Underground cybercrime forums continue to evolve, offering services ranging from cybercrime toolkits and money laundering to bulletproof hosting and a service that reviews exfiltrated data for corporate secrets, says cybersecurity analyst Tom Kellermann of Trend Micro.
CISOs who want to keep more cyber-attacks from succeeding should focus on decreasing the half-life of vulnerabilities, which refers to the amount of time it takes half of all systems affected by a vulnerability to get patched. That's the advice from Qualys' Wolfgang Kandek.
Is a hackable car defective? The auto industry likens hack attacks to troublemaking. But legislators and regulators are taking a closer look at connected cars and the safety risks posed by software bugs.
An appellate court has upheld the Federal Trade Commission's authority to play a key regulatory role in cybersecurity as it relates to the protection of consumer data against breaches. Legal experts evaluate the long-term implications.
To help mitigate the risk that blackmail and extortion campaigns might target employees, employers' security teams must regularly review post-breach data dumps as well ramp up enforcement of their corporate security policies, says Stephen Coty of Alert Logic.
Rand Corp.'s Martin Libicki sees circumstances in which a weaker economy could curtail Chinese cyber spying on U.S. companies. Then again, he says, the Chinese government could see spending money on hacking as an economic stimulus.
The Ashley Madison mega-breach differs from previous breaches not just because of its scale, but also the fallout facing victims of the breached infidelity-focused dating site. Here are the top information security takeaways.
Carilion Clinic, a Roanoke, Va.-based network of hospitals and outpatient facilities, has fired or disciplined 14 employees over a problem common at many healthcare organizations: patient record snooping. Experts discuss how to tackle the challenge.
The outrage directed at Oracle Corp.'s security chief after a recent blog post in which she scolded third parties who scan the company's software looking for security flaws had a familiar ring: Do medical device makers have a similar cybersecurity attitude?
A new report says the Department of Health and Human Services has several security weaknesses that may have contributed to five recent data breaches. But are other healthcare entities guilty of the same mistakes?
With the federal government clearly in the bullseye of hackers, the Department of Veterans Affairs is revamping its cybersecurity strategy under its new CIO, LaVerne Council, who took over the job last month.
Attributing who's behind cyberattacks is essential because it helps organizations build better defenses against future attacks, says Greg Kesner, former chief of the Federal Bureau of Investigation's Data Intercept program.
Human resources departments can play an important role in helping to prevent insider breaches, says Reid Stephan, IT security director at St. Luke's Health System. In an interview, he describes his organization's strategy.
Health data breach statistics for 2015 are stunning. So far this year, just the top five breaches have impacted 99.3 million individuals. And all five involved hacker attacks. Security experts discuss what's going on - and what can be done to mitigate the risks.