The process of managing software vulnerabilities inside the enterprise is complicated by the sheer number of patches that must be assessed, applied, tested and rolled out, says Wolfgang Kandek of Qualys, who offers suggestions on how to better focus those efforts.
Australia's postal service is researching the use of the public cryptographic ledger known as blockchain for e-voting applications, but experts cast doubt on whether the approach would help resolve the many worries around internet voting.
If leading intelligence agencies can seemingly hack a wide variety of IT gear, what hope is there for enterprise security? Experts describe how organizations should respond to the recent dump of attack tools from the Equation Group, which is widely believed to be tied to the NSA.
Ransomware gangs increasingly target organizations - including hospitals and banks - that might be able to recover from such attacks, but not in a timely manner, says Verizon's Mark Rasch. Learn how well-honed incident response plans can help.
Too often when organizations get shaken down by online criminals, they panic, and in the process make the predicament they're facing even worse, warns digital forensic investigator Ondrej Krehel in this video interview.
In this video interview, Global Cyber Alliance CEO Phil Reitinger explains how the vastness and complexity of the internet creates cyber vulnerabilities, but one day those same characteristics, if used properly, could mitigate cyber threats.
The Equation Group tools released by the Shadow Brokers have revealed that the U.S. National Security Agency has been able to decrypt any traffic sent using a Cisco PIX device. While Cisco no longer supports the devices, more than 15,000 remain in use.
Eighty percent of the Android ecosystem - an estimated 1.4 billion devices - is vulnerable to an attack affecting TCP. While the flaw has been patched in Linux, Android remains vulnerable, although Google is aware of the issue.
Agari's John Wilson doesn't just fight email fraud schemes - he also is the occasional target. What have the fraudsters inadvertently taught him about their latest tactics? And how can these lessons help organizations to improve their defenses? Find out in this video interview.
USB devices and ports pose serious risks, and they aren't going away anytime soon. But researchers say they've developed a way to block malicious actions by USB devices to help prevent attacks such as "BadUSB."
Police have arrested an employee of U.K.-based accountancy and business software developer Sage Group after a data breach. Meanwhile, a report has emerged that some customers are using its software in an unsecured manner.
Medical device cybersecurity must be recognized as a critical public health issue so that all segments of the healthcare sector understand their roles in addressing the many complicated challenges involved, says Dale Nordenberg, M.D., of the Medical Device Innovation, Safety and Security Consortium.
Hear ISMG editors untangle the various elements in the Shadow Brokers-Equation Group saga, evaluate a new anti-ransomware tool and reflect on the 10th anniversary of the PCI Security Standards Council in this edition of the ISMG Security Report.