Security companies are warning that a global attack using compromised IoT devices may be coming soon. Check Point says one million organizations are running a device infected with IoTroop, also known as Reaper, which is botnet code that perhaps is related to Mirai but spreads in a much different way.
Want to infect systems used by a large swath of cybersecurity professionals in one go? Then use a malicious decoy document to target potential attendees of a NATO and U.S. Army conference on "The Future of Cyber Conflict" being held in Washington.
The Kaspersky Lab saga raises questions about how vulnerable any anti-virus products and back-end cloud networks might be to hacking. Asked to describe exactly what security controls they offer, here's how 17 anti-virus firms answered - or have yet to answer.
Will all of the anonymously lobbed U.S. government allegations against Moscow-based security vendor Kaspersky Lab send anti-virus users running for the hills? Don't let it, one security expert says, noting that ditching AV would be a gift to cybercriminals and intelligence agencies alike.
A lawn mower engine manufacturer's notification to federal regulators of a health data breach impacting thousands of its workers highlights the HIPAA compliance duties for businesses that are self-insured for healthcare.
An in-depth look at the DMARC anti-spoofing system - which the U.S. Department of Homeland Security this past week said it will require federal agencies to adopt - leads the latest edition of the ISMG Security Report. Also, continuous monitoring of the insider threat.
A class action lawsuit claims that thousands of employees of a home healthcare firm were harmed by the disclosure of their personal information as a result of a business email compromise scam. Earlier, regulators fined the company for another breach.
The FBI is asking all U.S. victims of DDoS attacks to please come forward. The bureau's plea for more information from cyberattack victims parallels similar requests made this week by British authorities speaking at ISMG's Fraud and Breach Prevention Summit in London.
Researchers say they've identified faulty cryptographic code in microchips made since 2012 by Infineon Technologies, posing risks to government-issued smartcards, consumer laptops, authentication tokens and more.
To be successful, the quest to mitigate insider threat risks must start at the time employees are hired and continue as they move into different positions requiring varying degrees of data access, says Suzanne Widup of Verizon Enterprise Solutions.
A new directive from the U.S. Department of Homeland Security elevates federal agencies' email security to the DMARC standard that's widely adopted by commercial email providers, including Google, Yahoo and Microsoft.
Can U.S. law enforcement use a warrant to seize emails stored outside the U.S. by a cloud services provider? That's the question the Supreme Court has agreed to consider next year. Microsoft continues to fight an order to turn over emails stored in an Irish data center.
A look at President Donald Trump's pick for the Department of Homeland Security secretary, Kirstjen Nielsen, leads the latest edition of the ISMG Security Report. Also featured: Equifax's and TransUnion's problem with dubious code.
An apparently misconfigured Amazon repository that exposed on the web medical data for approximately 150,000 patients serves as another important reminder of the need to protect cloud-based health information from being inadvertently accessible to the public.
A Belgian security researcher has discovered a "serious weakness" in the WPA2 security protocols used to encrypt many WiFi communications. Attackers can exploit the flaws to eavesdrop as well as potentially inject code such as malware or ransomware into WiFi-connected systems. Prepare for patches.