of the U.S. Office of Personnel Management cites "audit fatigue" as a factor that explains why the federal agency, which experienced a massive data breach in 2015, continues to come up short in securing its information systems.
The ISMG Security Report leads with a discussion about the sale of compromised remote desktop protocol credentials for as little as $3 on darknet marketplaces. Also, grading the performance of DHS in sharing cyberthreat information.
Want to stop the latest cybercrime bogeyman? For the umpteenth time, put in place well-known and proven strategies for repelling online attacks, such as the Australian Signals Directorate's top 4 mitigation strategies for repelling targeted cyber intrusions.
Information Security Media Group's Healthcare Security Summit in New York on Nov. 14-15 will feature a top-notch lineup of more than 40 experts, including leading CISOs, who will explore such issues as battling ransomware, improving medical device security and beefing up breach prevention.
Although far fewer major health data breaches these days involve the loss or theft of unencrypted mobile devices, regulators are reminding healthcare entities to remain vigilant to the risks involved in using laptops and other portable computing devices.
Many enterprises use remote desktop protocol to remotely administer their PCs and mobile devices. But security experts warn that weak RDP credentials are in wide circulation on darknet marketplaces and increasingly used by ransomware attackers.
Nearly 50,000 personal records relating to Australian government employees as well as the employees of two banks and a utility were exposed to the internet due to a misconfigured Amazon storage server. The episode is the latest in a string of large breaches to hit Australia.
"Are we vulnerable to the attacks that are being reported in the media?" All CEOs and boards of directors should be asking that question of their information security team to ensure they don't suffer the same fate - especially when it comes to ransomware outbreaks, says David Stubley of 7 Elements.
A 21-year-old man appeared in British court this week to face 11 charges, including using DDoS attacks to disrupt sites run by Google, Pokemon and Skype, as well as money laundering and selling malware and "crypting services."
To help prevent breaches caused by third parties, organizations need to improve their vendor risk evaluation methods, carefully assessing their business partners' processes and risk mitigation methods, says Anuj Tewari, CISO of HCL Technologies.
As the explosive growth of the internet of things continues, it's essential to take a structured approach to implement security-by-design with secure coding and end-to-end encryption of data, says Mumbai-based Juergen Hase, CEO of Unlimit, the IoT business unit of the Reliance Group.
Following the WannaCry outbreak, the British government says it's increased cybersecurity funding for England's national health service. But in addition to funding shortfalls and poor cybersecurity practices, experts have also blamed management failures, in part by the U.K. government.