Latest

►

Awareness & Training

CISO Thom Langford on Risk and Awareness

Tom Field  •  June 23, 2017

Publicis Groupe CISO Thom Langford discusses how best to measure your organization's true risk appetite and the business value of blending storytelling techniques into your security awareness programs.

►

DDoS

The Weaponization of DDoS

Tom Field  •  June 23, 2017

The Mirai botnet is just the most high-profile example of the new weaponization of DDoS. Attacks are stronger than ever, and multilayer defenses are needed to prevent disruption and distraction, says Darren Anstee of Arbor Networks.

DDoS

FBI: Reported Internet-Enabled Crime Losses Hit $1.3 Billion

Mathew J. Schwartz  •  June 23, 2017

The FBI says reported losses due to internet crime last year totaled $1.3 billion, based on nearly 300,000 complaints logged with its Internet Complaint Center. It warns that CEO fraud, ransomware, tech-support fraud and extortion are becoming increasingly prevalent.

Anti-Malware

The Return of the Luddite: Securing Critical Systems

Eric Chabrow  •  June 23, 2017

The latest edition of the ISMG Security Report leads off with a look at why organizations turn to paper when critical systems can't be secured. Also, how to hack air-gapped systems over the internet.

Fraud

How PayPal Protects Billions of Transactions

Varun Haran  •  June 23, 2017

In an in-depth interview, Guru Bhat, head of engineering at PayPal, describes how the online payments provider has used a mix of sophisticated automation, including machine learning, and human insight to maintain a fraud loss rate of just 0.32 percent.

Anti-Malware

Microsoft Defends AV Handling After Kaspersky Antitrust Lawsuits

Jeremy Kirk  •  June 22, 2017

Microsoft has sought to get in front of a brewing controversy over whether it unfairly disables third-party anti-virus products in Windows 10. The company is seeking to dampen charges that are reminiscent of its years-long legal tangles with global antitrust regulators.

Data Loss

198 Million US Voter Records Left Online For Two Weeks

Jeremy Kirk  •  June 20, 2017

A data analytics firm aligned with the Republican Party says it accepts "full responsibility" after it exposed online a list that includes virtually all U.S. voter registration records along with extensive research that attempts to guess people's political views.

Anti-Malware

'Eulogizing' Neutrino Exploit Kit

Eric Chabrow  •  June 20, 2017

Writing the obituary for the lifeless Neutrino exploit kit leads the latest edition of the ISMG Security Report. Also, judging the value of the Department of Health and Human Services' wall-of-shame website of healthcare sector breaches.

Forensics

Making Forensic Investigations More Fruitful

Marianne Kolbasuk McGee  •  June 20, 2017

Organizations can take steps in advance to help ensure that forensic investigations into data breaches and cyberattacks are successful, says security expert John "Drew" Hamilton, a professor at Mississippi State University.

►

Compliance

Is the World Ready for GDPR?

Tom Field  •  June 19, 2017

GDPR is in effect, and in one year, regulators will start to assess penalties against enterprises not in conformance with the regulation. How prepared are entities? Will it take a high-profile penalty to get the world's attention? Michael Hack of Ipswitch weighs in.

Breach Notification

Apparel Retailer Buckle Breached by Card-Stealing Malware

Jeremy Kirk  •  June 19, 2017

Clothing retailer Buckle says malware installed on its point-of-sale systems apparently stole customers' payment card details for nearly six months. Buckle's warning, which follows a breach alert from Kmart, shows the fight against payment card fraud is far from over.

Breach Response

How WannaCry Survives

Eric Chabrow  •  June 16, 2017

The CEO of the company that crippled WannaCry's ransomware component explains to Congress how the worm continues to attack unpatched systems at increasing rates. Also, creating a healthcare cybersecurity framework.