In his eight years in the White House, former President Barack Obama made cybersecurity a priority. But will his legacy be his administration's various IT security initiatives or the damaging breaches that occurred during his tenure? That's the lead story in the latest edition of the ISMG Security Report.
Donald Trump's inauguration has led to a call for a mass online protest of questionable legality designed to "occupy" the White House website. Separately, Anonymous has threatened Trump with "regret" and promised to unearth compromising information.
The number of reported U.S. data breaches hit an all-time high in 2016, according to Identity Theft Resource Center. But for half of all breaches, the number of exposed records isn't known. And what about all of the breaches that just haven't come to light?
As President Trump delivered his inaugural address, the White House transitioned its website from the Obama to the Trump administration. Immediately, Trump's team posted a series of position papers, including one that addressed - albeit briefly - cybersecurity.
Say hello to Fruitfly, the first piece of Mac malware to be discovered this year. The two-year-old malicious code is odd - it includes code that dates from the late 1990s - and appears to be designed to exploit biomedical institutions via targeted attacks.
College student Zachary Shames, who's pleaded guilty to developing and selling Limitless Logger spyware, was outed to the FBI by security firm Trend Micro after Shames failed to compartmentalize his online activities. Turns out hiding your identity online is harder than it might appear.
In its second HIPAA enforcement action for 2017, HHS has slapped an insurer with a $2.2 million settlement in the wake of a relatively small breach, citing the company's lack of timely corrective action.
Information security researchers have charted a steep decline in Locky ransomware and Dridex banking Trojan distribution in recent weeks. While that's good news, it may only reflect that a cybercrime gang is on vacation.
A small Indiana charity that provides support services to cancer patients is the latest apparent victim of a hacker identified as "TheDarkOverlord," an extortionist who has been tormenting the healthcare sector since last summer. But the organization is refusing to pay a ransom to retrieve lost data.
In a reminder that healthcare organizations continue to be targeted by more than just crypto-locking extortionists, a cyberattack against an NHS trust didn't involve ransomware - as some initial reports suggested - but rather a never-before-seen Trojan.
Dutch police reveal they arrested an e-commerce website developer on charges of installing backdoors that allowed him to siphon 20,000 email addresses and passwords, which he then allegedly used to commit fraud using some old-school tactics.
Critical issues that must be addressed to pave the way for broader exchange of health information are expanding the use of multifactor authentication and data encryption and making broad improvements in identity management, says David Kibbe, M.D., president and CEO of DirectTrust.
Malware designed to get ATMs to spit out their cash - advanced when it first debuted - has been upgraded, according to a report from FireEye. Now, the Ploutus-D malware talks to legitimate ATM middleware, enabling it to target machines from 40 vendors. What does this mean for financial institutions?
A researcher claims WhatsApp has dismissed his finding that there's a backdoor in the application that could allow attackers to unlock encrypted messages. But the controversy is more nuanced - and for most of us, much less threatening - than it might first appear.
Yet another study reveals that millions of people are picking weak passwords, with "123456" remaining our collective favorite. Rules requiring stronger passwords and not forcing passwords to expire both could help boost security.