Latest

Cybersecurity

Fresh Vehicle Hack Disables Airbags, Anti-lock Brakes

Jeremy Kirk  •  August 17, 2017

The 30-year-old protocol used by motor vehicle sensors to communicate may have to be rewritten following a proof-of-concept "error flooding" attack that can disable airbags, parking sensors and safety systems.

Breach Preparedness

Supply Chain Woes, Again: NetSarang Popped

Jeremy Kirk  •  August 16, 2017

There's little defense against software updates that have been seeded with malicious code. Kaspersky Lab says attackers planted a backdoor in software updates from network management vendor NetSarang.

CISO

3 Questions Successful Security Leaders Should Ask

Joan Goodchild  •  August 16, 2017

Communication consultant Michael Santarcangelo outlines three key questions CISOs should ask at the outset of any project to convey security's value and clearly set expectations

Anti-Malware

Analysis: Another Medical Device Security Issue

Joan Goodchild  •  August 15, 2017

In this latest edition of the ISMG Security Report we learn more about certain Siemens medical devices containing vulnerabilities that could allow hackers to remotely execute arbitrary code. Also: a report on Kaspersky Lab dropping its complaint against Microsoft and part 2 of an election security interview.

Breach Notification

Creating Cyber Plan to Thwart Those Seeking to Sway Elections

Eric Chabrow  •  August 11, 2017

Leading the latest edition of the ISMG Security Report: An interview with the head of a new cyber initiative to help political campaigns and local, state and federal election officials safeguard America's electoral process. Also, analyzing the evolving characteristics of the healthcare breach.

Anti-Malware

Here's How Ugly Infosec Marketing Can Get

Jeremy Kirk  •  August 10, 2017

Security vendors are known to sprinkle hyperbole among their claims. But the strategy has backfired for DirectDefense, which mistakenly cast endpoint protection vendor Carbon Black as a contributor to the "world's largest pay-for-play data exfiltration botnet."

Anti-Malware

Backstory on Arrest of Marcus Hutchins

Eric Chabrow  •  August 8, 2017

The latest edition of the ISMG Security Report leads with a report on the charges brought against Marcus Hutchins, the "accidental hero" who stoped the WannaCry malware outbreak. Also featured: reports on advances in attribution and new legislation to secure vulnerable medical devices.

Cybersecurity

US Army Nixes Use of DJI Drones Over Cybersecurity Concerns

Jeremy Kirk  •  August 7, 2017

The U.S. Army will immediately stop using drones made by the world's largest manufacturer, DJI of China, and has ordered that batteries and storage media be removed and applications uninstalled.

Data Breach

Admitted Russian Botnet Herder Receives 4-Year US Sentence

Mathew J. Schwartz  •  August 4, 2017

Maxim Senakh, who was extradited from Finland to the United States to face charges related to Ebury botnet attacks, has been sentenced to serve nearly four years in federal prison, after which he will be deported to his native Russia.

Anti-Malware

Battling Russian Hackers in US Courtrooms

Eric Chabrow  •  August 4, 2017

The front line to battle Russian hackers is shifting to American courts, according to the lead story in the latest edition of the ISMG Security Report. Also, malware targets Apple's operating system and a preview of the ISMG Fraud and Breach Prevention Summit in New York.

Anti-Malware

Spanish Court Approves Suspected Hacker's Extradition

Mathew J. Schwartz  •  August 3, 2017

Spain has approved a U.S. extradition request for Russian national Stanislav Lisov, who's been charged with helping to organize and profit from a prolific banking Trojan called Neverquest. He's the latest in a long line of suspected Russian hackers to be detained while vacationing abroad.

Data Breach

Here Are 306 Million Passwords You Should Never Use

Jeremy Kirk  •  August 3, 2017

Security expert Troy Hunt has released a massive data set of compromised passwords that's intended to help web services steer users away from picking those that have already been exposed in data breaches.