Researchers from Tenable Security claim they have found what is essentially a skeleton key for an ID and access control system that could open the doors for anyone, plus other less severe but nonetheless zero-day vulnerabilities.
The recent exposure of customer data on the website of Singapore Airlines as a result of a software bug is further evidence of the persistent challenge of adequately addressing security during the development stage.
The organization that manages IT for Singapore's public healthcare sector says it has terminated, demoted or financially penalized several employees for their roles in the handling of a 2017 cyberattack on SingHealth, the nation's largest healthcare group. What do U.S. security experts think of these measures?
The Trump administration has launched a public awareness campaign, spearheaded by the National Counterintelligence and Security Center, urging the U.S. private sector to better defend itself against nation-state hackers and others who may be trying to steal their sensitive data or wage supply chain attacks.
Data integrity issues can arise in the wake of a ransomware attack. Case in point: A California podiatrist practice hit by ransomware reports that patient files were possibly "altered" or "corrupted." Security specialists weigh in on what might have happened and offer prevention and detection insights.
In this edition of the ISMG Security Report, former federal CISO Gregory Touhill explains why a zero-trust security model is essential, and Ron Ross of NIST describes initiatives to protect critical infrastructure from IoT vulnerabilities.
As a general rule, negligent incidents are far more common than malicious ones. Negligent insiders are employees that unintentionally jeopardize security, often through well-intentioned ignorance, laziness, or simple human error.
While many security teams make the mistake of focusing exclusively on would-be malicious...
The vast majority of new devices joining your networks aren't designed to support management agents - creating a serious visibility and risk gap. And this gap further widens as cloud computing extends to the furthest corners of the distributed network.
Closing this visibility gap is the most effective way to...
Protecting the Department of Health and Human Services' systems, data - and program beneficiaries - from evolving cyberthreats is a top challenge for the agency, according to a new report that recommends action items.
In this report, we provide an overview of current vulnerability disclosure trends and insights into real-world vulnerability demographics in enterprise environments. We analyze vulnerability prevalence in the wild,
based on the number of affected enterprises, to highlight vulnerabilities that security practitioners...
A vulnerability is only as bad as the threat exploiting it and the impact on the organization. Security and risk management leaders should rate vulnerabilities on the basis of risk in order to improve vulnerability management program effectiveness.
Gartner receives frequent inquiries from clients who are...
More than two weeks after announcing that the Obamacare website, HealthCare.gov, had been hacked, the Department of Health and Human Services has revealed that the breach exposed a wealth of information, including partial Social Security numbers and immigration status.
Hackers behind the FASTCash ATM cash-out attack campaign - tied by the U.S. government to North Korea - use Trojan code designed to exploit bank networks running outdated versions of IBM's AIX Unix operating system, Symantec warns.
The days of effective CISOs being pure-play technologists are long gone. Instead, CISO Paul Swarbrick says the role demands someone who is expert "in people, and management and risk," and who is skilled at bringing to bear the right experts for every strategic challenge they identify.