Over the past year, fines levied by various regulatory agencies against breached entities have helped to shape and clarify what cybersecurity attorney Joseph Burton calls the cybersecurity standard of care - a standard for reasonable security that courts will turn to when determining liability and fault in the wake of...
When it comes to vulnerability management, many organizations opt to protect only their most critical security gaps - but, meanwhile, the criminals exploit the secondary vulnerabilities. Kevin Flynn of Skybox Security explains why context is everything in managing vulnerabilities.
It has been roughly two years now since the advent of the Retail Cyber Intelligence Sharing Center. How has information sharing improved cyber defenses? And how have criminals upped their game? Brian Engle of R-CISC shares insight.
As hacking incidents appear to spike again on the federal breach tally, a small Kentucky-based physician practice is the latest healthcare entity to report a major breach involving a ransomware attack.
Forty targets in 16 countries were attacked using advanced attack tools and techniques that match the capabilities documented via the "Vault 7" stash of alleged CIA network exploitation documents released by WikiLeaks, Symantec says.
A zero-day flaw in Microsoft Office is being targeted via in-the-wild attacks, security firms warn, including by the notorious Dridex botnet. While there is a workaround, Microsoft says it plans to issue a full fix this week as part of its regularly scheduled security updates.
Spanish police arrested Russian computer programmer Pyotr Levashov, apparently while he was vacationing with his family. Authorities say his arrest relates to alleged Kelihos spam botnet and pump-and-dump stock campaigns, not to Russia's alleged interference in the 2016 U.S. presidential election.
Twitter has dropped a federal lawsuit that sought to quash an administrative summons, which the government subsequently withdrew, seeking records for an account that's critical of U.S. policy. It's one of many accounts suspected to have been created by disgruntled government employees.
A Texas-based pediatric practice is the latest healthcare entity to report a major data breach following a recent ransomware attack, despite the organization's efforts to mitigate the incident quickly.
Legislation to direct the National Institute of Standards and Technology to create a set of tools, best practices and guidance to help small businesses protect their digital assets is heading to the U.S. Senate.
Federal regulators are warning healthcare sector organizations about the threat of man-in-the-middle attacks and related risks associated with the use of some Secure Hypertext Transport Protocol, or HTTPS interception products for end-to-end security.
A North Korean IP address has turned up in an investigation by Kaspersky Lab into attacks against banks' SWIFT systems. The finding is a strong indication that the Lazarus hacking group may be run by North Korea.
The FCC is warning that a scam focuses on tricking people into saying the word "yes" on the phone, which fraudsters record and later reuse as a voice signature in an attempt to make fraudulent charges on utility or credit card accounts.