The U.S. Office of Personnel Management promises that it will soon notify 21.5 million individuals that their background-check information was breached. Meanwhile, the government has lined up notification and response services for future needs.
Government agencies used to be the top attack target, as well as the top source of threat intelligence. How did the private sector turn the tables, and what can government do to improve? Rapid7's Wade Woolwine offers insight.
More hackers are exploiting remote-access and network vulnerabilities, rather than installing malware to invade networks and exfiltrate data, says Dell SecureWorks' researcher Phil Burdette. That's why conventional breach-detection tools aren't catching the intrusions.
In the wake of hacker attacks, which have left healthcare providers uncertain about what security steps to take, the Office of the National Coordinator for Health IT is working to help organizations sort out role-based identity and access management issues, says ONC's privacy officer, Lucia Savage.
Policymakers must consider three factors before imposing sanctions in retaliation for state-backed hacks: Confidence in its attribution of responsibility, the impact of the incident and the levers of national power at a state's disposal.
International law enforcement agencies are warning banking institutions and businesses about extortion attacks being waged by an entity known as DD4BC, or DDoS for Bitcoin. They're advising organizations not pay any ransom and to notify their ISPs and law enforcement officials of any threats.
Lizard Squad, which markets the Lizard Stresser distributed denial-of-service attack tool, appears to have targeted the public-facing website of the U.K.'s National Crime Agency in retaliation for its recent DDoS-tool crackdown.
When it comes to healthcare payments, fraud tends to come in two flavors: Organized and opportunistic. What are the biggest gaps in detecting and preventing these schemes? IBM's Robert McGinley shares insight.
If malware infections and data breaches are inevitable, then why should organizations even try to be proactive? Isn't a reactive stance more appropriate? Not so, says Marcin Kleczynski, CEO of Malwarebytes.
The FBI estimates fraud losses linked to so-called business email compromise scams worldwide have exceeded $1.2 billion in less than a year. But some financial fraud experts say the losses from this largely overlooked threat could be even higher.
Underground cybercrime forums continue to evolve, offering services ranging from cybercrime toolkits and money laundering to bulletproof hosting and a service that reviews exfiltrated data for corporate secrets, says cybersecurity analyst Tom Kellermann of Trend Micro.
The departure of Noel Biderman as CEO of Avid Life Media, parent company of the infidelity website Ashley Madison, represents a growing recognition of corporate executives' responsibility for data security.
CISOs who want to keep more cyber-attacks from succeeding should focus on decreasing the half-life of vulnerabilities, which refers to the amount of time it takes half of all systems affected by a vulnerability to get patched. That's the advice from Qualys' Wolfgang Kandek.
Is a hackable car defective? The auto industry likens hack attacks to troublemaking. But legislators and regulators are taking a closer look at connected cars and the safety risks posed by software bugs.