A massive, global ransomware outbreak has been hitting airports, banks, shipping firms and other businesses across Europe and beyond. Security experts say the apparent Petya variant may spread by exploiting the "EternalBlue" SMB flaw in Windows previously targeted by WannaCry.
With massive profits available to criminals who can infect PCs and servers and extract a ransom, it's no surprise that attacks involving crypto-locking ransomware continue to increase. Security experts say such attacks are increasingly driven by ransomware-as-a-service programs.
Many Indian organizations are not prepared to detect a breach, readiness assessments conducted by Smokescreen Technologies show, says Raviraj Doshi, the company's CTO, who describes current detection challenges.
Because the Aadhaar identification system is now being used for purposes for which it was not designed, such as transaction authentication, the risks involved are growing, says cyberlaw expert Na. Vijayashankar.
A Google security researcher has once again found a potentially devastating vulnerability in Microsoft's Malware Protection Engine, the core component of anti-malware systems that ship with every Windows computer and server.
With the increased emphasis on detection and response, practitioners may be beginning to dilute the fundamentals of security, neglecting the need to first protect and defend, says Brijesh Datta, CISO at Reliance Jio Infocomm.
When asked, "What's your container strategy?" the majority of CISOs will respond by asking: "What's a container?" So says Tenable's Gavin Millard, who sees ongoing confusion about how containers can help organizations not only move to the cloud but stay secure, provided they're correctly managed.
Rapid patching and adoption of updated software has long been a "must do" security imperative. But as WannaCry demonstrated, many organizations have yet to master the patch-management challenge, says Jack Huffard, president and COO of Tenable.
What factors are security leaders weighing today when making decisions about investments to protect their organizations tomorrow? Neustar's Joseph Loveless comments on results of ISMG's new Strategic Cybersecurity Investments Study.
Some security practitioners in India are questioning the value of the government setting up a CERT for the financial sector as well as a second Cyber Coordination Centre in Delhi to help deal with the changing cyber threat environment.
A former Qualys customer for more than a decade, Mark Butler is now the company's CISO. And one of his jobs is to help spread the word to other security leaders about the vendor's vulnerability management solutions.
Defense starts with awareness. And Dr. Paul Vixie of Farsight Security says awareness begins with tactical observations that can be gleaned from scanning Internet traffic. Vixie details how real-time contextual data can bolster security.
Members of Parliament in Britain have had their remote email access suspended following an apparent brute-force hack attempt aimed at exploiting weak passwords to gain access to their accounts. Officials say fewer than 90 email accounts appear to have been breached.
As threat actors refine their attacks and their automation, potential victims need to find new ways to scale up their cybersecurity to defend against these threats. Imperva CTO Amichai Shulman discusses how.
The business of crimeware is evolving - and so are the exploits that take advantage of unprotected systems. How do security leaders focus on managing their most critical vulnerabilities? Gidi Cohen, CEO of Skybox Security, shares insights.