Microsoft's IoT platform, Azure Sphere, which launched in February, is the company's bet to address the growing security and management problems around connected devices. A three-month bug bounty program for the platform resulted in resolving a number of vulnerabilities and awarding $374,000 in bounties.
When it comes to a breach and exposed data, a Digital Risk Protection program represents a way to reduce the potential damage. Tyler Carbone of Terbium Labs outlines the essential elements and use cases of a mature DRP program.
Ransomware has emerged as the No. 1 online threat targeting public and private organizations this year. Seeking maximum returns, more gangs have moved beyond opportunistic attacks to target organizations with "post-intrusion ransomware." Meanwhile, many victims fail to report such crimes to police.
Microsoft is warning that hackers with connections to Iran, as well as other threat actors, are attempting to exploit a critical vulnerability in Windows Server dubbed Zerologon, for which it has issued a partial patch.
Security researchers with the Chinese company Qihoo say they've spotted a new IoT botnet that brute forces telnet ports on routers and other devices and is coded with a command to erase infected devices.
A recent ransomware attack on a provider of software used by firms involved with COVID-19 vaccine development and other drug clinical trials illustrates increasing cyberthreats facing medical industry supply chain partners.
2020's health crisis has created an unexpected boom in telemedicine initiatives. But with this rapid innovation and adoption comes a corresponding uptick in fraud. Dean Nicolls of Jumio Corporation talks about how improving identity verification can help curb the trend.
Organizations around the world must build stronger cyber resilience programs to help ensure they can bounce back from cyberattacks, says Craig Rice, group director of cyber resilience at Aviva, a British multinational insurance firm, who describes how regulatory requirements will evolve.
Using intrusive technologies to check staff behavior in an effort to fight against supply chain fraud is ineffective, says Richard Dailly, managing director in Hong Kong at the security firm Kroll, who explains why.
Privacy regulators in Germany have slammed clothing retailer H&M with a $41 million fine for collecting and retaining private employee data in violation of the EU's General Data Protection Regulation. H&M has apologized, instituted changes and promised to financially compensate employees.
Organizations in all sectors need to end "the dichotomy between privacy and security" and avoid a checklist approach to privacy protection, says digital ethics expert Ivana Bartoletti, who explains why ensuring customers' privacy is essential to a company's survival.
Eight months after Microsoft issued a critical security update fixing a remote code execution flaw in Exchange Server, more than half of these mail servers in use remain vulnerable to exploits, according to the security firm Rapid7.