Password security guidance: Do block users from picking commonly used passwords. But to avoid a usability nightmare, don't block users from picking any password that's ever been seen in a data breach, security experts advise.
A federal judge has granted preliminary approval for an amended $115 million settlement in the class action lawsuit over the 2015 cyberattack on Anthem, which resulted in a breach impacting nearly 79 million individuals. An amendment frees certain others from liability in the case.
A judge has designated the case against Marcus "MalwareTech" Hutchins, who's been accused of creating and selling the Kronos banking Trojan, as "complex" after his defense requested more time to review chat logs, malware samples and other evidence submitted by prosecutors.
The never-ending stream of bad information security news is fueling a virtual gold rush for companies offering protection. A new report from Forrester predicts a healthy growth rate over the next five years, with some specific technologies expected to see double-digit growth.
Crew error - not hacking - remains the most likely explanation for this week's deadly collision between a U.S. Navy guided-missile destroyer and a merchant oil and chemical tanker off the coast of Singapore, experts say.
Delaware has become the second state - the first was Connecticut - to require organizations to provide residents one year of free credit monitoring services if their sensitive personal information is compromised in a data breach. Will other states take similar action?
Could proposed legislation force manufacturers and healthcare entities to put more effort into bolstering the cybersecurity of medical devices? In an interview, cybersecurity expert Joshua Corman provides in-depth analysis on the movement to improve the state of medical device security.
Beyond the emotion, the arrest of security researcher Marcus Hutchins last month on charges that he developed and sold banking malware has thrust information security researchers into the legal limelight and highlighted just how much law enforcement agencies rely on them.
A report claims British intelligence agency GCHQ knew in advance that the FBI planned to arrest WannaCry "hero" Marcus Hutchins when he visited the United States for the annual Black Hat and Def Con conferences last month. The information security community asks: Is that justice?
Carbon Black rolled with the punches last week after it was accused of exposing customer data via a bug in one of its endpoint detection products. It turned out there was no bug. But the company has gone back and uncovered a bug that did expose customer data, albeit on a small scale.
Locky is back. After falling off the radar last year, the ransomware is once again being distributed via massive spam campaigns - run by the Necurs botnet - in the form of two new variants named Diablo and Lukitus.
Leading the latest edition of the ISMG Security Report: An interview with the head of a new cyber initiative to help political campaigns and local, state and federal election officials safeguard America's electoral process. Also, analyzing the evolving characteristics of the healthcare breach.
For many organizations, fighting the growing threat of ransomware doesn't necessarily have to mean investing in new technologies, says Robert Arandjelovis of Symantec.
Security vendors are known to sprinkle hyperbole among their claims. But the strategy has backfired for DirectDefense, which mistakenly cast endpoint protection vendor Carbon Black as a contributor to the "world's largest pay-for-play data exfiltration botnet."
Nationwide Mutual Insurance Co. will pay a $5.5 million settlement and update its security practices as a result of an agreement with attorneys general in 32 states and the District of Columbia in the wake of a 2012 data breach affecting more than 1.2 million individuals.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.