This edition of the ISMG Security Report features an analysis of the very latest ransomware trends. Also featured: Discussions of Microsoft's move to DNS over HTTPS and strategies for tackling IoT security challenges.
In the wake of Google's plan to buy Fitbit, two U.S. senators have introduced legislation that aims to protect the privacy of consumer health data collected on wearable devices. Meanwhile, a House committee is scrutinizing the healthcare system Ascension's sharing of patient data with Google.
While IoT devices are entering enterprises at a rapid pace, the security practices around them are as much as 20 years behind those for enterprise computing, says Sean Peasley of Deloitte, who outlines steps organizations can take to ensure safe IoT computing.
Mobile technology allows customers complete control over their banking security via their smartphones, however recent fraud cases have seen criminals virtually hijacking mobile phones to intercept alerts and texts.
A bill passed by a committee last week and sent to the U.S. House floor would empower two federal agencies to investigate vulnerabilities in voting equipment and propose new ways to better protect it from attack.
A House impeachment hearing has revealed that President Donald Trump spoke by phone with a key ambassador - who was sitting in a Kiev restaurant - about "investigations." If that mobile phone call was unsecured, security experts say, foreign intelligence agencies could have intercepted it.
There are robust and detailed discussions in cybercriminal forums on how to attack modern vehicles, seeking clandestine methods to steal cars, says Etay Maor of IntSights. Luckily, hackers aren't aiming to remotely trigger an accident, but there are broader concerns as vehicles become increasingly computerized.
In June, I wrote an in-depth story about how millions of Instagram users worldwide under 18 years old were exposing their email addresses, phone numbers or both. Instagram has finally made a change to address the issue - but it doesn't go far enough.
Federal prosecutors have charged a Long Island company, along with seven of its employees, with selling vulnerability-laden Chinese technology to the U.S. military and other agencies for a decade and passing the gear off as American made.
In December, PCI SSC plans to publish a new standard for solutions that enable "tap and go" transactions on merchant smartphones and other commercial off-the shelf mobile devices. Troy Leach, the council's CTO, offers insights on the role the standard will play in enhancing security for smaller merchants.
A handful of common lures still have astounding success in compromising computers: phishing emails, malicious links and the king of them all: the malicious Microsoft Office document. But Microsoft is introducing virtualized containers in Office 365, which will isolate untrusted documents.
Say hello to NortonLifeLock, as Symantec anti-virus for consumers is no more, following the sale of Symantec's enterprise assets and name to Broadcom for $10.7 billion. But can the new, pure-play consumer "cyber safety" business succeed where the combined consumer and enterprise business previously stumbled?