Writing the obituary for the lifeless Neutrino exploit kit leads the latest edition of the ISMG Security Report. Also, judging the value of the Department of Health and Human Services' wall-of-shame website of healthcare sector breaches.
Former U.S. CISO Gregory Touhill says the federal government must rethink how it hardens its workforce to prevent cyberattackers from succeeding. Organizations, he says, should regularly conduct cybersecurity exercises to help build their cyber defense.
Bad security habits of consumers whose use of apps is skyrocketing is leading to increased risks for businesses as they ramp up their use of apps as well, says Neil Wu Becker, a global vice president at A10 networks, who emphasizes the need to enforce best practices.
To encourage individuals to improve their security practices, begin by not blaming them. That was one takeaway from security experts at the Infosecurity Europe conference, who offered practical tips for changing user behavior and creating a culture of security.
Infosecurity Europe 2017 in London drew an estimated 18,000 attendees. Here are 13 visual highlights from the annual information security conference, ranging from tchotchkes and keynotes to 19th century architecture and live hacks of internet-connected devices.
The identity of the individual or group behind the global WannaCry ransomware campaign remains unclear. But whoever wrote the ransom notes appears to have been fluent in Chinese and pretty good at written English, according to a linguistic analysis from security firm Flashpoint.
Disney is reportedly being targeted by cyber-extortionist hackers who have threatened to release a stolen, prerelease copy of the movie studio's fifth "Pirates of the Caribbean" film unless they receive a ransom, payable in bitcoins.
The latest ISMG Security Report leads with an account of FBI Director James Comey's testimony before the U.S. Congress on insiders posing a cyberthreat to the American law enforcement bureau. Also, dissecting the claim that most startups fail shortly after being victimized by a cyberattack.
Score another one for social engineering: A phishing campaign used a bogus "Google Docs" app to trick people into surrendering full access to their Google accounts and contacts. Before Google squashed the campaign, up to 1 million of its users may have fallen victim.
The latest chapter in the nonstop WikiLeaks saga: As U.S. government officials continue to ramp up their anti-WikiLeaks rhetoric, President Donald Trump has reportedly directed federal prosecutors to examine ways in which members of WikiLeaks could be prosecuted.
Businesses that fail to block former employees' server access or spot any other unauthorized access are asking for trouble. While the vast majority of ex-employees will behave scrupulously, why leave such matters to chance?
Bryce Austin, a former technology lead at Target during the retailer's massive November 2013 breach, says the role of the CISO needs to evolve, ensuring that cybersecurity is balanced with the overall needs of the company. He claims tying the CISO's performance to the company's revenue is the best way to do that.