Researchers claim to have discovered information from 6,000 Indian enterprises, including governmental units, for sale on the dark net. But while the National Internet Exchange of India, the apparent source of the information, is attempting to downplay the incident, others are demanding a clear explanation.
The recent Equifax mega-breach demonstrates how essential it is to have a robust, well-tested incident response plan in place that includes a strong public relations component, says Heath Renfrow, CISO at U.S. Army Medicine
Too many organizations continue to address breach response from a reactive mode - having a crude disaster-recovery plan in place in case something "does" happen, rather than accepting that something "will" happen and proactively preparing for it. In this session, a panel of legal, technical and law-enforcement experts...
The chairman of the Securities and Exchange Commission, Jay Clayton, promised the Senate banking committee Tuesday that his agency is pursuing numerous cybersecurity improvements in the wake of a May 2016 breach.
In today's dynamic threat landscape, "real-time" is the operative phrase - and it needs to apply both to threat detection and incident response, says Tim Bandos of Digital Guardian. What are the required security controls and tools?
Yes, malware commonly targets the Windows operating system. But if you limit malware analysis to Windows OS, you're leaving gaping vulnerabilities, says Christopher Kruegel of Lastline Inc. Here's how to maximize your analysis.
Kruegel, CEO of Lastline, says that one common limitation of malware analysis is that...
After a breach, businesses need to know their incident response from their digital forensics. Hint: Forensics enables organizations to know what happened, when and how, to guide incident responders as they defuse the problem, block further exploits and quickly restore all systems and data. Incident response expert...
Who is behind the threats that face your organization? To implement security measures that put your attackers on defense, you must know their profile and motivations.
Download this infographic and learn about:
The motivations of different attackers;
The different tactics attackers deploy;
How threat intelligence...
The U.S. federal government and many states haven't conducted forensic investigations into the election systems probed by hackers prior to the 2016 election. An investigation by the New York Times has found two more providers of election systems that were breached.
Crew error - not hacking - remains the most likely explanation for this week's deadly collision between a U.S. Navy guided-missile destroyer and a merchant oil and chemical tanker off the coast of Singapore, experts say.
Contrary to common assumption, "advanced malware" is not a singular type of superior malicious code or harmful object that can that compromises systems, harvests data or damages corporate networks. Rather, this term describes sophisticated behavior and evasion capabilities that certain strands of malware possess which...
Danish shipping giant Maersk faces losses of $200 million to $300 million as a result of the NotPetya global malware outbreak. Others, including FedEx and household goods manufacturer Reckitt Benckiser, are also beginning to estimate NotPetya's financial impact on their business.
It can be incredibly disruptive and time-consuming to add new security technologies to your network. However, it is vital to continue to advance your organization's ability to detect and respond to advanced malware - especially malware that evades other "advanced" security tools like sandboxes and...
Leading the latest edition of the ISMG Security Report: An interview with the head of a new cyber initiative to help political campaigns and local, state and federal election officials safeguard America's electoral process. Also, analyzing the evolving characteristics of the healthcare breach.
Gartner's Avivah Litan, a featured speaker at ISMG's Fraud and Breach Prevention Summit in New York on Aug. 8, says hacker attribution is taking on new importance, as traditional methods of determining attack risk and detection linked to indicators of compromise are no longer effective.