Freedom of Information requests sent to 430 U.K. local government councils by Barracuda Networks found that at least 27 percent of councils have suffered ransomware outbreaks. Thankfully, almost none have paid ransoms, and good backup practices appear widespread.
An attack campaign involving a trojanized version of the CCleaner Windows utility, built and distributed by British developer Piriform, was much more extensive than it first appeared and may have installed backdoor software on endpoints at hundreds of large technology firms.
The chairman of the U.S. Securities and Exchange Commission will face the Senate Banking Committee next week following the agency's belated disclosure that in May 2016, hackers stole secret market data from the SEC's systems and apparently used it for "illicit gain through trading."
Analyzing the impact of a breach of computers at the U.S. Securities and Exchange Commission leads the latest edition of the ISMG Security Report. Also, exploring alternative plans to implement cybersecurity regulations on credit reporting bureaus in the wake of the Equifax breach.
In today's dynamic threat landscape, "real-time" is the operative phrase - and it needs to apply both to threat detection and incident response, says Tim Bandos of Digital Guardian. What are the required security controls and tools?
Hackers behind the mega-breach at Equifax stole data in May, but they - or other attackers - penetrated the credit bureau's systems in March, exploiting a vulnerability for which Apache Struts had issued a patch, just four days prior.
A federal judge Tuesday dismissed three of six counts in a complaint filed by the U.S. Federal Trade Commission against IoT manufacturer D-Link that alleges its sloppy security practices deceived consumers. The FTC has until Oct. 20 to amend the complaint.
Because a growing number of organizations in India are being hit by cyberattacks, the case for buying cyber insurance appears to be stronger than ever. Nevertheless, security experts say only a handful of the largest companies have made the investment in this insurance so far. Why is that the case?
When creating a security action plan, not enough organizations include provisions for communicating with the police, says Kenrick Bagnall, a detective constable in the cybercrime unit of the Toronto Police Service.
Are organizations making the same security mistake with APIs today that they made with their websites 10 and 20 years ago? Jeffrey Costa of Akamai Technologies says yes and offers insight on securing and caching APIs.
Most organizations are good at collecting threat intelligence, but they struggle to operationalize it - and especially to use it for threat attribution. Arbor Network's Paul Bowen tells where organizations are commonly missing the mark.
Oil & Natural Gas Corp. is augmenting its ISOC to serve its enterprise wide network, SCADA and business systems to enable detection of threats in real time, says A.S. Rao, CISO. "We have gone in for a hybrid model to build required skills to completely operationalize the ISoC," he says
Mobile malware threats are surging in India. For example, about 40 percent of all the attacks involving Xafecopy malware were targeted at the nation. The increasing attacks on mobile phones have called attention to the need to boost awareness of mobile security and take critical mitigation steps.
In the latest edition of the ISMG Security Report: a look at the former Equifax chief information security officer and whether her lack of academic credentials in IT or IT security is relevant to the massive breach at the credit reporting agency.