The latest ISMG Security Report leads off with a segment in which Managing Editor Jeremy Kirk explains that the massive Yahoo breach not only exposed the accounts of a half-billion customers, but also the weaknesses in the way enterprises employ hashed passwords.
Ransomware attacks are surging because attackers have perfected their techniques while enterprises in all sectors have failed to address critical security shortcomings, says Raimund Genes, CTO at Trend Micro.
Have you been the target or victim of ransomware-wielding attackers? The FBI wants individuals and businesses to report ransomware attacks to help it better pursue, disrupt and potentially arrest suspects.
Internet of Things alert: Many embedded systems contain hardcoded cryptographic credentials that attackers could use to seize control of the devices or crack encrypted website traffic. And the problem is only getting worse, says security firm SEC Consult.
The National Institute of Standards and Technology is moving ahead with an initiative to create standards for cryptographic algorithms for small computing devices, such as those found in automobiles, control systems, smart grids and the Internet of Things.
Tens of thousands of Cisco Adaptive Security Appliance devices remain vulnerable to a zero-day exploit released last month as part of the Equation Group toolset dump by Shadow Brokers, according to scans conducted by security firm Rapid7.
An increasing number of sophisticated, high-performance security and content-aware devices are at layers 4
through 7. This calls for, among other things, even greater sophistication of network emulation from test equipment. When Layer 4-7 devices are not properly tested, they face a greater risk for failure within...
In their quest for easy ways to extort victims into giving them bitcoins, cybercriminals continue to double down on crypto-ransomware attacks and increasingly target enterprises, seeking proportionally higher paydays.
How well do you know your vendors and the risk they pose? The scope of vendors you need to assess is rising constantly. At the same time, there is more scrutiny than ever on data security and privacy. These factors create greater shared risk where organizations can be held liable for their vendors' actions. To get a...
You've gone back and forth on encryption, its benefits and challenges, and you've made the decision: to keep your data truly safe, your organization needs encryption. So what now? You've got options available, but what is the best, safest way to implement encryption without disrupting your users' workflow and...
Enterprises must have meaningful conversations about business risk at all levels and across every department. Risk scoring is a fundamental way of normalizing risk to make sense of complex and disparate data. It enables you to standardize reporting, streamline workflows and communicate risk clearly to stakeholders....
The Equation Group tools released by the Shadow Brokers have revealed that the U.S. National Security Agency has been able to decrypt any traffic sent using a Cisco PIX device. While Cisco no longer supports the devices, more than 15,000 remain in use.
Eighty percent of the Android ecosystem - an estimated 1.4 billion devices - is vulnerable to an attack affecting TCP. While the flaw has been patched in Linux, Android remains vulnerable, although Google is aware of the issue.