Careers Information Security Podcast

As effective as ransomware has proven to be in attacks against so many organizations across regions and sectors, certain characteristics actually can help defenders gain an edge in detecting malware. Lastline's Engin Kirda explains how.

The latest ISMG Security Report leads with a profile of Rob Joyce, the National Security Agency operative who is reportedly under consideration to be President Donald Trump's top cybersecurity adviser. Also, cybercriminal ties with Russian intelligence and the lifespan of zero-day vulnerabilities.

An important theme that emerges from the HHS Office for Civil Rights' dozens of HIPAA settlements is that all aspects of compliance are critical and subject to close scrutiny by federal regulators, says former OCR director Leon Rodriguez.

The source code for the Mirai botnet has been updated to launch DDoS amplification/reflection attacks, although so far that capability hasn't been used, says Gary at Arbor Networks. Even so, DDoS defense planning remains essential.

The rapid evolution of malware and proliferation of solutions have created a state of chaos for security leaders, says Naveen Palavalli of Symantec. What strategy and solutions will help restore order to anti-malware defense?

Leading the latest edition of the ISMG Security: A deep dive into the WikiLeaks release of thousands of documents that appear to lay open in detail the CIA's computer hacking techniques Report. Also, tackling the rise of attacks targeting the internet of things.

When it comes to massive DDoS attacks powered by the likes of a Mirai botnet, "the sky is not falling," says ESET security researcher Cameron Camp. But organizations do need to prepare - and here's where to start.

A look at the return of the Crypt0L0cker ransomware leads the latest edition of the ISMG Security Report. Also, assuring the security of medical devices; and U.S. federal prosecutors drop charges against a child porn suspect rather than reveal the hacking technique used to ensnare him.

To meet the increasing customer demands for effective solutions, security vendors must ensure their products work together well, says Dr. Mike Lloyd of RedSeal. This is particularly essential to achieving "digital resilience," the ability to promptly detect and respond to network intrusions, he says.

With Verizon's data breach investigations team finding that 90 percent of breaches trace to a phishing or other social engineering attack, lead investigator Chris Novak says that using multifactor authentication should be a no-brainer for all organizations.

When trying to detect which security events are malicious, analysts have long battled signal-to-noise problems. LogRhythm's James Carder describes how behavioral analytics, case management, security automation and threat intelligence can help.

The European Union's General Data Protection Regulation, which will be enforced beginning in May 2018, will affect organizations throughout the world because it applies to any company that handles Europeans' personal data, says Fred Kost of HyTrust.

Leading the latest edition of the ISMG Security Report: The death of former White House Cybersecurity Coordinator Howard Schmidt, and a report on legislation to strengthen the influence of the National Institute of Standards and Technology on federal civilian agencies.

The cloud can be used to improve security by helping to separate data from applications, networks and other infrastructure, says VMware's Tom Corn.

In the latest edition of the ISMG Security Report: Analyzing how reflective social engineering can battle cybercriminals who use social engineering to fool users into divulging personal information.

The technology and know-how exists to build a hack-proof computer, but doing so won't be easy, says Howard Shrobe, principal research scientist at the Massachusetts Institute of Technology's Computer Science and Artificial Intelligence Laboratory.

Paid breach notification site LeakedSource has disappeared. Given the site's business model - selling access to stolen credentials to any potential buyer - breach notification expert Troy Hunt says the site's demise is no surprise.

Attackers are increasingly targeting mobile channels, driving banks to seek better ways of verifying the authenticity and integrity of not just users, but also mobile devices and transactions, says John Gunn of cybersecurity technology firm Vasco Data Security.

Leading the latest version of the ISMG Security Report: a look at how various sectors are moving away from checkbox compliance, instead taking proactive measures to secure their information assets. Also, big increase in e-commerce fraud and Yahoo's costly breach.

What's required to access the Dark Web? And how does one separate fact from fiction? These are two of the five things Dark Web users need to know, says Danny Rogers, co-founder and CEO of Terbium Labs.