Kyle Neuman, managing director, SAFE Identity

Identity Verification in Healthcare: Revamping a Framework

Marianne Kolbasuk McGee • May 29, 2020

A 15-year-old identity framework originally designed for narrow use by pharmaceutical companies is being revamped and updated for broader use in healthcare, says Kyle Neuman, managing director of SAFE Identity, an industry consortium and certification body that's coordinating the project.

COVID-19

Apple, Google Release Contact-Tracing APIs for COVID-19

Latest

Cybercrime

Top Ransomware Attack Vectors: RDP, Drive-By, Phishing

Mathew J. Schwartz • May 29, 2020

Ransomware-wielding attackers are typically breaking into victims' networks using remote desktop protocol access, phishing emails or malware that's sometimes used in drive-by attacks against browsers, experts warn, advising organizations to make sure they have the right defenses in place.

Cybercrime

NSA: Russian Hackers Targeting Vulnerable Email Servers

Akshaya Asokan • May 29, 2020

A Russian government-backed hacking group that's been tied to a series of cyberespionage campaigns has been quietly exploiting a critical remote code execution vulnerability in Exim email servers since 2019, the U.S. National Security Agency warns in an alert.

Governance & Risk Management

Hackers Breached 6 Unpatched Cisco Internal Servers

Doug Olenick • May 29, 2020

Six internal servers that Cisco uses to support its virtual networking service were compromised earlier this month after the company failed to patch two SaltStack zero day vulnerabilities. The company did not describe the damage done, saying only that "a limited set of customers" was impacted.

Cybercrime

Revamped Valak Malware Targets Exchange Servers

Ishita Chigilli Palli • May 29, 2020

A recently revamped version of the Valak strain of malware is targeting Microsoft Exchange servers in the U.S. and Germany, according to recent research from Cybereason. The malware has been redesigned to act as an information stealer that can extract corporate data.

COVID-19

Analysis: Surge in Attacks Against Banks

Nick Holland • May 29, 2020

The latest edition of the ISMG Security Report analyzes why cyberattacks against banks have surged in recent weeks. Plus: The increasingly ruthless tactics of ransomware gangs; cybersecurity strategies for small businesses.

Cybercrime

Ransomware Gangs' Ruthlessness Leads to Bigger Profits

Mathew J. Schwartz • May 28, 2020

Ransomware-wielding criminals are growing increasingly ruthless, based on the size of their extortion demands, their increasing propensity to leak data in an attempt to force victims to pay and their greater focus on taking down big targets. These tactics, unfortunately, appear to be working.

Legislation & Litigation

Bipartisan Bill Would Boost Cybersecurity Research

Ishita Chigilli Palli • May 28, 2020

A bipartisan group of lawmakers has introduced a bill that calls for investing $100 billion in research on science and emerging technologies, including cybersecurity, quantum computing and artificial intelligence.

Governance & Risk Management

How Smaller Companies Can Set Cybersecurity Priorities

Anna Delaney • May 28, 2020

Small and midsize companies don't need to spend money on expensive security products, says cybersecurity consultant Nic Miller, but they must consider several critical factors as they devise their strategies.

Governance & Risk Management

Researcher Contends Trend Micro's RootkitBuster Busted

Jeremy Kirk • May 28, 2020

Last week, security researcher Bill Demirkapi said that Trend Micro used a trick to get one of its drivers to pass Microsoft's approval process. Trend Micro has withdrawn the driver and says it's working with Microsoft on incompatibility issues that are unrelated to the researcher's findings.

COVID-19

Videoconferencing: Think Twice Before Hitting 'Record'

Mathew J. Schwartz • May 27, 2020

As a result of the COVID-19 pandemic, work-from-home employees have rushed to adopt videoconferencing tools. But Kroll's Alan Brill warns that sound security and privacy practices - backed by legal, risk management and HR teams - too often lag. Here are his top concerns and tips on how to address them.

COVID-19

Lawmakers Demand Details on Fighting China-Linked Hacking

Akshaya Asokan • May 26, 2020

A bipartisan group of U.S lawmakers is requesting more information from the FBI and CISA about efforts to crack down on hacking groups linked to China's government that are targeting American facilities conducting COVID-19 research.

Governance & Risk Management

Why an Information Asset Register Plays Important Role

Anna Delaney • May 26, 2020

Security practitioners need to know what data their organization has and where it is kept so they can ensure it's protected. That inventory process that can be simplified by creating an information asset register, says Bilal Ghafoor, a data protection consultant.