Security companies are warning that a global attack using compromised IoT devices may be coming soon. Check Point says one million organizations are running a device infected with IoTroop, also known as Reaper, which is botnet code that perhaps is related to Mirai but spreads in a much different way.
The Kaspersky Lab saga raises questions about how vulnerable any anti-virus products and back-end cloud networks might be to hacking. Asked to describe exactly what security controls they offer, here's how 17 anti-virus firms answered - or have yet to answer.
A lawn mower engine manufacturer's notification to federal regulators of a health data breach impacting thousands of its workers highlights the HIPAA compliance duties for businesses that are self-insured for healthcare.
Spammers wielding Locky ransomware have a new trick up their sleeves: the ability to infect PCs via malicious Microsoft Word documents that use the Dynamic Data Exchange application-linking feature built into Windows to push ransomware onto victims' systems.
A class action lawsuit claims that thousands of employees of a home healthcare firm were harmed by the disclosure of their personal information as a result of a business email compromise scam. Earlier, regulators fined the company for another breach.
The FBI is asking all U.S. victims of DDoS attacks to please come forward. The bureau's plea for more information from cyberattack victims parallels similar requests made this week by British authorities speaking at ISMG's Fraud and Breach Prevention Summit in London.
The Internal Revenue Service is pushing back at critics who contend the tax agency isn't doing enough to secure its information technology. Commissioner John Koskinen cites headway in preventing criminals from gaining access to tax filers' personally identifiable information.
Researchers say they've identified faulty cryptographic code in microchips made since 2012 by Infineon Technologies, posing risks to government-issued smartcards, consumer laptops, authentication tokens and more.
A small Missouri clinic admits paying a ransom to unlock data after a ransomware attack in August encrypted patient data on a file server, as well as backups. The incident spotlights the dilemmas healthcare organizations can face after a ransomware attack if they're not well-prepared.
A new directive from the U.S. Department of Homeland Security elevates federal agencies' email security to the DMARC standard that's widely adopted by commercial email providers, including Google, Yahoo and Microsoft.
Can U.S. law enforcement use a warrant to seize emails stored outside the U.S. by a cloud services provider? That's the question the Supreme Court has agreed to consider next year. Microsoft continues to fight an order to turn over emails stored in an Irish data center.
The clock is ticking on the General Data Protection Regulation (GDPR) coming into effect and while there isn't wide scale panic yet, lots of organizations are either in denial or just coming to grips with its implications. The difficulty with GDPR is that the regulation states the "WHAT" but pretty much is silent on...
An apparently misconfigured Amazon repository that exposed on the web medical data for approximately 150,000 patients serves as another important reminder of the need to protect cloud-based health information from being inadvertently accessible to the public.
A Belgian security researcher has discovered a "serious weakness" in the WPA2 security protocols used to encrypt many WiFi communications. Attackers can exploit the flaws to eavesdrop as well as potentially inject code such as malware or ransomware into WiFi-connected systems. Prepare for patches.
Security researchers have discovered websites run by credit bureaus Equifax and TransUnion were both affected by dodgy code that redirected users to adware and malware. Both issues are fixed, but the situations beg questions about how closely the companies monitor their online security.