Anti-virus lab at Kaspersky Lab's Moscow headquarters. (Photo: Alexxsun, via Creative Commons)

Kaspersky Lab Debate: Put Up or Shut Up

Mathew J. Schwartz • September 20, 2017

Information security professionals to the U.S. government: Please put up or shut up over Moscow-based cybersecurity firm Kaspersky Lab, by either showing evidence that others can independently judge, or else dropping your vague insinuations.

Breach Notification

Equifax Disputes Report of Undisclosed Breach From March

Breach Preparedness

Latest

CISO

Why Adding Technical Experts to Boards Is Urgent

Tracy Kitten • September 20, 2017

Given the current threat environment, it's urgent that organizations add technical experts to their boards of directors to help ensure the development of effective cybersecurity strategies, says Art Coviello, retired chairman of RSA.

Fraud

Visa on Growth of Card-Not-Present Fraud

Tom Field • September 19, 2017

Canada led North America in EMV adoption, and now it is seeing a commensurate growth in card-not-present fraud. Gord Jamieson of Visa Canada describes how Visa is responding to this latest wave of CNP fraud.

Breach Response

Do CISOs Need IT or InfoSec Academic Credentials?

Eric Chabrow • September 19, 2017

In the latest edition of the ISMG Security Report: a look at the former Equifax chief information security officer and whether her lack of academic credentials in IT or IT security is relevant to the massive breach at the credit reporting agency.

Anti-Malware

Avast Distributed Trojanized CCleaner Windows Utility

Mathew J. Schwartz • September 18, 2017

For one month, the installer for a widely used, free Windows utility called CCleaner also installed a malicious payload that was designed to allow attackers to push additional malware onto infected PCs, warns Cisco Talos. Developer Piriform, owned by Avast, has released updates that expunge the malware.

Anti-Malware

CDDC: One Secure Screen for Classified, Secret and Public Networks

Jeremy Kirk • September 15, 2017

Researchers in Australia says they've conquered a thorny problem: how to view information stored on multiple air-gapped networks at the same time without security or usability concerns. They've created a device, called the Cross Domain Desktop Compositor, that's been tested by the Australian Department of Defense.

Anti-Malware

Kaspersky Software Ordered Removed From US Gov't Computers

Eric Chabrow • September 13, 2017

The Trump administration is directing U.S. federal executive branch agencies to remove anti-virus software from Russian-owned Kaspersky Lab from their computers within 90 days. Kaspersky denies "inappropriate" ties to Russian government.

Breach Notification

Equifax's Latest Data Breach: Argentina

Jeremy Kirk • September 13, 2017

Equifax has a new problem on its hands: Argentina. Investigators with security consultancy Hold Security discovered that Equifax's Argentina website exposed national identity numbers for at least 14,000 citizens. But the information exposure may be far more extensive.

Breach Notification

Equifax CEO: 'We Will Make Changes'

Mathew J. Schwartz • September 13, 2017

What do you do if you're the CEO of a credit bureau that's suffered a massive breach, leading to Congressional probes, dozens of lawsuits, formal investigations by state attorneys general and calls for your resignation? Answer: Issue an apology via USA Today.

Cybersecurity

Don't Delay: Replace Symantec TLS/SSL Certs Now

Jeremy Kirk • September 12, 2017

A major operation to cleanse websites of digital certificates created under questionable circumstances is underway. Google has issued the orders: Purge digital certificates that were issued by Symantec before June 1, 2016.

Breach Notification

Complying with Australia's Breach Notification Mandates

Geetha Nandikotkur • September 12, 2017

To prepare to comply with Australia's new breach notification law, which goes into effect in February, organizations should start reviewing their cybersecurity posture and incidence response mechanisms, says Leonard Kleinman, RSA's chief cybersecurity advisor-APJ.

Breach Notification

Taking a Deep Dive Into the Equifax Breach

Eric Chabrow • September 12, 2017

A detailed analysis of the Equifax breach highlights the latest edition of the ISMG Security Report. Also, an update on Russia exploiting social media to influence the 2016 presidential vote.

Breach Response

Cynic's Guide to the Equifax Breach: Nothing Will Change

Mathew J. Schwartz • September 12, 2017

If the Equifax breach turns out like every other massive data breach we've seen for more than a decade, after a big brouhaha - from Congress, state attorneys general, consumer rights groups and class-action lawsuits - nothing will change, because that would require Congress to give Americans more privacy rights.