Hubris has a new name: Bitfi. The cryptocurrency wallet-building company, backed by technology eccentric John McAfee, earned this year's not-so-coveted Pwnies Award for "Lamest Vendor Response" for how it mishandled security researchers' vulnerability disclosures. Bitfi has promised to do better.
Documents containing information on more than 300,000 patients were recently discovered on the former campus of a Missouri hospital that's being prepared for demolition four years after the hospital moved to new facilities. The incident illustrates the need to track all paper records that contain PHI.
Espionage: Every nation does it. But for nation-state hacking that targets intellectual property or interference in political affairs, the U.S. has been using criminal indictments against individuals as a diplomatic way of saying: "We see what you're doing, now knock it off." But does it work?
The Forum of Incident Response and Security Teams recently announced the release of new training resources to help organizations build and improve product security incident response teams. Damir "Gaus" Rajnovic of FIRST discusses the global need for these resources.
The FIN7 cybercrime gang regularly phoned victims, posing as buyers, to trick victims into opening phishing emails and attachments with malware, federal prosecutors allege. The group's success - 15 million stolen payment cards and counting - is one measure of how difficult these types of attacks are to block.
A WannaCry outbreak has hit unpatched Windows 7 systems at Taiwan Semiconductor Manufacturing Co., crippling its factories. The world's largest chipmaker, which traced the infection to a new software tool that it failed to scan for malware before installation, says the outbreak could cost it $170 million.
The cost of the city of Atlanta's mitigation and subsequent IT overhaul following a massive SamSam ransomware infection in March could reach $17 million, of which $6 million has already been budgeted for new devices, security enhancements as well as upgrades, according to news reports.
The chief security officer for the U.S. Democratic Party is recommending that all party officials avoid using mobile devices made by Chinese manufacturers ZTE and Huawei. Bob Lord says that even if devices from those manufacturers are free or low cost, no one wants to be the next "patient zero."
Retired Brigadier General Gregory Touhill, the first CISO of the federal government, spells out what he sees as the essential steps for fighting against Russian meddling in this year's midterm elections. He'll be a featured speaker at ISMG's Security Summit in New York Aug. 14-15.
As Amazon expands its activities in healthcare, include a high-profile venture into the pharmacy business, the online retail giant will face a wide variety of important privacy issues, attorneys Jeffrey Short and Todd Nova explain.
Cloud-based CRM giant Salesforce.com is warning some of its Marketing Cloud users that any data they stored may have been accessed by third parties or inadvertently corrupted because of an API error that persisted for six weeks.
Attackers have targeted a patched vulnerability to exploit more than 209,000 carrier-grade routers made by Latvian manufacturer MicroTik and infect them with two types of malware - Coinhive and Crypto-Loot - designed to mine for cryptocurrency, security researchers say.
Two cybersecurity veterans detail the specific steps the Trump administration must take now if it has any hope of safeguarding the U.S. midterm elections in November against Russian interference, whether via hack attacks or social media and propaganda campaigns.
One measure of why it's so difficult for organizations to keep their software patched and better secured: Of the nearly 20,000 unique vulnerabilities in 2,000 products cataloged last year, only half involved Microsoft, Adobe, Java, Chrome or Firefox software, says Flexera's Alejandro Lavie.
Three Ukrainian men who were allegedly part of a hacking gang that stole more than 15 million payment card records from U.S. businesses, sold the data in underground markets and enabled at least $12.4 million in fraud have been arrested in Germany, Poland and Spain at the request of the U.S.