Microprocessor makers Intel, ARM and AMD, as well as operating system and software developers and makers of smartphones and other devices, are rushing to prep, test and ship fixes for the serious CPU flaws exploitable via Meltdown and Spectre attacks.
"Replace CPU hardware" might be the only full solution listed by CERT/CC for serious flaws in microprocessors that run millions of PCs, cloud services, servers, smartphones and other devices. Thankfully, many security experts believe patches and workarounds will mostly suffice.
Apparel retailer Forever 21 says point-of-sale systems in some stores were infected by malware for up to seven months, leading to the theft of customers' payment card data. The retailer says deactivated encryption technology on some POS devices exacerbated the severity of its breach.
Information security truisms: 2017 was the year of more cybersecurity - more attacks, more spending, more defenses, more breaches - and 2018 will see more of everything "cyber," plus GDPR enforcement, proxy wars online and more.
The U.S. Securities and Exchange Commission is planning to update its 6-year-old cybersecurity guidance for how publicly traded firms report data breaches to investors. Experts expect the refined guidance to cover insider trading program rules, breach notifications and business models.
Internet of things security alert: An attacker has been attempting to infect hundreds of thousands of Huawei home routers with a variant of the notorious Mirai malware called Satori, security researchers warn. Huawei has confirmed the flaw and issued patches and workarounds for affected users.
Nissan Canada Finance, which provides financing for Nissan and Infiniti vehicle buyers and leasers, is warning 1.13 million current and former customers that their personal information may have been stolen.
New York-Presbyterian has more than 72,000 medical devices from over 1,400 manufacturers, says CISO Jennings Aske. Given that scale, how can a security leader help ensure device cybersecurity? Aske shares his view of what's needed from manufacturers and the government.
The U.S. Food and Drug Administration issued cybersecurity expectations for manufacturers of medical devices. But ow are those expectations being met, and what is the FDA's ongoing role in improving device security? The FDA's Suzanne Schwartz offers an update.
It's been seven years since Dale Nordenberg, a pediatrician, became involved in the drive to improve medical device security. What progress does he see among manufacturers, government agencies and healthcare providers?
To better address security issues, companies in the manufacturing industry need to ensure proper communications between their operational technology and information technology specialists, says RaviKiran Avvaru, head of IT at Toyota Kirloskar.
When it comes to privacy, India faces many challenges, including the need to reduce the amount of time it takes to resolve privacy-related cases, says Vicky Shah, advocate, cyber law and data protection.
Two London-based Romanians recently arrested in Bucharest as part of a roundup of alleged ransomware attackers have been accused of hacking into Washington surveillance cameras and using them as a launchpad for Cerber and Dharma ransomware attacks.
South Korean police investigating the hack of a cryptocurrency exchange are eyeing North Korean hackers as the likely culprits. North Korea has also been tied to recent phishing campaigns and other attacks, including what appears to be the first case of nation-state malware designed to infect point-of-sale devices.