Days after booting hackers from its network, the Democratic National Committee allowed incident-response firm Crowdstrike to publicly detail its findings. That's a rare - albeit welcome - move for other potential targets.
With rampant password, patch management and data missteps, it can feel like information security déjà vu all over again as security professionals fight so many of the same battles as 10 or 20 years ago, says white hat hacker Cris Thomas, a.k.a. "Space Rogue."
In the aftermath of the massacre at an Orlando nightclub, confusion emerged over whether the Obama administration had issued a waiver to suspend certain privacy provisions of HIPAA to ease communication between clinicians caring for the injured and those patients' families. Learn why the waiver wasn't necessary.
Russia's arrest of 50 suspected hackers earlier this month seems to have spooked the developers of the Angler exploit kit, an attack tool responsible for spreading ransomware and malware. But is Angler gone for good, or simply retrenching?
In the latest ISMG Security Report, our editors analyze Symantec's pending purchase of Blue Coat; vulnerabilities in mobile banking apps; retailers' objections to a national data breach notification bill; and the relaunching of the IRS Get Transcript tool after a breach.
IBM is deploying its Watson supercomputer to help organizations answer this essential question: In the face of nonstop security events, potential intrusions and patches, what's the next, best action that an organization's security analyst should take?
For years, organizations have been threatened by DDoS attacks on several fronts, ranging from volumetric attacks to application-level and DNS strikes. Now come ransom-based attacks. Trey Guinn of CloudFlare discusses how to respond to each type of attack.
My initial reaction to Microsoft's announcement that it plans to buy LinkedIn for $26.2 billion in cash: I guess its massive 2012 data breach - and the loss of virtually every user's credentials - didn't hobble the company's long-term prospects.
First the hackers came for our credit cards. Now they're taking control of our TVs. Witness the latest version of FLocker - for "frantic locker" - which is designed to lock Android devices, including smart TVs.
As we prepare to mark the tenth anniversary of the PCI Security Standards Council, it's time to assess the impact PCI-DSS has had on payments security and consider whether it will remain a viable standard 10 years from now. A series of upcoming reports will address these topics.
For its next move since jettisoning storage firm Veritas and becoming a pure-play security vendor, Symantec plans to buy network and cloud security firm Blue Coat from private-equity owners Bain Capital for $4.65 billion, gaining a new CEO in the process.
A settlement between the Federal Trade Commission and Practice Fusion, an electronic health records system vendor, serves as a reminder that regulations other than HIPAA apply to protecting patient privacy, says attorney Adam Greene, a healthcare regulations expert.
Yet another organization has acknowledged it opted to pay cyberattackers after its systems were infected with ransomware, the file-encrypting malware that has become one of the most dreaded menaces across the internet.
In the latest ISMG Security Report, our editors examine the top concerns of security practitioners gathered at Infosecurity Europe, NIST's planned revision of its cybersecurity framework and U.S. government efforts to make sure patients can securely access their electronic health records.