Latest

Ransomware

Four Years Since HIPAA Omnibus: What's Changed?

Marianne Kolbasuk McGee  •  September 25, 2017

It's been four year since the HIPAA Omnibus Rule went into effect. So what have been the most significant changes in compliance and breach trends since then?

►

Ransomware

Buying Cyber Insurance: Who Should Be Involved?

Marianne Kolbasuk McGee  •  September 25, 2017

All the key players of a company's management group, including the CISO, need to be involved in the decision about whether to invest in cyber insurance, says Greg Markell of Ridge Canada Cyber Solutions, a cyber insurer.

Anti-Malware

Report: North Korea Seeks Bitcoins to Bypass Sanctions

Mathew J. Schwartz  •  September 14, 2017

In cryptocurrency we trust: The government of North Korea has been turning to bitcoin exchange heists and cryptocurrency mining - potentially using malware installed on other countries' systems - to evade sanctions and fund the regime, security experts say.

►

Ransomware

Sizing Up the Ransomware Threat Landscape

Varun Haran  •  September 11, 2017

To prepare for more ransomware attacks, organizations need to follow a consistent model of connected, synchronized security, says Sophos' Sunil Sharma, managing director for India and SAARC.

Ransomware

Locky Ransomware Hits Indian Companies

Suparna Goswami  •  September 6, 2017

Although so far only about eight Indian firms have reported to authorities that they've been victimized by Locky ransomware, according to news reports, security experts say many more companies have likely been impacted.

►

Breach Preparedness

Patching: A Defensive Measure That's Not Always Available

Eric Chabrow  •  September 5, 2017

Security experts often contend that potential damage from cyberattacks can be avoided if organizations just patch their systems. But Bank of the West Deputy Chief Security Officer David Pollino says applying patches sometimes is more easily said than done.

Anti-Malware

Marcus Hutchins' Arrest: Did FBI Bite the Hand That Feeds?

Mathew J. Schwartz  •  August 22, 2017

Beyond the emotion, the arrest of security researcher Marcus Hutchins last month on charges that he developed and sold banking malware has thrust information security researchers into the legal limelight and highlighted just how much law enforcement agencies rely on them.

Anti-Malware

Ukraine Central Bank Detects Massive Attack Preparation

Mathew J. Schwartz  •  August 21, 2017

Ukraine's central bank has warned state-owned and private banks that a new malware campaign targeting financial services firms across the country may be a prelude to a new assault of Not-Petya proportions, Reuters reports.

Anti-Malware

Carbon Black: Bug Shared Content Files with VirusTotal

Jeremy Kirk  •  August 21, 2017

Carbon Black rolled with the punches last week after it was accused of exposing customer data via a bug in one of its endpoint detection products. It turned out there was no bug. But the company has gone back and uncovered a bug that did expose customer data, albeit on a small scale.

Anti-Malware

Locky Ransomware Returns With Two New Variants

Mathew J. Schwartz  •  August 18, 2017

Locky is back. After falling off the radar last year, the ransomware is once again being distributed via massive spam campaigns - run by the Necurs botnet - in the form of two new variants named Diablo and Lukitus.

Breach Preparedness

Medical Device Cybersecurity: Legal Concerns

Marianne Kolbasuk McGee  •  August 17, 2017

Healthcare organizations need to consider a number of legal issues when it comes to cybersecurity incidents involving medical devices, attorney Thomas Barnard explains in an in-depth interview.

Breach Preparedness

Anthem Breach Lesson: Why Granular Access Control Matters

Marianne Kolbasuk McGee  •  August 14, 2017

Healthcare organizations can learn important lessons - including the need for granular data access control - from the costly proposed settlement of the breach lawsuit against health insurer Anthem, says Bill Fox, a former federal prosecutor.