Following the WannaCry outbreak, the British government says it's increased cybersecurity funding for England's national health service. But in addition to funding shortfalls and poor cybersecurity practices, experts have also blamed management failures, in part by the U.K. government.
It's a score to find a severe software vulnerability in a widely used Google product. But finding information on all unpatched software flaws reported to Google is a whole new, frightening level. Here's how one researcher did it.
When it comes to warding off phishing attacks, too many organizations are reliant on internal awareness campaigns. But a more proactive defense and controls are needed, says John "Lex" Robinson of PhishMe.
Jennings Aske, CISO of New York-Presbyterian, says the healthcare sector is still struggling to figure out medical device security and contends that federal regulations have not been helpful in making it a priority.
The United Kingdom might be greater than the sum of its parts. But when it came to the WannaCry outbreak, some parts of the United Kingdom did less great than others. Here's how the governments and health boards of Scotland, Northern Ireland and Wales are responding.
Former Trump campaign aide George Papadopoulos learned that Russia had thousands of pilfered emails containing "dirt" on Hillary Clinton three months before they appeared online, according to court documents.
Security officials at Britain's biggest airport have been left scrambling after a USB stick that reportedly contained sensitive information was found on a London street. Heathrow Airport says it has launched an investigation and is working with London's Metropolitan Police.
Security probes into IoT vulnerabilities too often swerve into creepy territory. Take security researchers at Check Point who discovered they could seize control of an internet-connected LG vacuum cleaner's camera, allowing them to turn a roving robotic cleaner into a spy cam.
Organizations can reduce the impact of inevitable data breaches by properly training staff to handle all the key response steps, says Parag Deodhar, CISO for Asia Pacific at Axa Group, a multinational insurance firm.
The National Health Service in England should have been able to block the "unsophisticated" WannaCry ransomware outbreak, U.K. government auditors have found. Security experts say the findings should be studied by senior executives across all industries to "learn from the mistakes of others."
Malware is widely available in an "as-a-service" model on the cybercriminal underground to anyone with criminal intent and a bit of money, says John Shier, senior security adviser at Sophos, who explains exactly how the model works in this in-depth interview.
Medical device cybersecurity scrutiny usually focuses on potential patient safety issues. But vulnerabilities identified in a cardiac pacemaker programming device illustrate the risks also posed to patient data privacy, says Billy Rios, a researcher who discovered the problem.
RBI has slapped a $1 million penalty on Yes Bank for failing to promptly notify the central bank of a 2016 data breach of its ATM Network. Many security practitioners are praising RBI for issuing the penalty, saying it calls attention to the importance of timely breach notification.
The BadRabbit ransomware attack appears to have been designed for smokescreen, disruption or extortion purposes, if not all of the above. So who's gunning for Ukraine and how many organizations will be caught in the crossfire?
If Eugene Kaspersky had attended Wednesday's House hearing on the risk his company's anti-virus software poses to the U.S. federal government, he would have faced an unfriendly reception. But Kaspersky wasn't invited, although the panel may "entertain" the possibility of inviting him to a future hearing, according to...