Microprocessor makers Intel, ARM and AMD, as well as operating system and software developers and makers of smartphones and other devices, are rushing to prep, test and ship fixes for the serious CPU flaws exploitable via Meltdown and Spectre attacks.
"Replace CPU hardware" might be the only full solution listed by CERT/CC for serious flaws in microprocessors that run millions of PCs, cloud services, servers, smartphones and other devices. Thankfully, many security experts believe patches and workarounds will mostly suffice.
Ransomware has ascended, by some estimates, to a $1 billion industry. Although the FBI advises against paying ransoms, some organizations see it as the quickest way to recovery. Michael Viscuso of Carbon Black says that the larger problem is a failure to defend networks.
From worsening ransomware attacks to deepened concerns about external digital risk, former AT&T CISO Ed Amoroso says 2018 will be a challenging year, and security teams need to be building out their resiliency plans to prepare for what's ahead.
Simulated attacks by an information security testing firm have found that fresh WannaCry, NotPetya and EternalRocks would still rip through many an enterprise network. Here's how organizations must respond.
Ensuring the integrity of data generated and emitted by medical devices is a growing concern as cyber threats advance, says cybersecurity expert Kevin Fu, who also discusses concerns about consumer-wearable health devices.
Internet of things security alert: An attacker has been attempting to infect hundreds of thousands of Huawei home routers with a variant of the notorious Mirai malware called Satori, security researchers warn. Huawei has confirmed the flaw and issued patches and workarounds for affected users.
Nissan Canada Finance, which provides financing for Nissan and Infiniti vehicle buyers and leasers, is warning 1.13 million current and former customers that their personal information may have been stolen.
New York-Presbyterian has more than 72,000 medical devices from over 1,400 manufacturers, says CISO Jennings Aske. Given that scale, how can a security leader help ensure device cybersecurity? Aske shares his view of what's needed from manufacturers and the government.
Following the success of Russian offensive cyber operations, other countries will likely be testing their capabilities, says FireEye's Bryce Boland, who predicts nation-state attacks will become more common in 2018.
So what actions can we expect in 2018 from the Department of Health and Human Services' Office for Civil Rights as it enforces the HIPAA privacy, security and breach notification rules? Making a prediction is difficult, given all the changes at HHS.
The U.S. Food and Drug Administration issued cybersecurity expectations for manufacturers of medical devices. But ow are those expectations being met, and what is the FDA's ongoing role in improving device security? The FDA's Suzanne Schwartz offers an update.
It's been seven years since Dale Nordenberg, a pediatrician, became involved in the drive to improve medical device security. What progress does he see among manufacturers, government agencies and healthcare providers?
Two London-based Romanians recently arrested in Bucharest as part of a roundup of alleged ransomware attackers have been accused of hacking into Washington surveillance cameras and using them as a launchpad for Cerber and Dharma ransomware attacks.
An assessment on whether North Korea is behind the WannaCry ransomware attacks leads the latest edition of the ISMG Security Report. Also, the co-author of NIST's revised Trustworthy Email special publication discusses changes in the guidance.