The latest edition of the ISMG Security Report features Barbara Simons, co-author of the book "Broken Ballots," discussing why she believes it's a "national disgrace" that some states are relying on computer voting with no provision for recounts. Also: Update on breach lawsuit against Premera Blue Cross.
Unknown attackers are intercepting every piece of data handled by more than 7,500 routers made by MikroTik, while also using another 239,000 compromised routers to serve as proxies, researchers say. It's a continuation of a wave of attacks that exploit a vulnerability patched by MikroTik in April.
The Reserve Bank of India, the nation's central bank, is launching a number of efforts to help bolster the cybersecurity of banks. Those include encouraging banks to use access control management and install security operations centers. But critics say the measures aren't bold enough and offer other suggestions.
A recent incident involving a chronic care management company spotlights how paying a ransom to recover decryption keys from ransomware attackers can put sensitive data at additional risk. Security experts offer insights on how to prepare for the many challenges posed by attacks.
Enterprise incident response teams tend to lack a diversity of skills and attention to education and testing, says Anne Marie Zettlemoyer, a security strategist who sits on the board of SSH Communications Security. She offers advice on how to make these teams more aligned and effective.
Plaintiffs in a class action suit against Premera Blue Cross allege the company willfully destroyed a computer that may have shown that attackers actually removed data from its systems during a 2014 intrusion. Premera contends the computer, dubbed A23567-D, was "unintentionally" tagged end of life and destroyed.
It's less than 10 weeks until your country's elections; do you know where your government's information warfare defenses and election security strategy are? The FBI says it's moving to counter information operations, while DHS is bolstering election security. But will it be enough?
Police in Shanghai are investigating the apparent loss of 130 million customers' personal details from Huazhu Hotels Group. The data exposure may trace to the Chinese hotel group's developers accidentally uploading to GitHub access credentials for a production database.
Air Canada is forcing 1.7 million mobile app account users to reset their passwords after it detected unusual login behavior that it says may have exposed 20,000 accounts, including passport information. But the company is enforcing password complexity rules that experts advise against.
Microsoft appears set to patch a zero-day local privilege escalation vulnerability after a researcher published proof-of-concept exploit code for the flaw. That's a relatively rare turn of events these days, owing to Microsoft's bug bounty program rules.
Three months after the EU's General Data Protection Regulation went into full effect, the U.K.'s data privacy watchdog says that the number of data protection complaints it has received from individuals has nearly doubled.
A previously unnamed U.S. energy company that agreed to a record $2.7 million settlement after it left 30,000 records about its information security assets exposed online for 70 days in violation of energy sector cybersecurity regulations has been named as California utility PG&E.