The recent fix for a zero-day flaw in Microsoft Office appeared more than five months after Microsoft was privately alerted to the flaw, and followed months of it being exploited via in-the-wild attacks. Can Microsoft do better?
When it comes to vulnerability management, many organizations opt to protect only their most critical security gaps - but, meanwhile, the criminals exploit the secondary vulnerabilities. Kevin Flynn of Skybox Security explains why context is everything in managing vulnerabilities.
Mayra Koury wears a lot of hats at $2 billion Tech Credit Union in San Jose. One of them is fraud investigator. Hear how she single-handedly staked out the institution's ATMs and helped law enforcement catch a skimming fraudster in action.
Many media outlets have suggested that the recent arrest of a Russian computer programmer ties to the 2016 U.S. presidential election meddling blamed on Russia. But the only source for this supposed connection traces to a Russian propaganda arm that's been blamed for participating in said meddling.
A look at how top security vendors share cyberthreat intelligence leads the latest edition of the ISMG Security Report. Also, states taking up legal efforts to assure the safety of medical devices and apps sold to consumers.
A report outlining new ways to recruit and retain cybersecurity professionals in the U.S. federal government leads the latest edition of the ISMG Security Report. Also, the sector considered the most cybersecurity challenged, and the growing interest in virtual private networks.
Legislation to direct the National Institute of Standards and Technology to create a set of tools, best practices and guidance to help small businesses protect their digital assets is heading to the U.S. Senate.
A North Korean IP address has turned up in an investigation by Kaspersky Lab into attacks against banks' SWIFT systems. The finding is a strong indication that the Lazarus hacking group may be run by North Korea.
The latest edition of the ISMG Security Report leads off with an interview with the co-editor of a new book, Inside Threat, who uses examples from the physical world that can be applied to the virtual world. Also, organizations fall short on offering identity protection services.
The FCC is warning that a scam focuses on tricking people into saying the word "yes" on the phone, which fraudsters record and later reuse as a voice signature in an attempt to make fraudulent charges on utility or credit card accounts.
More than 60,000 servers running Microsoft's out-of-support IIS 6.0 server software may be vulnerable to a newly revealed zero-day exploit. No patch will be produced, but a workaround can blunt an attack.
Brexit is off to a messy start, with Britain making law enforcement intelligence sharing - including Europol and European Cybercrime Center participation - a bargaining chip in its EU divorce proceedings. Some European officials have slammed the move as blackmail.
The FBI recently warned that hackers are targeting FTP servers run by healthcare organizations in order to obtain medical records. New statistics show more than 750,000 FTP servers can be accessed anonymously worldwide.