The Financial Industry Regulatory Authority, a private organization that helps self-regulate brokerage firms and exchange markets in the U.S., warns that a "widespread, ongoing" phishing campaign is targeting its members.
Security and risk experts from Forrester and Neustar advise on what you need to know about today's cyberthreats, including website vulnerabilities, APIs, third-party party scripts, nefarious bots and DDoS attacks.
Forget "whitelists" and "blacklists" in cybersecurity. So recommends Britain's National Cyber Security Center, in a bid to move beyond the racial connotations inherent to the terminology. Henceforth, NCSC - part of intelligence agency GCHQ - will use the terms "allow list" and "deny list." Will others follow?
Over the course of three days, ISMG and SecureAuth teamed up for a series of virtual roundtable discussions on the future of identity security. Bil Harmer of SecureAuth reflects on these discussions and how they inform his view of the factors influencing both the present and future of identity.
The Department of Health and Human Services has yet to implement dozens of "high priority" recommendations, including several related to enhancing its cybersecurity and reducing the risk of fraud, according to a new report from the GAO, which made the recommendations.
Done right, a zero trust architecture can reduce the complexity of one's environment while also improving cybersecurity protection and efficiency. Bob Reny of ForeScout focuses on three critical considerations: visibility, compliance and control.
Technology is no panacea, including for combating COVID-19. While that might sound obvious, it's worth repeating because some governments continue to hype contact-tracing apps. Such apps won't magically identify every potential exposure. But they could make manual contact-tracing programs more effective.
The Cybersecurity and Infrastructure Security Agency is reminding government agencies to continue using an approved DNS resolution service at a time when a large portion of the federal workforce has been shifted to home offices because of the COVID-19 pandemic.
A sophisticated, highly targeted phishing campaign has hit high-level executives at more than 150 businesses, stealing confidential documents and contact lists, says security firm Group-IB. The campaign, which targets Office 365 users, appears to trace to attackers operating from Nigeria and South Africa.
With more employees working remotely and a much heavier demand for telehealth services, entities need to consider extra, accelerated steps in keeping data and systems secure, says Martin Littmann, Kelsey-Seybold Clinic CISO, and Stephen Moore, a former security leader at Anthem.
A shareholder has filed a lawsuit against LabCorp and 12 of its executives and directors - including the medical testing company's CIO - over two data breaches, including the 2019 breach of one of its vendors, American Medical Collection Agency, which affected millions of patients.
A federal court recently granted final approval for an $8.9 million settlement of a class action lawsuit against Banner Health stemming from a 2016 data breach. The settlement spells out steps the Phoenix-based organization must take to improve information security.
What should an enterprise do when someone reaches out and claims to have the company's data or information about a breach? Although it can be a delicate situation to manage, there are sound approaches enterprises can take, says data breach expert Troy Hunt.
Four CISOs, two CEOs, one global crisis. These are the ingredients for an exclusive panel discussion on how enterprises have emerged from the cybersecurity challenges of COVID-19 and how they are building the foundation for an entirely new way to live and work post-pandemic.