Then President-elect Donald Trump meets President Barack Obama in the White House on Nov. 10, 2016.

Trump Pulls Gloves Off on Offensive Cyber Actions

Jeremy Kirk • August 17, 2018

U.S. President Donald Trump signed a presidential order on Wednesday that revokes a set of Obama-era guidelines for offensive cyber operations, The Wall Street Journal reports. The policy change may satisfy critics who contend the U.S. should be able to move faster, but it raises risks of escalating cyber conflict.

Finance

The Art of the Steal: FIN7's Highly Effective Phishing

Latest

Cybercrime

Australian Teenager Pleads Guilty to Hacking Apple

Mathew J. Schwartz • August 17, 2018

An Australian teenager was such a fan of Apple that he hacked into the technology giant's mainframe, according to media reports. The teen has pleaded guilty to stealing 90 GB of sensitive information. But Apple says no customers' personally identifiable information was exposed.

Artificial Intelligence & Machine Learning

Planning for the Shifting Threat Landscape

Varun Haran • August 17, 2018

The best way to take a holistic approach to the current threat landscape is to define security issues as business problems and then put the problem before the solution - not the other way around, contends RSA CTO Zulfikar Ramzan.

Anti-Malware

Fighting Sandbox-Evading Malware

Varun Haran • August 17, 2018

Malware detection needs to shift to detecting anomalous behavior, rather than depending on signature-based detection technologies to deal with such threats as sandbox-evading malware, says Verizon's Ashish Thapar.

Data Breach

The Industrial Internet of Things: Emerging Risks

Nick Holland • August 17, 2018

Leading the latest edition of the ISMG Security Report: Chris Morales of the cybersecurity firm Vectra discusses how the industrial internet of things is changing the nature of industrial espionage and disruption.

Next-Generation Technologies & Secure Development

Analysis: Updates to STIX, TAXII Standards

Varun Haran • August 16, 2018

The STIX and TAXII standards for threat intel interchange have undergone a major upgrade to v2.0. LookingGlass CTO Allan Thomson, who's been closely involved in its development, describes the role of these enhanced standards.

ATM Fraud

FBI Warns Of Pending Large Scale ATM Cashout Strike

Jeremy Kirk • August 14, 2018

The FBI warns that cybercriminals are planning a large-scale operation aimed at emptying ATMs, a type of attack that has caused swift and costly losses for financial institutions. The attack may utilize data from a breach of an unknown card issuer, the FBI says.

Endpoint Security

Tracking Cybersecurity Threats in Manufacturing

Nick Holland • August 13, 2018

With the rise of the industrial internet of things comes a far broader attack surface in the manufacturing sector. Chris Morales of Vectra outlines findings of a new report on cyberattack trends in the manufacturing sector.

Compliance

HIPAA Security Rule Turns 20: It's Time for a Facelift

Marianne Kolbasuk McGee • August 10, 2018

As the HIPAA security rule turns 20, it's time for regulators to make updates reflecting the changing cyberthreat landscape and technological evolution that's happened over the past two decades, says security expert Tom Walsh.

Application Security

New Privacy Issues for Amazon

Nick Holland • August 10, 2018

An analysis of the privacy issues Amazon will face as it dives deeper into the healthcare business leads the latest edition of the ISMG Security Report. Also featured: A preview of ISMG's Security Summit in New York Aug. 14-15.

Application Security

DevSecOps: The Keys to Success

Suparna Goswami • August 9, 2018

Although there's widespread agreement that addressing security early in the software development cycle is an essential component to any breach prevention strategy, implementing DevSecOps can prove challenging.

Cybersecurity

Bitfi Gets Pwnies Award for 'Lamest Vendor Response'

Mathew J. Schwartz • August 9, 2018

Hubris has a new name: Bitfi. The cryptocurrency wallet-building company, backed by technology eccentric John McAfee, earned this year's not-so-coveted Pwnies Award for "Lamest Vendor Response" for how it mishandled security researchers' vulnerability disclosures. Bitfi has promised to do better.

Cybercrime

Political Play: Indicting Other Nations' Hackers

Mathew J. Schwartz • August 8, 2018

Espionage: Every nation does it. But for nation-state hacking that targets intellectual property or interference in political affairs, the U.S. has been using criminal indictments against individuals as a diplomatic way of saying: "We see what you're doing, now knock it off." But does it work?