As if the internet of things didn't seem secure enough, now we have to worry about apps on our smartphones posing a risk too. At Black Hat Europe, researchers from Invincea Labs demonstrated zero-day flaws in Belkin's WeMo home-automation device firmware as well the WeMo Android app, which have been patched.
Will the advent of faster payments in the U.S. open new doors for fraud? Business continuity and security are priorities for the Federal Reserve, says Marianne Crowe of the Boston Fed. But independent consultant Richard Party begs the question: Is the U.S. really ready?
What are the critical elements of developing a "wartime" mindset to deal with serious cyber threats facing the healthcare sector? Find out how presenters and attendees answered this question at ISMG's Healthcare Security Summit.
DDoS attacks apparently were directed at the small west African country of Liberia from the same botnet that struck networking services provider Dyn. Were the attacks just a test for a bigger attack to come?
The ransomware-as-a-service operation known as Cerber is earning at least $200,000 per month via ransoms paid by victims, says Check Point Software Technologies' Gadi Naveh. In an audio interview, he explains that bitcoins and high levels of automation are key to the operation's success.
Microsoft says a zero-day flaw in Windows that was publicly revealed by Google - before a patch was ready - was being exploited by the Russian hacking group known as ATP28 and "Fancy Bear" via spear-phishing attacks.
As investigations into the distributed denial-of-service attack on Singaporean ISP StarHub continue, experts believe that the scale of IoT infections - needed to launch attacks of such severity - and the circumstances perpetuating it are the bigger problems.
This year, the annual Black Hat Europe conference decamps from Amsterdam to London. What's in store? Everything from mobile ransomware and quantum-resistant crypto to "ego markets" and how to turn Belkin IoT devices into launch pads for DDoS attacks.
In a sign that investigators are paying more attention to disrupting stresser/booter services, script-kiddie-friendly Hack Forums recently announced that it will be shutting down its related Server Stress Testing forum.
The latest ISMG Security Report kicks off with a bit of history: Comparing the similarities between remediating the year 2000 data problem, known as Y2K, that enterprises faced at the end of the 20th century with today's initiatives to drive IT security by modernizing information systems.
After 10 days of Microsoft not issuing an advisory or fix for a zero-day flaw found by Google that's being actively exploited in the wild, Google publicly revealed details of the flaw. But Microsoft says that puts its users at further risk.
The online advertising industry has a malware problem that, in part, has driven increased use of ad-blocking software. It's facing a complicated task: Clean up the security problems or face possible regulation.
We were promised flying cars. Instead, we get malware-infected CCTVs serving as remote launch pads for digital attacks that help criminals earn cryptocurrency by crashing large parts of the internet. But new defenses offer promise for blunting such attacks.
For healthcare information security professionals, the time has come to adopt a "wartime mindset" to ensure patient information is safeguarded from cyber threats. That's why ISMG has recruited a diverse array of experts to provide timely advice at our Healthcare Security Summit in New York Nov 1-2.