Operating divisions of the Department of Health and Human Services need to shore up security controls - including access controls and software patching - to more effectively detect and prevent cyberattacks, according to a new federal watchdog report.
Facebook's data deals continue to be probed. A criminal investigation of Facebook by federal prosecutors in New York has resulted in records being subpoenaed "from at least two prominent makers of smartphones and other devices," the New York Times reports.
A closely held type of point-of-sale malware, DMSniff, is spreading further while another, GlitchPOS, has also emerged. Despite a surfeit of stolen payment card details on the black market, efforts to steal more continue, highlighting the continuing challenges around card security.
As organizations take on more ambitious digital transformation initiatives, their digital risk grows to new levels that require heightened management. RSA President Rohit Ghai explains the need for digital risk management.
Emily Heath is two years into her tenure as CISO at United Airlines. One of her key initiatives is to grow the company's security organization in a manner that emphasizes diversity, inclusion and skills.
Heading into the 2020 U.S. presidential election preseason, the FBI is squarely focused on defending against nation-state hacks or influence. Elvis Chan of the FBI talks about preparations for a cybersecure election.
Few internet-connected devices are built to be secure by default, and the problem is getting worse because many devices are connecting to poorly secured cloud services, says Ken Munro of Pen Test Partners.
In an exclusive interview, IBM Security GM Mary O'Brien talks with ISMG about her first year in this role, addressing the skills crisis, application security, the cloud and how to defend against cyberattacks.
Carbon Black and Optiv have released their 2019 Modern Bank Heists report, which unveils the latest cyber threats to global banking institutions. Report co-author Tom Kellermann discusses the findings and what they mean.
Today's workforce is increasingly working remotely and relying on a variety of devices and cloud services to accomplish their jobs. Organizations must support but also secure this push, or they risk driving employees to adopt shadow IT, warns Jon Oberheide of Duo Security.
The Chertoff Group recently participated in a tabletop exercise on defending against cyber-enabled economic warfare. What do the results say about U.S. defenses and resiliency? Adam Isles shares insights.
Security needs to keep pace with the application development life cycle to avoid becoming a roadblock, and automation can play an important role, according to David Meltzer and Lamar Bailey of Tripwire.
A ransomware attack last fall on a company that provides billing and other business services to health plans and hospitals resulted in a breach affecting more than 600,000 individuals, according to Michigan state officials. But what makes breach determination in ransomware attacks so difficult?
A variant of the long-running Ursnif banking Trojan is able to better evade security protection and has the ability to steal not only financial information but also email user accounts, the content of inboxes and digital wallets, researchers report.
Patch or perish, March edition: Microsoft releases fixes for 65 new vulnerabilities, including two that are being exploited in the wild. Also, Adobe issues updates for Photoshop and Digital Editions following a critical fix for a ColdFusion flaw that was being exploited in the wild.