President Donald Trump says TikTok and Oracle are close to making a deal. Don't neglect to read the fine print. While the president has demanded TikTok divest its U.S. operations - preferably to Oracle - because of national security concerns, the Chinese firm is instead offering Oracle a minority stake.
Federal authorities and medical device maker Philips have issued security alerts about security vulnerabilities in some of the company's patient monitoring software. Until patches are available, the company is recommending risk mitigation steps.
A recently uncovered Linux malware variant dubbed "CDRThief" is targeting VoIP networks to steal phone metadata, such as caller IP addresses, ESET reports. The malware appears to be designed for cyberespionage or fraud.
The U.S. Federal Communications Commission estimates the total cost for smaller and rural telecom carriers to rip and replace Huawei and ZTE gear from their networks to enhance national security will be over $1.8 billion.
Federal regulators are reminding healthcare organizations about the importance of accurate IT asset inventory management to help reduce breach risk. Regulators have also beefed up a HIPAA guidance portal for mobile app developers.
The latest edition of the ISMG Security Report analyzes why ransomware gangs continue to see bigger payoffs from their ransom-paying victims. Also featured: Lessons learned from Twitter hacking response; security flaw in Amazon's Alexa.
A patching effort has been underway for six months to upgrade Thales wireless communication modules that are embedded in millions of IoT devices, including insulin pumps and smart meters. Left unpatched, a vulnerability in the modules could allow attackers to control devices, IBM warns.
Researchers at Check Point developed a one-click attack against Amazon's popular voice-controlled assistant Alexa that could reveal a user's voice history or personal information. Amazon has fixed the web application security flaws but says Check Point's demo video is misleading.
With the surge in telehealth use during the COVID-19 pandemic, healthcare organizations must be prepared to deal with cloud security and privacy risks, says Jim Angle of Trinity Health, who is the author of a recent report from the Cloud Security Alliance.
As developers design applications to provide patients with access to their digital health records via smartphones - as called for under the 21st Century Cures Act - special attention needs to be paid to balancing security with usability, says Chad Wilson, CISO of Stanford Children's Health.
The latest edition of the ISMG Security Report analyzes the hijacking of a virtual court hearing in the Twitter hacking case. Also featured: Why network segmentation is more important than ever; update on Windows print spooler vulnerability.
A security researcher says voting equipment in the U.S. is still riddled with security flaws that opportunistic foreign adversaries could use to pose a threat to the November election. Meanwhile, the director of CISA calls Russian ransomware attacks one of the biggest threats to the election.
Garmin, a fitness tracker and navigation device firm, apparently paid a ransom to recover from a July 23 security incident that encrypted several of its systems, according to two news reports as well as expert analysis. The company says it's still experiencing 'temporary limitations" on services.
The NSA has issued an alert warning those working in the national security and defense sectors to mitigate the risks posed by mobile and internet of things devices, along with apps, that collect location data.