Deception technology could be a game-changer, with many thought leaders and organizations already getting behind the concept of "assume compromise." Smokescreen founder Sahir Hidayatullah speaks about the rise of this emerging technology.
Security vendors are issuing warnings about two new types of dangerous Mac malware - Eleanor and Keydnap - which serve as a reminder that it's not just Windows users coming under fire from malicious software developers and tricksters.
Forget the 2015 mega-breach, an ongoing FTC probe or multiple class-action lawsuits: A new leadership team wants to reboot infidelity-focused online dating website Ashley Madison, promising that this time they'll get security and privacy right.
Endpoint protection vendors compete fiercely for customers, and allegations of impropriety are common among rivals. The latest battle pits Sophos against Cylance. Whose version of the story is the truth?
Members of Congress have sent a letter to federal regulators saying that because ransomware attacks are "different" from other breaches in the healthcare sector, there's a need for new recommendations in upcoming government guidance.
In the first HIPAA enforcement action against a business associate, federal regulators have smacked a nonprofit organization with a $650,000 penalty following an investigation into a 2014 security incident affecting just 412 patients.
Ukraine's central bank has confirmed that one of the country's banks fell victim to a fraudulent SWIFT heist in April. This latest such attack revelation should spur all SWIFT-using banks to assume they've been hacked, until proven otherwise.
The Dark Overlord selling stolen healthcare databases for bitcoins leads the ISMG Security Report. Also hear about banks' move toward real-time transaction fraud controls and a bipartisan attempt in Congress to tackle the ongoing crypto and "going dark" debates.
The MySpace and LinkedIn data dumps have been made available by a security researcher on his website, which is perhaps the most easily accessible source for obtaining it. But does it put people at greater risk?
Would access to better information pertaining to encryption help Congress pass good crypto-related laws? That's the impetus behind a "Digital Security Commission" and a related report being hawked by some lawmakers.
An individual claiming to be the hacker who posted four healthcare databases on the dark web reveals some of his tactics. We take a close look at the risks posed to one affected clinic, which faces a ransom demand.
As many as 250,000 credentials for Remote Desktop Protocol servers around the world may have been offered for sale on the now-shuttered xDedic cybercrime marketplace. So what can organizations do to mitigate related risks and avoid a major network intrusion?
Britain's surprise vote to "Brexit" the European Union leads the ISMG Security Report. Also hear analysis on a cybercrime forum selling remote server access; Comodo being in hot water by saying "let's encrypt"; and why Facebook CEO Mark Zuckerberg covers his webcam with tape.
Comodo made no new friends last week when it claimed that a nonprofit project, Let's Encrypt, stole its business model. Now, the digital certificate giant says it will not pursue applications aimed at securing trademarks using the phrase "Let's Encrypt."
While PCI compliance is a priority for many U.S. retailers, some major companies in Australia say they'd rather forego the cost of compliance and risk the possibility of steep fines if a card breach occurs.