A list of "super user" passwords - and a default username - now circulating online appears to allow unauthorized access to some webcam video streams, security researchers warn. If confirmed, it would be yet another massive internet of things security failure by a device manufacturer.
The U.S. Federal Trade Commission has filed a complaint against router and camera manufacturer D-Link for allegedly failing to secure its products. Experts say it's the opening salvo in what could be a long-term battle to fix IoT devices.
Seven state insurance commissioners conclude in a new in-depth report that the massive cyberattack on Anthem Inc. was carried out by a hacker on behalf of a nation-state. But they stop short of naming the nation involved or penalizing Anthem for the breach that affected 80 million.
The KillDisk disk-wiping malware, previously tied to espionage operations, has been updated with crypto-locking capabilities and now targets Linux as well as Windows systems. But security experts warn that attackers using the Linux variant have no way to furnish a decryption key.
Hackers will hack, but any attempt to attribute attacks back to an individual, group or state apparatus too often involves political agendas, cybersecurity marketing moves, attempts to deflect blame or outright errors of interpretation.
Hackers have apparently hijacked potentially thousands of vulnerable MongoDB databases and demanded ransoms for the return of critical data, with some victims paying up, according to security researchers.
The lack of a smoking gun - absolute certainty - has some security experts not entirely convinced that the Russians or their backers hacked Democratic Party computers in an attempt to sway the U.S. presidential election.
The transition to a new presidential administration makes forecasting for HIPAA enforcement activity in 2017 difficult, says privacy attorney David Holtzman of the consultancy Cynergistek, who sizes up what the HHS Office for Civil Rights might do this year.
As the Trump administration begins, expect a ramp-up in cyber espionage as well as more "test attacks" by nation-states, says cybersecurity specialist Brad Medairy of the consultancy Booz Allen Hamilton.
Because cyber threats are becoming increasingly sophisticated, bolstering employee and customer awareness and training about ransomware, phishing and other cyber risks must be a top priority in 2017, says Curt Kwak, CIO of Proliance Surgeons.
With the rise of malware infecting IoT devices, DDoS defenders "have to assume that the attackers have an unlimited supply of machines that they can compromise," says Akamai's Michael Smith. But quarantines, ISP feedback loops and better patch management can bolster defenses.
Unprecedented hack attacks knocked three Ukrainian power providers offline in late 2015, and now a potential repeat hack has surfaced. Security experts recommend all power operators globally hunt carefully for related signs of attack.
This edition of the ISMG Security Report features an analysis of recommendations by a U.S. House Encryption Working Group that Congress should not enact legislation that requires technology companies to help law enforcement authorities bypass encryption on the devices they manufacture.