Many medical device makers appear to building better cybersecurity into their products, but some manufacturers are still avoiding fixing vulnerabilities in legacy devices that pose potential safety risks, says security researcher Billy Rios, who discusses the latest flaws in some Medtronic cardiac devices.
Real-world incidents prove over and over again that many of the most widespread issues still stem from a lack of basic cyber hygiene. This report looks at where organizations are falling on the basics and outlines steps for establishing a strong foundation for security.
Download this industry-leading report to...
As companies look for new ways to drive internal efficiencies and improve workflows for their staff, many are turning to digital transformation. However, with any advancement in technology or process, we inevitably see an increase in threat surface and attack vectors. What does digital transformation truly mean to...
Hubris has a new name: Bitfi. The cryptocurrency wallet-building company, backed by technology eccentric John McAfee, earned this year's not-so-coveted Pwnies Award for "Lamest Vendor Response" for how it mishandled security researchers' vulnerability disclosures. Bitfi has promised to do better.
The FIN7 cybercrime gang regularly phoned victims, posing as buyers, to trick victims into opening phishing emails and attachments with malware, federal prosecutors allege. The group's success - 15 million stolen payment cards and counting - is one measure of how difficult these types of attacks are to block.
A WannaCry outbreak has hit unpatched Windows 7 systems at Taiwan Semiconductor Manufacturing Co., crippling its factories. The world's largest chipmaker, which traced the infection to a new software tool that it failed to scan for malware before installation, says the outbreak could cost it $170 million.
The chief security officer for the U.S. Democratic Party is recommending that all party officials avoid using mobile devices made by Chinese manufacturers ZTE and Huawei. Bob Lord says that even if devices from those manufacturers are free or low cost, no one wants to be the next "patient zero."
Retired Brigadier General Gregory Touhill, the first CISO of the federal government, spells out what he sees as the essential steps for fighting against Russian meddling in this year's midterm elections. He'll be a featured speaker at ISMG's Security Summit in New York Aug. 14-15.
Attackers have targeted a patched vulnerability to exploit more than 209,000 carrier-grade routers made by Latvian manufacturer MicroTik and infect them with two types of malware - Coinhive and Crypto-Loot - designed to mine for cryptocurrency, security researchers say.
A family care clinic in Missouri says those investigating and mitigating a recent ransomware attack discovered that its systems were "loaded with a variety of malware programs." Experts say such post-breach discoveries are common.
This edition of the ISMG Security Report features Elvis Chan, a supervisory special agent at the FBI, discussing ongoing efforts to thwart Russian interference in the U.S. midterm election this fall, and Alberto Yepez of ForgePoint Capital addressing cryptocurrency security issues.
Medical testing laboratory firm LabCorp is still working to fully recover systems functionality nearly a week after a cyberattack that the company now claims involved "a new variant" of ransomware. What can other organizations do to avoid becoming the next victim?
Hackers stole at least $920,000 from Russia's PIR Bank after they successfully compromised an outdated, unsupported Cisco router at a bank branch office and used it to tunnel into the bank's local network, reports incident response firm Group-IB.
The current state of endpoint security is a "good news / bad news" situation. The good news is that in recent years there has been a modest trend towards fewer vulnerability disclosures, meaning slightly fewer potential ways for computing infrastructures to be exploited. The bad news is that an increasing percentage...