A swift FBI sinkhole blunted an apparently imminent attack against Ukraine via "VPN Firewall" malware, which has infected more than 500,000 routers. But mass router compromises will continue so long as manufacturers fail to build in easy or automated patching and updating, security experts warn.
At least 500,000 routers, mostly located in Ukraine, have been infected with "VPN Filter" malware that experts believe is a prelude to a massive cyberattack. But the FBI has reportedly sinkholed the control domain for the router botnet, which should help contain the potential damage.
Early experiments are demonstrating how blockchain, the distributed and immutable ledger behind virtual currencies, potentially could play an important role in identity management, says Avivah Litan, a Gartner Research analyst.
Yesterday's threat detection is not working.
There are numerous ways healthcare organizations can benefit from a deception approach. In today's healthcare environments, new cyber vulnerabilities and risks open as fast as older ones get remedied. Companies must reshape their cybersecurity programs, knowing that...
Mexican officials are investigating a series of technical glitches that may have been a prelude to a large cyberattack affecting at least five banks, according to news reports. While the full scope of the incidents remains unclear, up to $20 million may have been stolen.
For over a decade, a crucial part of fraud detection has been assigning an identity to every laptop, tablet, and mobile device that accesses a website or app. Such a fingerprint is a representation of hundreds of different device-specific values taken from an end user's device.
Today's device fingerprinting...
European computer security researchers say they have discovered vulnerabilities that relate to two techniques used to encrypt emails: PGP and S/MIME. Security experts recommend all PGP users immediately delete or disable their PGP tools, pending a full fix.
Compliance comes down to behavior. Ask yourself: are your users utilizing protected data sets in an appropriate manner? While most organizations focus on establishing security controls around access, the true test of compliance revolves around visibility into what users do after accessing data.
In the financial...
At its core, compliance for HIPAA is simply about maintaining patient privacy by ensuring your users appropriately access and use of patient data by your users. Electronic Health Record (EHR) solutions provide detail around when patient data is accessed. The challenge, however, is the lack of visibility into what...
A bipartisan group of U.S. lawmakers has reintroduced legislation in the House that would stop the government from forcing software vendors to intentionally weaken their products for surveillance purposes. Two prior attempts to enact the legislation in Congress have failed.
Devising an effective national IoT security strategy requires four essential steps, says Rishi Bhatnagar, chairman of the Institution of Engineering and Technology's IoT panel India, who describes them in this interview.
If operational technology systems need to get connected to IT systems, it's essential to have tight controls on the network, says Lam Kwok Yan, professor of computer science and engineering at Nanyang Technological University in Singapore.
Payments are getting faster, and so is payments fraud. A robust fraud management strategy focusing on strong authentication, customer education and scalable responses can be instrumental in minimizing payment fraud risk.
A remote code execution vulnerability revealed in late March in the Drupal content management system is now being used on a large scale for mining the virtual currency monero, a researcher says. At least 400 websites have been infected, and the total number is likely far higher, security experts warn.
Businesses spend billions each year on identity and access management, but almost all of this money is spent on protecting the digital identities of humans - usernames and passwords.
On the other hand, businesses spend almost nothing on protecting machine identities, even though our entire digital economy hinges...