Researchers from the security firm Eclypsium have identified 40 poorly designed drivers from 20 hardware and BIOS vendors that can give attackers numerous way to hack into various versions of Windows.
An important component of building an effective cybersecurity strategy is to understand the mindset of attackers, says IBM Security's Etay Maor, who offers insights.
Big data analytics can help security professionals stay ahead of emerging challenges in a rapidly changing threat landscape, says Splunk's Haiyan Song.
The velocity of change at large corporations has made traditional IT security methods inadequate, but cloud-based solutions can play an important role, says Aaron Mog of RiskIQ.
A new professional credential aims to help healthcare organizations bolster their security leadership bench strength, says William Brad Marsh, co-chair of a committee that developed the certification.
Health IT vendor Allscripts says it has reached a preliminary $145 million settlement with the Department of Justice related to the business practices of Practice Fusion, an EHR vendor the company acquired last year. Among the issues involved are HIPAA, HITECH Act and Anti-Kickback Statute compliance.
More than two months after Microsoft issued the first warnings about the BlueKeep vulnerability, many enterprises have a spotty record when it comes to patching for this particularly worrisome flaw, new research from SecurityScorecard finds. Financial services companies have fared better than those in other sectors.
A new variant of the Ursnif Trojan is targeting vulnerable systems in an attempt to steal banking passwords and other credentials. The malware is spreading through infected Microsoft Word documents, and it has the ability to evade advanced security filters, according to security researchers at Fortinet.
Broadcom says it plans to acquire Symantec's enterprise security business for $10.7 billion in cash. The deal relieves Symantec of a business line where it faced aggressive competition. For Broadcom, it means gaining well-developed security offerings as it seeks to grow its infrastructure business.
Developing robust and resilient machine learning models requires diversity in the teams working on the models as well as in the datasets used to train the models, says Microsoft's Diana Kelley.
Organizations going through a digital transformation need to make sure they develop a sound third-party risk management strategy, says RSA's Holly Rollo, who discusses best practices.
Fortinet's FortiGuard Labs global threat research team is creating research playbooks that provide deep-dive analysis of not only threat trends, but also cybercriminal and adversary tools and techniques. Derek Manky and Tony Giandomenico discuss the playbook model and how it can help in the fight against cybercrime.
IoT, the cloud, third-party risk - we hear a lot about how the cybersecurity risk surface and threat landscape have evolved. But what about the new business demands on cybersecurity leaders? Christopher Hetner, former global CISO at GE Capital, shares insights.
The National Association of Attorneys General is urging Congress to drop the "cumbersome, out-of-date privacy rules" contained in federal regulations on substance abuse and instead apply the "effective and more familiar" HIPAA Privacy Rule to help address the opioid crisis by easing the sharing of data.
Insurer State Farm has been hit by a credential-stuffing attack designed to gain access to U.S. customers' online accounts, a company spokesperson confirms.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.