Free advice for breached businesses: Once you admit that you've suffered a data breach or that you're investigating a security incident, disseminate that message far and wide so no one can accuse you of trying to cover it up. That's the lesson from an incident at BlowOut Cards, a sports card trading site.
Warning: Drop everything and patch all the Windows things now. That's the alert being sounded by security researchers in the wake of attackers adopting Equation Group attack tools designed to exploit an SMB flaw and install DoublePulsar backdoor.
A look at a Russian-speaking hacker offering novice cybercriminals a cheap way to conduct ransomware attacks leads the latest edition of the ISMG Security Report. Also, hear U.S. Homeland Secretary John Kelly address the cybersecurity challenges the federal government confronts.
The latest chapter in the nonstop WikiLeaks saga: As U.S. government officials continue to ramp up their anti-WikiLeaks rhetoric, President Donald Trump has reportedly directed federal prosecutors to examine ways in which members of WikiLeaks could be prosecuted.
So-called "trust attacks" aren't waged for financial gain. They're waged to compromise data, data integrity and to expose sensitive information. Why Darktrace CEO Nicole Eagan says trust attacks will be among our greatest IoT worries in 2017.
Intercontinental Hotels Group says that in addition to 12 hotels that it directly manages suffering a point-of-sale malware outbreak that began in 2016, 1,200 IHG-branded franchise hotel locations in the United States were also affected.
Biometric adoption and demand by consumers is increasing rapidly. Next-gen solutions now exist for organizations to bring secure, frictionless authentication to their consumers using biometric solutions. Michael Lynch of InAuth shares insights.
To shift from reactive to active defense mode, organizations need to get better at both threat-hunting and incident response. Tim Bandos of Digital Guardian discusses the tools and skills that are needed.
Ransomware is the largest underground cybercriminal business. And like any business, entrepreneurs continue to find new ways to innovate. A Russian hacker has cobbled together a low-end ransomware kit costing just $175, aimed at anyone who seeks a file-encrypting payday.
Enterprise security leaders largely understand the business problems posed by a lack of privileged access management. But understanding and overcoming the obstacles to deploying a successful PAM rollout? That's the real challenge, says Alex Mosher of CA Technologies.
Businesses that fail to block former employees' server access or spot any other unauthorized access are asking for trouble. While the vast majority of ex-employees will behave scrupulously, why leave such matters to chance?
Good news for Microsoft Windows users: The Equation Group exploit tools dumped this month by Shadow Brokers don't work against currently supported versions of Windows, largely thanks to patches Microsoft released in March. But who tipped off Microsoft?
Cyberattackers love not having to reinvent the wheel. At least, that's the tactic favored by the Callisto group, an "advanced threat actor" that's been using leaked Hacking Team spyware to infect targets, says security firm F-Secure.
Too many businesses assume that the internet will be around forever, but that's faulty thinking and an impractical business practice, says Information Security Forum's Steve Durbin, a featured speaker at Information Security Media Group's Fraud and Breach Prevention Summit in Atlanta this month.