When it comes to massive DDoS attacks powered by the likes of a Mirai botnet, "the sky is not falling," says ESET security researcher Cameron Camp. But organizations do need to prepare - and here's where to start.
Leading the latest edition of the ISMG Security Report: The death of former White House Cybersecurity Coordinator Howard Schmidt, and a report on legislation to strengthen the influence of the National Institute of Standards and Technology on federal civilian agencies.
When trying to detect which security events are malicious, analysts have long battled signal-to-noise problems. LogRhythm's James Carder describes how behavioral analytics, case management, security automation and threat intelligence can help.
To meet the increasing customer demands for effective solutions, security vendors must ensure their products work together well, says Dr. Mike Lloyd of RedSeal. This is particularly essential to achieving "digital resilience," the ability to promptly detect and respond to network intrusions, he says.
The European Union's General Data Protection Regulation, which will be enforced beginning in May 2018, will affect organizations throughout the world because it applies to any company that handles Europeans' personal data, says Fred Kost of HyTrust.
With Verizon's data breach investigations team finding that 90 percent of breaches trace to a phishing or other social engineering attack, lead investigator Chris Novak says that using multifactor authentication should be a no-brainer for all organizations.
In the history of data breaches, Cloudflare's recent breach was strikingly unique, in that a software bug caused a random regurgitation of data from server memory. But a postmortem from CEO Matthew Prince should put most people's concerns to rest.
Vice President Mike Pence used a personal AOL email account while governor of Indiana to conduct official business, and his account was hacked. Live by the private email account, die by the private email account?
The Department of Health and Human Services is making progress in improving its information security practices, but it still has gaps that put sensitive data at risk for compromise, according to a new watchdog agency report. Experts say those same gaps are pervasive at many healthcare organizations.
Yahoo CEO Marissa Mayer will lose her cash bonus after an independent investigation into security breaches at the search giant found that the company's senior executives and legal team failed to properly comprehend or investigate the severity of the attacks.
Cloud-connected stuffed animals built by Spiral Toys include an unsecured Bluetooth implementation that could be used to locally spy on anyone near the toys, a security research firm warns. It alleges that Spiral Toys has failed to respond to warnings it began issuing in October 2016.
An attack on a database used by Emory Healthcare for patient appointments is the largest health data breach reported to federal regulators so far in 2017. The incident spotlights a persistent problem facing a growing number of organizations that use misconfigured MongoDB and other similar databases.
Legislation calling on the National Institute of Standards and Technology to develop outcome metrics to show the effectiveness of the NIST Cybersecurity Framework is scheduled to be considered - and likely amended - by a House committee.
Déjà vu "smart toy" information security fail: Spiral Toys, maker of internet-connected CloudPets, is under fire for exposing 821,000 user records online - now being ransomed - as well as links to 2.2 million parents' and children's voice recordings.