The Scottish Parliament in Edinburgh. (Photo: Scottish Parliament, via Flickr/CC)

Scottish Parliament Repels Brute-Force Email Hackers

Mathew J. Schwartz • August 18, 2017

Hackers have been targeting the Scottish Parliament in a "brute force cyberattack" aimed at guessing users' email passwords. Security experts say it's unlikely that state-backed attackers would resort to such a blunt assault.

Anti-Malware

Unwanted Hotel Guests: Russia's Fancy Bear

Latest

Cybersecurity

Philips to Fix Vulnerabilities in Web-Based Health App

Jeremy Kirk • August 18, 2017

Philips plans to fix alarming vulnerabilities in a web-based application used to track patient radiation exposure. Versions of the DoseWise Portal mistakenly shipped with errors, including hard-coded credentials for a database and lack of encryption for patient data.

Anti-Malware

New Exploit Kit: A Closer Look

Joan Goodchild • August 18, 2017

The latest edition of the ISMG Security Report leads with a closer look at a new exploit kit and whether it represents a resurgence in these types of criminal packages. Also featured: a discussion of new vehicle security concerns and communications advice for CISOs.

CISO

3 Questions Successful Security Leaders Should Ask

Joan Goodchild • August 16, 2017

Communication consultant Michael Santarcangelo outlines three key questions CISOs should ask at the outset of any project to convey security's value and clearly set expectations

Anti-Malware

Analysis: Another Medical Device Security Issue

Joan Goodchild • August 15, 2017

In this latest edition of the ISMG Security Report we learn more about certain Siemens medical devices containing vulnerabilities that could allow hackers to remotely execute arbitrary code. Also: a report on Kaspersky Lab dropping its complaint against Microsoft and part 2 of an election security interview.

Breach Preparedness

Anthem Breach Lesson: Why Granular Access Control Matters

Marianne Kolbasuk McGee • August 14, 2017

Healthcare organizations can learn important lessons - including the need for granular data access control - from the costly proposed settlement of the breach lawsuit against health insurer Anthem, says Bill Fox, a former federal prosecutor.

Anti-Malware

Kaspersky Withdraws Antitrust Complaints Against Microsoft

Jeremy Kirk • August 11, 2017

Kaspersky Lab says it will withdraw antitrust complaints it filed against Microsoft over how Windows handles third-party security products, defusing a yearlong dispute. Microsoft says it will work closer with security companies to ensure compatibility with Windows.

Breach Notification

Creating Cyber Plan to Thwart Those Seeking to Sway Elections

Eric Chabrow • August 11, 2017

Leading the latest edition of the ISMG Security Report: An interview with the head of a new cyber initiative to help political campaigns and local, state and federal election officials safeguard America's electoral process. Also, analyzing the evolving characteristics of the healthcare breach.

Anti-Malware

Here's How Ugly Infosec Marketing Can Get

Jeremy Kirk • August 10, 2017

Security vendors are known to sprinkle hyperbole among their claims. But the strategy has backfired for DirectDefense, which mistakenly cast endpoint protection vendor Carbon Black as a contributor to the "world's largest pay-for-play data exfiltration botnet."

Cybersecurity

Some Siemens Medical Imaging Devices Vulnerable to Hackers

Marianne Kolbasuk McGee • August 8, 2017

The Department of Homeland Security has issued an alert warning about cyber vulnerabilities in certain Siemens medical imaging products running Windows 7 that could allow hackers to "remotely execute arbitrary code." How serious are the risks?

Breach Response

FireEye's Post Mortem: Analyst Didn't Change Passwords

Jeremy Kirk • August 8, 2017

It's a red-faced moment for FireEye. The company says an investigation reveals that an attack against an analyst's personal online accounts was enabled by the employee's continued use of compromised login credentials.

Anti-Malware

Backstory on Arrest of Marcus Hutchins

Eric Chabrow • August 8, 2017

The latest edition of the ISMG Security Report leads with a report on the charges brought against Marcus Hutchins, the "accidental hero" who stoped the WannaCry malware outbreak. Also featured: reports on advances in attribution and new legislation to secure vulnerable medical devices.

Anti-Malware

WannaCry 'Accidental Hero' Denies FBI Charges

Mathew J. Schwartz • August 7, 2017

Cybersecurity researcher Marcus Hutchins will plead not guilty in federal court to charges relating to creating and selling banking malware called Kronos. Some in the security community think the FBI may have confused legitimate research activities with criminal behavior.