Intel Has a New Speculative Execution Issue: Foreshadow

Jeremy Kirk • August 15, 2018

The Meltdown and Spectre attacks from earlier this year showed how the quest to make CPUs run faster inadvertently introduced serious security vulnerabilities. Now, researchers have unveiled a new attack called Foreshadow that builds on those findings, affecting millions of Intel processors made over the past five

Business Continuity/Disaster Recovery

How to Secure US Elections - Before It's Too Late

Latest

Breach Preparedness

HHS OIG Finds Security Flaws in Maryland's Medicaid System

Marianne Kolbasuk McGee • August 15, 2018

Maryland's Medicaid system has "numerous significant" security weaknesses that need to be addressed, according to a federal watchdog agency. Earlier audits of other state Medicaid programs have yielded similar results

ATM Fraud

FBI Warns Of Pending Large Scale ATM Cashout Strike

Jeremy Kirk • August 14, 2018

The FBI warns that cybercriminals are planning a large-scale operation aimed at emptying ATMs, a type of attack that has caused swift and costly losses for financial institutions. The attack may utilize data from a breach of an unknown card issuer, the FBI says.

Anti-Malware

Are Legacy Medical Device Security Flaws Going Unfixed?

Marianne Kolbasuk McGee • August 13, 2018

Many medical device makers appear to building better cybersecurity into their products, but some manufacturers are still avoiding fixing vulnerabilities in legacy devices that pose potential safety risks, says security researcher Billy Rios, who discusses the latest flaws in some Medtronic cardiac devices.

Endpoint Security

Tracking Cybersecurity Threats in Manufacturing

Nick Holland • August 13, 2018

With the rise of the industrial internet of things comes a far broader attack surface in the manufacturing sector. Chris Morales of Vectra outlines findings of a new report on cyberattack trends in the manufacturing sector.

Compliance

HIPAA Security Rule Turns 20: It's Time for a Facelift

Marianne Kolbasuk McGee • August 10, 2018

As the HIPAA security rule turns 20, it's time for regulators to make updates reflecting the changing cyberthreat landscape and technological evolution that's happened over the past two decades, says security expert Tom Walsh.

Application Security

New Privacy Issues for Amazon

Nick Holland • August 10, 2018

An analysis of the privacy issues Amazon will face as it dives deeper into the healthcare business leads the latest edition of the ISMG Security Report. Also featured: A preview of ISMG's Security Summit in New York Aug. 14-15.

Application Security

WhatsApp: Check Point's Flaw Findings Don't Merit Patches

Jeremy Kirk • August 9, 2018

Check Point says it has found three ways to falsify messages in WhatsApp, which it claims could be employed by scammers and used to spread fake news. WhatsApp acknowledges the findings, but it will not engineer patches.

Application Security

DevSecOps: The Keys to Success

Suparna Goswami • August 9, 2018

Although there's widespread agreement that addressing security early in the software development cycle is an essential component to any breach prevention strategy, implementing DevSecOps can prove challenging.

Cybersecurity

Bitfi Gets Pwnies Award for 'Lamest Vendor Response'

Mathew J. Schwartz • August 9, 2018

Hubris has a new name: Bitfi. The cryptocurrency wallet-building company, backed by technology eccentric John McAfee, earned this year's not-so-coveted Pwnies Award for "Lamest Vendor Response" for how it mishandled security researchers' vulnerability disclosures. Bitfi has promised to do better.

APAC

China Hacking Underground Shows Rising Prowess

Jeremy Kirk • August 8, 2018

Much of the attention around Chinese hacking is directed toward advanced threat groups suspected to have links to China's government. But a new report shows that the nation's hacking goes far deeper, and there's a thriving scene that has adapted to an internet heavily controlled by the government.

Anti-Malware

The Art of the Steal: FIN7's Highly Effective Phishing

Mathew J. Schwartz • August 7, 2018

The FIN7 cybercrime gang regularly phoned victims, posing as buyers, to trick victims into opening phishing emails and attachments with malware, federal prosecutors allege. The group's success - 15 million stolen payment cards and counting - is one measure of how difficult these types of attacks are to block.

Anti-Malware

WannaCry Outbreak Hits Chipmaker, Could Cost $170 Million

Jeremy Kirk • August 7, 2018

A WannaCry outbreak has hit unpatched Windows 7 systems at Taiwan Semiconductor Manufacturing Co., crippling its factories. The world's largest chipmaker, which traced the infection to a new software tool that it failed to scan for malware before installation, says the outbreak could cost it $170 million.