Latest

Data Breach

Symantec: 'Orangeworm' Group Hits Healthcare Organizations

Jeremy Kirk  •  April 24, 2018

Large healthcare companies in the U.S., Europe and Asia are getting hit with a backdoor that comes from a long-observed group, which Symantec calls Orangeworm. The backdoor has been found on X-ray machines and MRIs.

►

Risk Management

Preparing for the Operational Technology Challenge

Tom Field  •  April 24, 2018

Plenty has been said about threats to internet of things devices - and rightfully so. But what about operational technology that often has been neglected by security controls? Mark Nunnikhoven of Trend Micro weighs in on OT risks.

►

Fraud Management, Cybercrime

How Account Takeovers Subvert Victims' Social Networks

Mathew J. Schwartz  •  April 24, 2018

Attackers rarely bother with technical sophistication when easy social engineering schemes, such as "hacking" a victim's social network and using it against them, can give them what they want, says Markus Jakobsson, chief scientist at the cybersecurity firm Agari.

►

Artificial Intelligence & Machine Learning

How to Battle Credential Stuffing Attacks

Mathew J. Schwartz  •  April 24, 2018

To combat credential stuffing and other types of rising attacks, organizations need data - and lots of it - to feed machine learning and artificial intelligence algorithms to better detect these types of high volume attacks, says Shape Security's Dan Woods.

►

Cloud Computing

Bringing Visibility to the Midmarket

Tom Field  •  April 24, 2018

Increasingly, SonicWall is focused on the midmarket, and CEO Bill Conner wants to help ensure that smaller and midsized enterprises have appropriate visibility into the threat landscape - the threat actors, as well as whom they are targeting.

►

Anti-Malware

How Malware Infiltrates Organizations

Nick Holland  •  April 24, 2018

Malware is a pervasive problem that is constantly evolving, says Christopher Kruegel, CEO of the security firm Lastline, who shares key findings from new research.

Data Breach

Analysis: 'Orangeworm' Attacks Appear to Involve Espionage

Marianne Kolbasuk McGee  •  April 24, 2018

Corporate espionage appears to be the motive behind cyberattacks targeting a variety of medical-related equipment and systems, researcher Jon DiMaggio of Symantec says in an in-depth interview about the activities of a hacker group the company has dubbed "Orangeworm."

Breach Notification

SunTrust: 1.5 Million Clients' Details Potentially Stolen

Mathew J. Schwartz  •  April 24, 2018

Great news: "SunTrust to offer free identity protection ... at no cost on an ongoing basis." Of course, nothing comes for free, at least for 1.5 million customers of the Atlanta bank, whose personal details may have been sold to criminals by a former employee.

Deception Technology

Deception Tech: High-Fidelity Alerts If Hackers Take Bait

Jeremy Kirk  •  April 23, 2018

Deception technology - which involves tricking hackers into lurking on bogus IT assets - can provide crucial intelligence on methods and motives - that is, if the stars align. Is deception technology worth the investment?

►

CISO

Insider Threat: Putting Theory Into Practice

Tom Field  •  April 23, 2018

For years, Dawn Cappelli studied and wrote about the insider threat. Then she went to Rockwell Automation and built an insider program. She discusses the program's success and her expanded role as vice president and CISO.

►

Encryption

Crypto Agility: Its Importance to IoT

Nick Holland  •  April 23, 2018

What is crypto agility, and why is it so important to IoT? Ted Shorter of Certified Security Solutions offers an explanation.

►

Deception Technology

Streamlining Detection With Deception Technology

Varun Haran  •  April 23, 2018

Deception is probably the least complicated way to detect threats that slip past perimeter defenses, says Ofer Israeli, CEO and founder of Illusive Networks.