A groundbreaking study from RAND Corporation quantifies the stakes around how zero-day software vulnerabilities get discovered and persist, bringing hard facts to bear on related - and contentious - debates surrounding vulnerability disclosure and public safety.
Apache Struts 2 users are being warned to upgrade immediately, after attackers began targeting a zero-day flaw in the widely used, open source Java EE platform. Some attacks deactivate firewalls on vulnerable Linux systems and install DDoS or BillGates malware, amongst other malicious code.
So far in 2017, hacking incidents continue to affect the largest number of individuals impacted by major health data breaches. Meanwhile, incidents involving unencrypted computing devices continue to decline, according to the federal breach tally.
Confide, an encrypted messaging application, received a surge of attention after White House officials began using it for leaks. But a teardown of the app by two security firms revealed a raft of serious security issues.
The latest version of the Trump administration's draft cybersecurity executive order would direct the federal government to take a risk-based approach to IT security and hold agency heads responsible for the security of their organizations' IT assets.
HHS' four-year IT strategic plan includes improving security and privacy protections of data and systems, more effectively preventing and responding to emerging threats, and beefing up its cybersecurity workforce.
A new release from WikiLeaks - of what's alleged to be classified material from the CIA - has seemingly exposed some of the agency's most sensitive hacking projects and malware capabilities. Technology experts are scrambling to assess the impact, as well as WikiLeaks' claims.
CA Technologies has announced plans to snap up application security testing vendor Veracode for $614 million cash, to offer SaaS-based application security testing. The move signals that secure coding - and agile-inflected DevOps - is hot. But will it come in time to secure the internet of things?
One of the world's allegedly most prolific spamming operations inadvertently left backup databases accessible online, exposing upwards of 1.37 billion records and a raft of internal company information.
A look at the return of the Crypt0L0cker ransomware leads the latest edition of the ISMG Security Report. Also, assuring the security of medical devices; and U.S. federal prosecutors drop charges against a child porn suspect rather than reveal the hacking technique used to ensnare him.
When it comes to massive DDoS attacks powered by the likes of a Mirai botnet, "the sky is not falling," says ESET security researcher Cameron Camp. But organizations do need to prepare - and here's where to start.
Implementing robust access controls in healthcare settings can be particularly challenging for several reasons. But Fisher-Titus Medical Center is making progress in strengthening authentication and other security controls, says Peter Jacob, the hospital's manager of IT operations.
Crypt0L0cker ransomware - originally tied to the Gameover Zeus gang - has returned, researchers warn, and in some cases is digitally signed to make it appear legitimate. Other attack campaigns are spreading Cerber and Sage Locker via spam emails sent via short-lived domain names.
The U.S. government has opted to drop an indictment against a child pornography suspect rather than reveal the software exploit used to identify him. The case highlights how the use of legal hacking techniques by law enforcement agencies can create complications in court.
Federal prosecutors have filed criminal charges against 16 individuals who were allegedly part of a $60 million healthcare fraud case involving falsifying electronic health records of hospice patients. Do EHRs make it easier to commit - and investigate - healthcare fraud?