The Department of Homeland Security is warning IT service providers, healthcare organizations and three other business sectors about a sophisticated cyberattack campaign that involves using stolen administrative credentials and implanting malware on critical systems.
CISOs are increasingly being asked by management and boards to predict what the cost of a breach or cyber incident might be. But most still need to develop good predictive metrics, says Benjamin Dean, president of Iconoclast Tech.
In his world travels, Steve Durbin of the Information Security Forum sees the global cybersecurity industry coming of age. But he also sees the steady maturation of cybercriminals and their schemes. How can organizations best counter the changing threat landscape?
Hackers have reportedly exploited the SS7 mobile telecommunications signaling protocol to drain money from online bank accounts used by O2 mobile phone subscribers. Despite rising security worries relating to SS7, many telcos have yet to explore related fixes.
MDLive has filed a motion to dismiss a class action lawsuit that alleges the telehealth application vendor violated users' privacy by "secretly monitoring, collecting, and transmitting their usage of the app, and sharing it with a third-party vendor."
Organizations have more endpoints today than ever, and securing those endpoints is challenging, because it's rare that any one organization is responsible for all the endpoints that touch its network and servers, says Mike Spanbauer, vice president of research and strategy at NSS Labs.
Score another one for social engineering: A phishing campaign used a bogus "Google Docs" app to trick people into surrendering full access to their Google accounts and contacts. Before Google squashed the campaign, up to 1 million of its users may have fallen victim.
Here are five cyber-related takeaways from FBI Director James Comey's testimony before the Senate Judiciary Committee, including his rationale on notifying Congress of his decision to reopen the probe of Hillary Clinton's use of a private email server and steps the bureau is taking to defend against the insider threat.
Travel industry software giant Sabre has alerted hotels that its software-as-a-service SynXis Central Reservations system - used by more than 36,000 properties - was breached and payment card data and customers' personal details may have been stolen.
To help ensure that data is properly protected, the Ministry of Electronics and information Technology has mandated that all cloud service providers that handle government data store it on servers in India and not in other countries.
IBM and Lenovo have issued a security alert, warning that they inadvertently shipped malware-infected USB flash drives to some customers who use their Storwize hardware. The malware, known as Reconyc, is designed to install additional attack code on infected endpoints.
Make sure your Amazon S3 buckets have no holes. A California vehicle financing company has learned the hard way after exposing up to 1 million records online related to auto loan holders, according to a researcher's report.
Chipmaker Intel has issued a security alert for a flaw that has existed in many of its non-consumer CPUs for a decade. The flaw could be remotely exploited by attackers, using Intel's own remote-management tools, to access devices, install malware and breach networks.