Using intrusive technologies to check staff behavior in an effort to fight against supply chain fraud is ineffective, says Richard Dailly, managing director in Hong Kong at the security firm Kroll, who explains why.
A Chinese-speaking hacking group used a rare Unified Extensible Firmware Interface bootkit dubbed "MosaicRegressor" to target nongovernment organizations and diplomatic missions with an espionage campaign for two years, the security firm Kaspersky reports.
Security researchers are warning of a fresh wave of phishing emails with election-related lures that are designed to get users to click, opening the door to spreading the Emotet botnet or harvesting users' credentials.
Privacy regulators in Germany have slammed clothing retailer H&M with a $41 million fine for collecting and retaining private employee data in violation of the EU's General Data Protection Regulation. H&M has apologized, instituted changes and promised to financially compensate employees.
Organizations in all sectors need to end "the dichotomy between privacy and security" and avoid a checklist approach to privacy protection, says digital ethics expert Ivana Bartoletti, who explains why ensuring customers' privacy is essential to a company's survival.
In an exclusive interview, Roger Severino, director of the HHS Office for Civil Rights, which enforces HIPAA, spells out critical steps healthcare organizations must take to safeguard patient information and ensure patient safety in light of the surge in ransomware and other hacking incidents.
Security researchers at Appgate are warning about a recently uncovered ransomware variant called Egregor that appears to have infected about a dozen organizations worldwide over the past several months. The gang behind this crypto-locking malware is threatening to release data if victims don't pay.
Eight months after Microsoft issued a critical security update fixing a remote code execution flaw in Exchange Server, more than half of these mail servers in use remain vulnerable to exploits, according to the security firm Rapid7.
Among the most malicious and potentially dangerous cyber incidents affecting the healthcare, energy and other sectors are evolving "distruptionware" attacks - including ransomware - that aim to shut down businesses, says retired FBI agent Jason G. Weiss.
A Treasury Department advisory offers a reminder that financial institutions, cyber insurance firms and others that facilitate a ransom payment after a ransomware attack could face federal penalties. But the warning isn't necessarily a sign of a looming enforcement effort, some cybersecurity experts say.