For just $80 per day, would-be cybercrime entrepreneurs can subscribe to Disdain, a new exploit kit that targets now-patched flaws in browsers and plug-ins, including Flash and WebEx. Disdain's debut shows that while exploit kits may have declined, they haven't died out.
How could the private sector benefit from steps federal agencies are taking to improve the cybersecurity of the internet of things and medical devices? In an in-depth interview, two experts at UL who are working closely with the agencies explain the potential impact.
In this latest edition of the ISMG Security Report we learn more about certain Siemens medical devices containing vulnerabilities that could allow hackers to remotely execute arbitrary code. Also: a report on Kaspersky Lab dropping its complaint against Microsoft and part 2 of an election security interview.
FireEye says Russia's Fancy Bear hackers are targeting hotel guests with a sneaky attack that leaves no traces and steals network credentials. It involves no malware and is virtually impossible to stop.
Healthcare organizations can learn important lessons - including the need for granular data access control - from the costly proposed settlement of the breach lawsuit against health insurer Anthem, says Bill Fox, a former federal prosecutor.
Leading the latest edition of the ISMG Security Report: An interview with the head of a new cyber initiative to help political campaigns and local, state and federal election officials safeguard America's electoral process. Also, analyzing the evolving characteristics of the healthcare breach.
Security vendors are known to sprinkle hyperbole among their claims. But the strategy has backfired for DirectDefense, which mistakenly cast endpoint protection vendor Carbon Black as a contributor to the "world's largest pay-for-play data exfiltration botnet."
About half of today's cyberattacks are malware-free and don't involve having to write any files to disk, says Dan Larson of Crowdstrike. These attacks get around conventional defenses, such as firewalls and antivirus programs, so they require new defenses, he says.
Data breach truism: So many organizations get breached, and remain breached, but don't find out until months or even years later, says Paul White of the cybersecurity firm Cyber adAPT. He offers insights on speeding reaction time by watching for clues.
It's a red-faced moment for FireEye. The company says an investigation reveals that an attack against an analyst's personal online accounts was enabled by the employee's continued use of compromised login credentials.
The latest edition of the ISMG Security Report leads with a report on the charges brought against Marcus Hutchins, the "accidental hero" who stoped the WannaCry malware outbreak. Also featured: reports on advances in attribution and new legislation to secure vulnerable medical devices.
Maxim Senakh, who was extradited from Finland to the United States to face charges related to Ebury botnet attacks, has been sentenced to serve nearly four years in federal prison, after which he will be deported to his native Russia.
The front line to battle Russian hackers is shifting to American courts, according to the lead story in the latest edition of the ISMG Security Report. Also, malware targets Apple's operating system and a preview of the ISMG Fraud and Breach Prevention Summit in New York.
Security expert Troy Hunt has released a massive data set of compromised passwords that's intended to help web services steer users away from picking those that have already been exposed in data breaches.
Gartner's Avivah Litan, a featured speaker at ISMG's Fraud and Breach Prevention Summit in New York on Aug. 8, says hacker attribution is taking on new importance, as traditional methods of determining attack risk and detection linked to indicators of compromise are no longer effective.