Publicis Groupe CISO Thom Langford discusses how best to measure your organization's true risk appetite and the business value of blending storytelling techniques into your security awareness programs.
The Mirai botnet is just the most high-profile example of the new weaponization of DDoS. Attacks are stronger than ever, and multilayer defenses are needed to prevent disruption and distraction, says Darren Anstee of Arbor Networks.
From nation-states to organized crime and malicious insiders, organizations are under siege from a variety of adversaries and threats. But how do they focus on the ones that matter most? James Lyne of Sophos offers insight.
The FBI says reported losses due to internet crime last year totaled $1.3 billion, based on nearly 300,000 complaints logged with its Internet Complaint Center. It warns that CEO fraud, ransomware, tech-support fraud and extortion are becoming increasingly prevalent.
In an in-depth interview, Guru Bhat, head of engineering at PayPal, describes how the online payments provider has used a mix of sophisticated automation, including machine learning, and human insight to maintain a fraud loss rate of just 0.32 percent.
The back story behind the ransom attack that led to the unauthorized early release of the Netflix series "Orange Is the New Black" is a cautionary tale in dealing with cyber extortionists such as The Dark Overlord.
Good news: Exploits kits are in decline, thanks to concerted efforts to disrupt their efficacy. Unfortunately, criminals are diversifying their attacks, focusing more on social engineering - including tech-support scams - and malicious spam campaigns.
Microsoft has sought to get in front of a brewing controversy over whether it unfairly disables third-party anti-virus products in Windows 10. The company is seeking to dampen charges that are reminiscent of its years-long legal tangles with global antitrust regulators.
One month after the SMB-targeting WannaCry worm outbreak began spreading globally, Honda discovered fresh infections at multiple facilities, and was forced to temporarily idle one plant as a result of the ransomware.
South Korean web hosting firm Nayana has agreed to pay attackers a record-shattering $1 million to unlock 153 Linux servers crypto-locked by ransomware. Security researchers say the infection was likely exacerbated by the company running ancient versions of the Linux kernel, as well as Apache and PHP.
Writing the obituary for the lifeless Neutrino exploit kit leads the latest edition of the ISMG Security Report. Also, judging the value of the Department of Health and Human Services' wall-of-shame website of healthcare sector breaches.
A new dump from WikiLeaks has revealed an apparent CIA project - code named "CherryBlossom" - that since 2007 has used customized, Linux-based firmware covertly installed on business and home routers to monitor internet traffic and exploit targets' devices.
GDPR is in effect, and in one year, regulators will start to assess penalties against enterprises not in conformance with the regulation. How prepared are entities? Will it take a high-profile penalty to get the world's attention? Michael Hack of Ipswitch weighs in.