If leading intelligence agencies can seemingly hack a wide variety of IT gear, what hope is there for enterprise security? Experts describe how organizations should respond to the recent dump of attack tools from the Equation Group, which is widely believed to be tied to the NSA.
Ashley Madison, the extramarital online hookup service breached by attackers in 2015, has agreed to bolster its information security and data retention practices after regulators in Australia and Canada ruled that the site violated local privacy laws.
By nature of its name and reputation, the so-called "dark web" has acquired a unique reputation. Danny Rogers of Terbium Labs discusses some of the key myths and realities about the dark web, as well as how organizations should monitor it.
Many organizations take months or years to discover they've been victimized by breaches because they lack experienced cybersecurity personnel, says employment researcher David Foote. The "maturing of the workforce" will take considerable time, he says in an interview.
In this video interview, Global Cyber Alliance CEO Phil Reitinger explains how the vastness and complexity of the internet creates cyber vulnerabilities, but one day those same characteristics, if used properly, could mitigate cyber threats.
Epic Games is warning of another data breach - its second in 13 months - involving several of its forums and affecting about 808,000 accounts. Attackers appear to have exploited a SQL vulnerability in Epic's vBulletin forum software.
The Equation Group tools released by the Shadow Brokers have revealed that the U.S. National Security Agency has been able to decrypt any traffic sent using a Cisco PIX device. While Cisco no longer supports the devices, more than 15,000 remain in use.
Eighty percent of the Android ecosystem - an estimated 1.4 billion devices - is vulnerable to an attack affecting TCP. While the flaw has been patched in Linux, Android remains vulnerable, although Google is aware of the issue.
USB devices and ports pose serious risks, and they aren't going away anytime soon. But researchers say they've developed a way to block malicious actions by USB devices to help prevent attacks such as "BadUSB."
Retailer Eddie Bauer is warning customers that their payment card data may have been compromised by point-of-sale malware during a six-month attack. The warning follows HEI Hotels & Resorts disclosing a 15-month malware attack affecting 20 locations.
Police have arrested an employee of U.K.-based accountancy and business software developer Sage Group after a data breach. Meanwhile, a report has emerged that some customers are using its software in an unsecured manner.
Medical device cybersecurity must be recognized as a critical public health issue so that all segments of the healthcare sector understand their roles in addressing the many complicated challenges involved, says Dale Nordenberg, M.D., of the Medical Device Innovation, Safety and Security Consortium.
In an in-depth interview, Ron Ross of the National Institute of Standards and Technology explains pending revisions of guidance on how organizations outside the U.S. government should protect sensitive federal data.