NIST Fellow Ron Ross

Changes Coming to NIST's Catalog of Security Controls

Eric Chabrow • August 22, 2017

The latest ISMG Security Report leads with information security guru Ron Ross discussing changes coming to the National Institute of Standards and Technology's catalog of IT security and privacy controls. Also, challenges facing an upgraded U.S. Cyber Command.

Anti-Malware

Creating Cyber Plan to Thwart Those Seeking to Sway Elections

Latest

Breach Notification

Delaware Toughens Data Breach Notification Law

Eric Chabrow • August 23, 2017

Delaware has become the second state - the first was Connecticut - to require organizations to provide residents one year of free credit monitoring services if their sensitive personal information is compromised in a data breach. Will other states take similar action?

Endpoint Security

The Lowdown on EDR Security Software: Do You Need It?

Jeremy Kirk • August 23, 2017

EDR (endpoint response and detection) products are powerful tools that provide a play-by-play of exactly what happened on a computer during and after an attack. But the products require the right expertise to get the most value, a Gartner analyst says.

Data Breach

Alleged Yahoo 'Hacker for Hire' Waives Extradition Hearing

Mathew J. Schwartz • August 23, 2017

Canadian Karim Baratov will be extradited to the United States after waiving his right to an extradition hearing. He's accused of being a "hacker for hire" for Russia who participated in the 2014 hack attack against Yahoo that resulted in 500 million user accounts being exposed.

Anti-Malware

Marcus Hutchins' Arrest: Did FBI Bite the Hand That Feeds?

Mathew J. Schwartz • August 22, 2017

Beyond the emotion, the arrest of security researcher Marcus Hutchins last month on charges that he developed and sold banking malware has thrust information security researchers into the legal limelight and highlighted just how much law enforcement agencies rely on them.

Breach Preparedness

Gartner's Avivah Litan on Attribution and Elections

Tom Field • August 21, 2017

As threats and threat actors multiply and evolve, digital attribution becomes ever more critical, says Gartner's Avivah Litan. She discusses how to approach attribution and also offers her take on the technologies that could help secure U.S. elections.

Anti-Malware

Report: British Officials Knew of Marcus Hutchins Arrest Plans

Mathew J. Schwartz • August 21, 2017

A report claims British intelligence agency GCHQ knew in advance that the FBI planned to arrest WannaCry "hero" Marcus Hutchins when he visited the United States for the annual Black Hat and Def Con conferences last month. The information security community asks: Is that justice?

Anti-Malware

Carbon Black: Bug Shared Content Files with VirusTotal

Jeremy Kirk • August 21, 2017

Carbon Black rolled with the punches last week after it was accused of exposing customer data via a bug in one of its endpoint detection products. It turned out there was no bug. But the company has gone back and uncovered a bug that did expose customer data, albeit on a small scale.

Anti-Malware

New Exploit Kit: A Closer Look

Joan Goodchild • August 18, 2017

The latest edition of the ISMG Security Report leads with a closer look at a new exploit kit and whether it represents a resurgence in these types of criminal packages. Also featured: a discussion of new vehicle security concerns and communications advice for CISOs.

Cybersecurity

Fresh Vehicle Hack Disables Airbags, Anti-lock Brakes

Jeremy Kirk • August 17, 2017

The 30-year-old protocol used by motor vehicle sensors to communicate may have to be rewritten following a proof-of-concept "error flooding" attack that can disable airbags, parking sensors and safety systems.

Breach Preparedness

Supply Chain Woes, Again: NetSarang Popped

Jeremy Kirk • August 16, 2017

There's little defense against software updates that have been seeded with malicious code. Kaspersky Lab says attackers planted a backdoor in software updates from network management vendor NetSarang.

CISO

3 Questions Successful Security Leaders Should Ask

Joan Goodchild • August 16, 2017

Communication consultant Michael Santarcangelo outlines three key questions CISOs should ask at the outset of any project to convey security's value and clearly set expectations

Anti-Malware

Analysis: Another Medical Device Security Issue

Joan Goodchild • August 15, 2017

In this latest edition of the ISMG Security Report we learn more about certain Siemens medical devices containing vulnerabilities that could allow hackers to remotely execute arbitrary code. Also: a report on Kaspersky Lab dropping its complaint against Microsoft and part 2 of an election security interview.