NIST Fellow Ron Ross

Changes Coming to NIST's Catalog of Security Controls

Eric Chabrow • August 22, 2017

The latest ISMG Security Report leads with information security guru Ron Ross discussing changes coming to the National Institute of Standards and Technology's catalog of IT security and privacy controls. Also, challenges facing an upgraded U.S. Cyber Command.

Anti-Malware

Creating Cyber Plan to Thwart Those Seeking to Sway Elections

Latest

Anti-Malware

Marcus Hutchins' Arrest: Did FBI Bite the Hand That Feeds?

Mathew J. Schwartz • August 22, 2017

Beyond the emotion, the arrest of security researcher Marcus Hutchins last month on charges that he developed and sold banking malware has thrust information security researchers into the legal limelight and highlighted just how much law enforcement agencies rely on them.

Breach Preparedness

Gartner's Avivah Litan on Attribution and Elections

Tom Field • August 21, 2017

As threats and threat actors multiply and evolve, digital attribution becomes ever more critical, says Gartner's Avivah Litan. She discusses how to approach attribution and also offers her take on the technologies that could help secure U.S. elections.

Anti-Malware

Report: British Officials Knew of Marcus Hutchins Arrest Plans

Mathew J. Schwartz • August 21, 2017

A report claims British intelligence agency GCHQ knew in advance that the FBI planned to arrest WannaCry "hero" Marcus Hutchins when he visited the United States for the annual Black Hat and Def Con conferences last month. The information security community asks: Is that justice?

Anti-Malware

Carbon Black: Bug Shared Content Files with VirusTotal

Jeremy Kirk • August 21, 2017

Carbon Black rolled with the punches last week after it was accused of exposing customer data via a bug in one of its endpoint detection products. It turned out there was no bug. But the company has gone back and uncovered a bug that did expose customer data, albeit on a small scale.

Anti-Malware

New Exploit Kit: A Closer Look

Joan Goodchild • August 18, 2017

The latest edition of the ISMG Security Report leads with a closer look at a new exploit kit and whether it represents a resurgence in these types of criminal packages. Also featured: a discussion of new vehicle security concerns and communications advice for CISOs.

Cybersecurity

Fresh Vehicle Hack Disables Airbags, Anti-lock Brakes

Jeremy Kirk • August 17, 2017

The 30-year-old protocol used by motor vehicle sensors to communicate may have to be rewritten following a proof-of-concept "error flooding" attack that can disable airbags, parking sensors and safety systems.

Breach Preparedness

Supply Chain Woes, Again: NetSarang Popped

Jeremy Kirk • August 16, 2017

There's little defense against software updates that have been seeded with malicious code. Kaspersky Lab says attackers planted a backdoor in software updates from network management vendor NetSarang.

CISO

3 Questions Successful Security Leaders Should Ask

Joan Goodchild • August 16, 2017

Communication consultant Michael Santarcangelo outlines three key questions CISOs should ask at the outset of any project to convey security's value and clearly set expectations

Anti-Malware

Analysis: Another Medical Device Security Issue

Joan Goodchild • August 15, 2017

In this latest edition of the ISMG Security Report we learn more about certain Siemens medical devices containing vulnerabilities that could allow hackers to remotely execute arbitrary code. Also: a report on Kaspersky Lab dropping its complaint against Microsoft and part 2 of an election security interview.

Endpoint Security

Improving the Cybersecurity of IoT, Medical Devices

Marianne Kolbasuk McGee • August 15, 2017

How could the private sector benefit from steps federal agencies are taking to improve the cybersecurity of the internet of things and medical devices? In an in-depth interview, two experts at UL who are working closely with the agencies explain the potential impact.

Breach Preparedness

Anthem Breach Lesson: Why Granular Access Control Matters

Marianne Kolbasuk McGee • August 14, 2017

Healthcare organizations can learn important lessons - including the need for granular data access control - from the costly proposed settlement of the breach lawsuit against health insurer Anthem, says Bill Fox, a former federal prosecutor.

Fraud

Texas Physician Gets 35-Year Sentence in Huge Fraud Scheme

Marianne Kolbasuk McGee • August 11, 2017

A Dallas physician has been sentenced to 35 years in federal prison and ordered to pay more than $268 million in restitution for his role in a huge Medicare and Medicaid fraud conspiracy involving billing for unnecessary home healthcare services.