Nearly two dozen security weaknesses in OpenEMR - open source electronic medical record and practice management software - left patient data vulnerable to cyberattacks before most were patched, according to the London-based security research firm Project Insecurity.
The FIN7 cybercrime gang regularly phoned victims, posing as buyers, to trick victims into opening phishing emails and attachments with malware, federal prosecutors allege. The group's success - 15 million stolen payment cards and counting - is one measure of how difficult these types of attacks are to block.
The chief security officer for the U.S. Democratic Party is recommending that all party officials avoid using mobile devices made by Chinese manufacturers ZTE and Huawei. Bob Lord says that even if devices from those manufacturers are free or low cost, no one wants to be the next "patient zero."
Reddit suffered a data breach in June after attackers managed to bypass its SMS-based two-factor authentication system. User data from 2007 and before was compromised. Security experts say the breach should serve as a reminder that using any two-factor authentication is better than none.
Data science is playing a fundamental role in a more dynamic approach to cybersecurity, says Jim Routh, CISO of Aetna, who stresses the importance of applying machine learning to front-line data security controls. Routh will be a featured speaker at the ISMG Security Summit in New York Aug. 14-15.
Alberto Yepez of ForgePoint Capital says cryptocurrency poses new challenges for accommodating the "know your customer" process of confirming that you're "doing business with the people that you want to be doing business with."
Spear phishing attacks are in the news again following the Justice Department's indictment of Russian military intelligence officers for alleged attacks against U.S. politicians and county and state election boards. Here's how to play better phishing defense.
Blockchain, the digital ledger used for cryptocurrency, can serve as an effective identity management platform, asserts Chris Boscolo, CEO of ZNO Labs, who describes an approach he calls "self-sovereign identity."
Timehop, the social media app that resurfaces older social media posts for entertainment, says its ongoing investigation has revealed that an attacker may have compromised more personal information than it previously suspected over the course of a breach that lasted at least seven months.
An Australian company that issues identity cards for access to airports has been notifying applicants and cardholders that their personal information may have been compromised, according to a news report. Australian federal police are investigating.
Timehop, an application that revives older social media posts, says the lack of multifactor authentication on a cloud services account led to a data breach affecting 21 million users. The breach exposed names, email addresses, phone numbers and access tokens Timehop used to read information from accounts.
Humana is notifying individuals in multiple states that the company was a recent target of an "identity spoofing attack" that potentially compromised personal information of its members, including those participating in the health insurer's Go365 wellness programs.
What are hot cybersecurity topics in Scotland? The "International Conference on Big Data in Cyber Security" in Edinburgh focused on everything from securing the internet of things the rise of CEO fraud to the origins of "cyber" and how to conduct digital forensic investigations on cloud servers.
Consumers are more concerned than ever about their identities being compromised, yet they're failing to connect the dots between fear and preventive measures, according to recent research conducted by IDology. John Dancu, the company's CEO, explains the implications for businesses.