In the wake of WannaCry, there's a critical new flaw in Samba, which provides Windows-based file and print services for Unix and Linux systems. Security experts say the flaw is trivial to exploit. US-CERT recommends immediate patching or workarounds.
A number of media reports have recently suggested there's a "link" between WannaCry and the Lazarus hacking group, implying that North Korea authorized the ransomware campaign. But based on the evidence available so far, it's much too early to attribute the attacks to anyone.
A New York City hospital has paid a hefty HIPAA settlement to federal regulators for privacy breaches that impacted just two patients but involved the impermissible disclosure of sensitive medical information, including HIV status.
Target has reached a record settlement agreement with 47 states' attorneys general over its 2013 data breach. The breach resulted in hackers compromising 41 million customers' payment card details and contact details for more than 60 million customers being exposed.
DSCI is working with the FIDO Alliance in an effort to eliminate the use of passwords for authentication in India. But some security practitioners question whether that's a realistic approach that will prove effective. go
The Donald Trump administration, in its fiscal 2018 budget, outlines steps it contends would strengthen the U.S. federal government's information systems, even as it would cut some cybersecurity spending at specific agencies.
The WannaCry ransomware outbreak showcases the problem: Security pros are overwhelmed by vulnerabilities that could be simple to mitigate, if only they had the right info at the right time. Humphrey Christian of Bay Dynamics discusses how to improve vulnerability risk management.
The WannaCry ransomware outbreak was a huge "wake-up call" for the global information security community, says Dan Schiappa of Sophos. It's time to patch those legacy systems and prepare for the inevitable next big crimeware scare, he says.
The Trump administration's detailed budget proposal for fiscal 2018 calls for hefty cuts for the two Department of Health and Human Services agencies responsible for health data privacy and security issues, including HIPAA enforcement. What's the potential impact?
Voice biometrics: Is it good enough to protect people's bank accounts? Also, the ISMG Security Report goes to Belfast, Northern Ireland, for this year's OWASP AppSec Europe conference, including a visit to the Titanic museum - hopefully not a metaphor for the discipline.
A watchdog agency's audit of Virginia's Medicaid information systems found security weaknesses that could potentially leave beneficiaries' data vulnerable. Security experts say the audit's recommended improvements are needed at many healthcare organizations.
Good news for many victims of WannaCry: Free tools developed by a trio of French security researchers can be used to decrypt some PCs that were forcibly encrypted by the ransomware, if the prime numbers used to build the crypto keys remain in Windows memory.