In this latest edition of the ISMG Security Report we learn more about certain Siemens medical devices containing vulnerabilities that could allow hackers to remotely execute arbitrary code. Also: a report on Kaspersky Lab dropping its complaint against Microsoft and part 2 of an election security interview.
FireEye says Russia's Fancy Bear hackers are targeting hotel guests with a sneaky attack that leaves no traces and steals network credentials. It involves no malware and is virtually impossible to stop.
Healthcare organizations can learn important lessons - including the need for granular data access control - from the costly proposed settlement of the breach lawsuit against health insurer Anthem, says Bill Fox, a former federal prosecutor.
Leading the latest edition of the ISMG Security Report: An interview with the head of a new cyber initiative to help political campaigns and local, state and federal election officials safeguard America's electoral process. Also, analyzing the evolving characteristics of the healthcare breach.
Security vendors are known to sprinkle hyperbole among their claims. But the strategy has backfired for DirectDefense, which mistakenly cast endpoint protection vendor Carbon Black as a contributor to the "world's largest pay-for-play data exfiltration botnet."
About half of today's cyberattacks are malware-free and don't involve having to write any files to disk, says Dan Larson of Crowdstrike. These attacks get around conventional defenses, such as firewalls and antivirus programs, so they require new defenses, he says.
Data breach truism: So many organizations get breached, and remain breached, but don't find out until months or even years later, says Paul White of the cybersecurity firm Cyber adAPT. He offers insights on speeding reaction time by watching for clues.
It's a red-faced moment for FireEye. The company says an investigation reveals that an attack against an analyst's personal online accounts was enabled by the employee's continued use of compromised login credentials.
The latest edition of the ISMG Security Report leads with a report on the charges brought against Marcus Hutchins, the "accidental hero" who stoped the WannaCry malware outbreak. Also featured: reports on advances in attribution and new legislation to secure vulnerable medical devices.
Maxim Senakh, who was extradited from Finland to the United States to face charges related to Ebury botnet attacks, has been sentenced to serve nearly four years in federal prison, after which he will be deported to his native Russia.
The front line to battle Russian hackers is shifting to American courts, according to the lead story in the latest edition of the ISMG Security Report. Also, malware targets Apple's operating system and a preview of the ISMG Fraud and Breach Prevention Summit in New York.
Security expert Troy Hunt has released a massive data set of compromised passwords that's intended to help web services steer users away from picking those that have already been exposed in data breaches.
Gartner's Avivah Litan, a featured speaker at ISMG's Fraud and Breach Prevention Summit in New York on Aug. 8, says hacker attribution is taking on new importance, as traditional methods of determining attack risk and detection linked to indicators of compromise are no longer effective.
Britain's home secretary claims that "real people" don't really want unbreakable, end-to-end encryption - they just like cool features. Accordingly, she asks, why can't we just compromise and add backdoors, thus breaking crypto for everyone?
FireEye has confirmed that one of its Mandiant breach investigation employee's personal laptops was breached by hackers, and corporate data dumped. The hackers say the leak is the first in a series of "Operation LeakTheAnalyst" attacks against cybersecurity researchers.