Some federal agencies inappropriately continue to rely on knowledge-based authentication to prevent fraud and abuse even though this method is no longer trustworthy because so much personal information that's been breached is readily available to fraudsters, a new
U.S. Government Accountability Office report notes.
A urology practice in Ohio and an eye care provider in Indiana are among the latest victims of ransomware attacks in the healthcare sector. Some security experts suspect that such attacks are still underreported to regulators.
Yet another warning has been issued about the BlueKeep vulnerability in older versions of Microsoft Windows. The latest comes from the Department of Homeland Security, which tested a remote code execution exploit.
Xenotime, the group suspected of launching the Trisis malware attack in Saudi Arabia during 2017, has over the past few months shifted its focus beyond the oil and gas industry to target electrical plants and utilities, security firm Dragos reports.
Third-party risk has emerged as one of 2019's top security challenges, and the topic was the focus of a recent roundtable dinner in Charlotte. RSA's Patrick Potter attended that dinner and shares insight on how security leaders are approaching this aspect of digital risk management.
Not all that crashes has been hacked. To wit, this past weekend there were multiple major outages, including much of Argentina and Uruguay going dark, as well as U.S. retailer Target's system problems leaving customers unable to pay for goods. But none of these outages were due to cyberattacks.
Data in non-production environments represents a significant percentage of total enterprise data volume. Non-production environments also carry more risk than production environments because there are more direct users, says Ilker Taskaya of Delphix, who discusses how organizations can reduce that risk.
Medical device vendor Becton Dickinson and U.S. federal regulators have issued security alerts about vulnerabilities that potentially put certain infusion pump products from the manufacturer at risk for remote hacker attacks.
Data breaches, incident response and complying with the burgeoning number of regulations that have an information security impact were among the top themes at this year's Infosecurity Europe conference in London. Here are 10 of the top takeaways from the conference's keynote sessions.
A British judge has determined that an extradition hearing for WikiLeaks founder Julian Assange won't be held until next February. The U.S. is asking for the extradition so Assange can face espionage charges.
Tens of thousands of minors on Instagram expose their email addresses and phone numbers, which child-safety and privacy experts say is worrisome. The kids have turned their profiles from personal ones to business ones, which Instagram mandates must have contact details. But is that appropriate for a child?
The latest edition of the ISMG Security Report features a deep dive into an analysis of the cybersecurity risks that publicly traded companies face. Plus: Was the band Radiohead hacked? And what's unusual about the proposed Premera Blue Cross breach lawsuit settlement?
The House of Representatives has approved an amendment that would lift a 20-year ban on the Department of Health and Human Services funding the development or adoption of a unique, national patient identifier. But plenty of hurdles remain. Find out why this is a critical issue for CISOs as well as privacy officers.
Digital transformation impacts the way that organizations deal with cybersecurity risk, says Tim Wilkinson of Avast Business, who provides advice on how to place security at the center of the transformation.