Medical device cybersecurity scrutiny usually focuses on potential patient safety issues. But vulnerabilities identified in a cardiac pacemaker programming device illustrate the risks also posed to patient data privacy, says Billy Rios, a researcher who discovered the problem.
Anti-virus vendor Kaspersky Lab says that an internal probe has confirmed that in 2014 a PC running its anti-virus software flagged and submitted new Equation Group APT malware variants. But after an analyst realized the provenance of the source code, the firm says its CEO ordered that it be immediately deleted.
DataBreachToday Executive Editor Mathew J. Schwartz's examination of the growing threats facing the critical energy sector leads the latest edition of the ISMG Security Report. Also in this report: A discussion of safeguarding the telehealth marketplace.
Security companies are warning that a global attack using compromised IoT devices may be coming soon. Check Point says one million organizations are running a device infected with IoTroop, also known as Reaper, which is botnet code that perhaps is related to Mirai but spreads in a much different way.
A hacker exploited an unpatched, 12-month-old flaw in a small Australian defense contractor's IT help desk and stole data for the country's F-35 Joint Strike Fighter program, among other secrets, the Australian government has warned.
In response to nation-state attackers targeting its account users, Google reportedly is planning to offer stronger authentication to politicians, corporate executives and other at-risk individuals as part of a service called the Advanced Protection Program.
The attack landscape has fundamentally changed; the threat today is human-orchestrated campaigns against specific targets. These attackers are more skillful; they use any combination of overwhelming force or carefully crafted entry points to disguise their tracks until it's too late. Defenders must fundamentally...
A zero-day vulnerability in Apple's built-in password manager can be exploited, allowing attackers to steal all stored credentials in clear-text format, a security researcher warns. The flaw affects the latest version of macOS - High Sierra - plus one or more prior versions.
Advanced threats are overwhelming both IT organizational bandwidth and the capabilities of legacy antivirus tactics, particularly as the increasing number of endpoint devices used by employees expands attack surfaces.
How are organizations responding?
Download this study from Forrester and learn why:
Single-target attacks are not 'one size fits all' - they require specialized knowledge and detailed information on the target. Targeted attacks are also dynamic, able to change their behavior and digital 'appearance' during the course of an attack.
It's not a surprise then that many enterprises have already been...
Every endpoint protection technology has its advantages and disadvantages. That's what makes the multi-layered approach so important. If a malicious file happens to get past one layer of security it is backed up by the capabilities of several more layers of defence, each relying on a different style of protection and...
Attackers are increasingly hacking into banks' networks to gain access to the IT infrastructure connected to their ATMs, security experts warn. Attackers push malware onto ATMs that's designed to allow money mules to "jackpot" or "cash out" the machines, then delete itself.
Researchers investigating the CCleaner malware outbreak have had a lucky break: The attackers' backup server shows that they pushed secondary malware onto systems at Intel, VMware, Fujitsu and Asus, among others, as part of what appears to be a very targeted attack campaign.
Freedom of Information requests sent to 430 U.K. local government councils by Barracuda Networks found that at least 27 percent of councils have suffered ransomware outbreaks. Thankfully, almost none have paid ransoms, and good backup practices appear widespread.
The perimeter continues to dissolve, and the definition of endpoint is evolving, according to results of the SANS 2016 Endpoint Security Survey, now in its third year. In it, respondents say their organizations continue to connect new and different types of endpoints, including point-of-sale (POS) devices, printers,...