Latest

Authentication

HSBC Experiences Voice Biometrics Telephone Banking Fail

Mathew J. Schwartz  •  May 23, 2017

Voice biometrics: Is it good enough to protect people's bank accounts? Also, the ISMG Security Report goes to Belfast, Northern Ireland, for this year's OWASP AppSec Europe conference, including a visit to the Titanic museum - hopefully not a metaphor for the discipline.

Big Data

Why Big Data, Machine Learning Are Critical to Security

Varun Haran  •  May 23, 2017

Big data and machine learning will play increasingly critical roles in improving information security, predicts Will Cappelli, a vice president of research at Gartner, who describes the reasons why.

Data Breach

After Outlasting Sweden, WikiLeaks Founder's Fate Murky

Jeremy Kirk  •  May 22, 2017

Sweden has ended a seven-year rape investigation against WikiLeaks founder Julian Assange. But it's far from the end of the legal troubles for the man whose spilling of secrets has shaped world politics.

Ransomware

Beyond Patch Management: Ransomware Mitigation Strategies

Marianne Kolbasuk McGee  •  May 19, 2017

Beyond improving their patch management practices, what else can organizations do to avoid falling victim to ransomware attacks such as WannaCry? Security expert Doug Copley offers advice.

ATM Fraud

Police Bust ATM Black Box Hacking Suspects

Mathew J. Schwartz  •  May 18, 2017

Police in Europe have arrested 17 suspects as part of an EU-wide investigation into ATM black box attacks, Europol says. These "jackpotting" or "cash-out" attacks use rogue hardware to trick ATMs into dispensing all of their cash on demand.

Legislation

'PATCH Act' Aims to Help Prevent Cyberattacks

Jeremy Kirk  •  May 18, 2017

New legislation calls for an overhaul of the federal government's software vulnerability disclosure policies following the ransomware outbreak that was fueled by the leak of a stolen National Security Agency cyberweapon.

Cloud Computing

Modernizing Government Technology Act Passes House

Eric Chabrow  •  May 18, 2017

The House of Representatives has passed the Modernizing Government Technology Act, which supporters contend could help improve the security of the government's information networks. "It will keep our digital infrastructure safe from cyberattacks while saving billions of dollars," says bill sponsor Rep. Will Hurd.

Endpoint Security

GAO Assesses IoT Vulnerabilities

Marianne Kolbasuk McGee  •  May 17, 2017

Internet of things devices are vulnerable to an array of potential cyberattacks, including zero-day exploits, distributed denial-of-service attacks and passive wiretapping, according to a new GAO report, which cites mitigation advice from experts.

Anti-Malware

Assistant to the President Makes Bold Cybersecurity Declaration

Eric Chabrow  •  May 16, 2017

The words of Assistant to the President Thomas Bossert, who boldly pledges to outdo previous administrations on improving federal government cybersecurity, lead the latest edition of the ISMG Security Report. Also, Microsoft's exasperation with the NSA over WannaCry ransomware.

Ransomware

Disney Is the Latest Cyber Extortion Victim

Mathew J. Schwartz  •  May 16, 2017

Disney is reportedly being targeted by cyber-extortionist hackers who have threatened to release a stolen, prerelease copy of the movie studio's fifth "Pirates of the Caribbean" film unless they receive a ransom, payable in bitcoins.

Endpoint Security

Post-WannaCry, Microsoft Slams Spy Agency Exploit-Hoarding

Jeremy Kirk  •  May 15, 2017

Microsoft's chief legal officer has slammed U.S. spy agencies, warning that civilians are at risk if governments stockpile libraries of software vulnerabilities that eventually fall into the hands of cybercriminals.

Business Continuity/Disaster Recovery

Ransomware: Your Money or Your Life

Mathew J. Schwartz  •  May 15, 2017

Criminals have long aimed to separate people from their possessions. So for anyone who follows ransomware, the WannaCry outbreak won't come as a shock. Nor will longstanding advice for surviving ransomware shakedowns: Prepare, or prepare to pay.