Attackers exploiting a buffer overflow in WhatsApp's signaling software to automatically infect devices with malware - without users even having to answer their phone - and then alter call logs to hide attack traces is "a bit of a nightmare scenario," says cybersecurity expert Alan Woodward.
The indictment of two Chinese men for a 2014 cyberattack on health insurer Anthem that compromised information on nearly 80 million individuals contains extensive details about the incident that security professionals can use to help with their breach prevention strategies.
The FBI and the Department of Homeland Security have issued a joint warning about new malware called "Electricfish." Investigators suspect it was developed by the advanced persistent threat group Hidden Cobra, which has been linked to North Korea.
In a surprise turn of events, Symantec's CEO, Greg Clark, resigned on Thursday, the same day that the company reported that it had missed earnings estimates. The value of the anti-virus company's stock dropped almost 13 percent on Friday.
The latest edition of the ISMG Security Report analyzes the FBI takedown of DeepDotWeb, a dark net portal. Also featured are discussions on healthcare app security and the repercussions of poor coding security.
Traditionally, enterprises have built networks and then added security elements. But in what he describes as "the third generation of security," Fortinet's John Maddison promotes a model of security-driven networking. Hear how this can improve an organization's security posture.
The "Fxmsp" hacker collective has been advertising source code that it claims to have stolen from three top U.S. anti-virus software development firms, as well as remote access to the companies' neworks, warns fraud-prevention firm Advanced Intelligence.
A Chinese hacking group was using exploits and tools developed by the NSA months before the tools were released by another group, Symantec says in a new report. The surprising report deepens the mystery around an extraordinary situation in which the U.S.'s most effective cyberweapons were compromised.
With today's challenges from an increasingly hostile threat landscape, combined with a lack of people, expertise, and budget, organizations are driving toward optimizing their SIEM and SOAR solutions in order to get the highest return their investment. Of the greatest areas of unmet need with SIEM and SOAR solutions,...
When a healthcare provider develops its own applications that handle patient data, it must take critical steps to safeguard protected health information and ensure HIPAA compliance, says privacy attorney Adam Greene.
With cyberattacks, online espionage and data breaches happening at a seemingly nonstop pace, Western intelligence agencies are bringing many of their capabilities out of the shadows to help businesses and individuals better safeguard themselves and respond. We need all the help we can get.
New exploits released online that target long-known configuration weaknesses in SAP's NetWeaver platform could pose risks to payroll, invoicing and manufacturing processes, according to researchers at Onapsis. As many as 50,000 companies could be vulnerable.
Enterprises today have many digital ways of interacting with their customers - and therefore just as many ways for authenticating those users and transactions. Sesh Venkataraman of CA Technologies explains the business value of omnichannel authentication solutions.
Federal regulators and medical device maker Philips have issued alerts about a security vulnerability in the company's Tasy electronic medical records system that could put patient data at risk. How common is this type of vulnerability?
The U.S. Department of Homeland Security is requiring that federal agencies speed up patching and remediating "critical" and "high" software vulnerabilities. Security experts say this change is long overdue. But does it go far enough?