The latest edition of the ISMG Security Report offers an analysis of how French cyber police disrupted a cryptomining malware gang. Also featured: Apple's botched patching of a jailbreaking vulnerability; an industry veteran's insights on battling payment card fraud.
Artificial intelligence and machine learning must be judiciously used, such as when monitoring internet of things devices, says David De Roure, professor of e-research at the University of Oxford, who offers insights on IoT risk management.
French police say they've disrupted the operations of the Retadup malware gang by subverting attackers' command-and-control infrastructure to delete the malicious code from 850,000 infected PCs and servers worldwide. The move came after police received a tip and technical assistance from security firm Avast.
Facebook won a victory in Germany after a court suspended an order from the Federal Cartel Office that sought to prohibit the social network from aggregating personal data from other services and sources. The Cartel Office plans to appeal the ruling.
Sweden's Data Protection Authority has issued its first fine for violations of the European Union's General Data Protection regulation after a school launched a facial recognition pilot program to track students' attendance without proper consent.
Apple released a patch on Monday that fixes a bug it accidentally reintroduced in a previous patch update. The flaw allowed iOS enthusiasts to jailbreak their up-to-date devices, but also could have been put to malicious use by hackers.
With new threats targeting the nation's critical infrastructure, partnerships among government and private-sector security professionals are more critical than ever, says Brian Harrell of the new U.S. Cybersecurity and Infrastructure Security Agency.
Third-party vendor risk continues to pose a security challenge to organizations. Despite many having formal policies for managing third-party risk, almost half of organizations say they've suffered a data breach that traces to a third-party vendor, says Mark Sangster of eSentire.
Organizations need to create a "defensible" cybersecurity program that has a mandate and executive endorsement, says Gartner's Tom Scholtz. I. Here are some points to keep in mind when drafting a program.
Patch or perish redux: Hackers are unleashing automated attacks to find and exploit known flaws in SSL VPNs manufactured by Fortinet and Pulse Secure to steal passwords. The exploits come despite both vendors having released patches several months ago - Pulse Secure in April, Fortinet in May.