Breach fallout continues to mount in the aftermath of a cyberattack on cloud-based electronic health records vendor Bizmatics, which apparently affected hundreds of thousands of patients. The saga highlights important security lessons for covered entities when it comes to dealing with business associates.
The MySpace and LinkedIn data dumps have been made available by a security researcher on his website, which is perhaps the most easily accessible source for obtaining it. But does it put people at greater risk?
Would access to better information pertaining to encryption help Congress pass good crypto-related laws? That's the impetus behind a "Digital Security Commission" and a related report being hawked by some lawmakers.
An individual claiming to be the hacker who posted four healthcare databases on the dark web reveals some of his tactics. We take a close look at the risks posed to one affected clinic, which faces a ransom demand.
In a video interview, FBI supervisory special agent Dan Wierzbicki says the bureau wants to work with businesses to improve the information in its cybersecurity alerts as well as to identify threats sooner.
As many as 250,000 credentials for Remote Desktop Protocol servers around the world may have been offered for sale on the now-shuttered xDedic cybercrime marketplace. So what can organizations do to mitigate related risks and avoid a major network intrusion?
Britain's surprise vote to "Brexit" the European Union leads the ISMG Security Report. Also hear analysis on a cybercrime forum selling remote server access; Comodo being in hot water by saying "let's encrypt"; and why Facebook CEO Mark Zuckerberg covers his webcam with tape.
A hacker is reportedly selling on the dark web copies of databases stolen from three unidentified U.S. healthcare organizations and one unnamed health insurer containing data on millions of patients. Why are such postings becoming more common, and what can organizations do to avoid becoming the next victim?
Comodo made no new friends last week when it claimed that a nonprofit project, Let's Encrypt, stole its business model. Now, the digital certificate giant says it will not pursue applications aimed at securing trademarks using the phrase "Let's Encrypt."
In an in-depth interview, Michael Sentonas of breach response specialist CrowdStrike discusses how a focus on malware detection may still be leaving organizations exposed and describes the firm's new efforts in the Asia-Pacific region.
In the wake of a majority of British voters opting to leave the European Union, the U.K. Information Commissioner's Office argues that the country should still comply with the EU's data privacy rules. But will politics get in the way?
The U.S. Securities and Exchange Commission has obtained an emergency court order to freeze the assets of U.K. citizen Idris Dayo Mustapha, who it accuses of hacking into individuals' brokerage accounts to engineer and profit from stock price fluctuations.
Kaspersky Lab says that its original estimate of how many remote desktop protocol server credentials were offered for sale in the now shuttered online cybercrime marketplace xDedic may have been far too low, based on new data coming to light.
In the event of a "Brexit" - British exit - from the European Union following this week's referendum, the U.K. would likely still have to comply with EU data protection laws, but also face cybercrime-related policing and prosecution challenges.
Following the SWIFT-focused hack attacks, a U.S. government watchdog agency is auditing the Federal Reserve's effectiveness when it comes to ensuring that U.S. banks have robust information security and data breach prevention programs in place.