How to Achieve Ransomware Recovery — Without Paying Ransom
Without a ransomware recovery strategy, companies sometimes end up paying to retrieve their data after an attack. At the same time, threat actors are growing more sophisticated in their ability to bypass both antivirus and anti-ransomware tools — thus, they’re also growing bolder. To stay ahead of the curve, organizations will need to develop more…
Ransomware Attack Hits Health Firm LabCorp
LabCorp, a company that provides “diagnostic, drug development and technology-enabled solutions for more than 115 million patient encounters per year,” serves hundreds of thousands of customers nationwide and processes tests on more than 2.5 million patient specimens per week. With revenues that topped $10 billion last year, the health company operates a network of more…
Facebook Responding to US Regulators in Data Breach Probe
Facebook acknowledged Tuesday it was facing multiple inquiries from US and British regulators about the major Cambridge Analytica user data scandal. The leading social network offered no details but its admission confirmed reports of a widening investigation into the misuse of private data by Facebook and its partners. “We are cooperating with officials in the…
GitHub Exposed Passwords of Some Users
GitHub has instructed some users to reset their passwords after a bug caused internal logs to record passwords in plain text. Several users posted screenshots on Twitter of the security-related email they received from GitHub on Tuesday. The company told impacted customers that the incident was discovered during a regular audit. GitHub claims only a “small number”…
Tackle Five Top Security Operations Challenges With Threat Intelligence
“Knowledge is of no value unless you put it into practice.” When Russian author Anton Chekhov said this more than a century ago, he very well could have been speaking of threat intelligence. More than 80 percent of cybersecurity professionals polled by SANS (PDF) say that threat intelligence is providing them value. Most organizations are…
Reducing Dwell Time With Automated Incident Response
If you do incident response work, you know it doesn’t matter whether you work for a large corporation or a small organization — an incident can strike at any given time. Unfortunately, there are often huge time lapses between when an incident occurs, when it is detected and when the security team can address it….
7 Ways to Prepare for a Cybersecurity Audit
Data breaches, phishing attacks, information disclosure – the Internet can be a scary place. Conducting a cybersecurity audit (or getting a third-party assessment) is a great way to understand your organization’s cybersecurity posture. But, like preparing any exam or review, getting ready for a cybersecurity audit can be intimidating. While every security assessment will be…
When It Comes to Cyber Risks, 2018 Is No Time to Play Games
While some organizations have spent decades fine-tuning their ability to respond to and manage cyber risks, far too many are still playing games with their security strategy. From a cybersecurity perspective, 2017 will go down as a record year for data breaches. The Identity Theft Resource Center (ITRC) reported 1,579 breaches, up 45 percent from 2016. By…
Apple Fixes Indian Character Crash Bug in iOS, macOS
Updates released by Apple on Monday for iOS, macOS, tvOS and watchOS patch a flaw that causes applications to crash when rendering specific strings of Indian characters. Someone noticed recently that displaying a string written in India’s Telugu language (జ్ఞా) caused many apps on iOS and macOS to crash. The list of impacted apps includes…
Over 30 Lawsuits Filed Against Intel for CPU Flaws
More than 30 lawsuits have been filed by Intel customers and shareholders against the chip giant following the disclosure of the Meltdown and Spectre attack methods. Three class action lawsuits were filed against Intel within a week of the Meltdown and Spectre flaws being disclosed, but the number had reached 32 by February 15, according to an annual…