Verizon has made a strong case for continual PCI DSS awareness with its new study of payment card data security. But like many vendors that conduct their own studies supporting their business cases, Verizon makes suspect logical stretches.
A list of weak credentials for vulnerable Internet of Things devices has prompted a new effort to notify their owners. The fear is of another mass, IoT-fueled DDoS attack along the lines of last year's Mirai attacks.
Analyzing Donald Trump's cybersecurity policy seven months into his administration highlights the latest edition of the ISMG Security Report. Also, Cybersecurity Coordinator Rob Joyce disses Kaspersky Lab on network TV.
A judge has designated the case against Marcus "MalwareTech" Hutchins, who's been accused of creating and selling the Kronos banking Trojan, as "complex" after his defense requested more time to review chat logs, malware samples and other evidence submitted by prosecutors.
Delaware has become the second state - the first was Connecticut - to require organizations to provide residents one year of free credit monitoring services if their sensitive personal information is compromised in a data breach. Will other states take similar action?
As threats and threat actors multiply and evolve, digital attribution becomes ever more critical, says Gartner's Avivah Litan. She discusses how to approach attribution and also offers her take on the technologies that could help secure U.S. elections.
A report claims British intelligence agency GCHQ knew in advance that the FBI planned to arrest WannaCry "hero" Marcus Hutchins when he visited the United States for the annual Black Hat and Def Con conferences last month. The information security community asks: Is that justice?
At ISMG's recent New York Fraud & Breach Prevention Summit, attendees interacted with technology solution providers and other thought leaders, gaining practical insights on solving real-world problems.
For just $80 per day, would-be cybercrime entrepreneurs can subscribe to Disdain, a new exploit kit that targets now-patched flaws in browsers and plug-ins, including Flash and WebEx. Disdain's debut shows that while exploit kits may have declined, they haven't died out.
How could the private sector benefit from steps federal agencies are taking to improve the cybersecurity of the internet of things and medical devices? In an in-depth interview, two experts at UL who are working closely with the agencies explain the potential impact.
Healthcare organizations can learn important lessons - including the need for granular data access control - from the costly proposed settlement of the breach lawsuit against health insurer Anthem, says Bill Fox, a former federal prosecutor.