The Weird and Wild Stories of 2016
There are any number of adjectives one could employ to describe 2016, most of which can’t be printed here. One of the gentler descriptors we can use is “interesting”. This year was nothing if not interesting. There were data breaches of epic proportions, companies getting owned in new and creative ways, and all kinds of really unusual […]
FDA Sets Guidance on Medical Device Security
The Food and Drug Administration has published new recommendations for both manufacturers and regulators on how to deal with security for medical devices, including implantable devices. Calling device security a shared responsibility, the FDA guidance focuses on the postmarket cybersecurity issues, such as vulnerability response and remediation. The new document is not a set of regulations, but […]
2016: Maybe Everything Wasn’t Completely Terrible
Let’s face it: 2016 has been pretty rough year. Things didn’t go all that well for humans in the last 12 months, and computers didn’t make out much better. Lots of things broke, and it seemed like whatever didn’t break was compromised, stolen, or lost. But not everything was terrible. There were some encouraging developments […]
Assessing Phone Fraud in the Contact Center: Best-In-Class Solutions
Contact center fraud loss is expected to double from $393M to $775M by 2020. Despite the intent to administer positive and timely customer experiences, contact centers agents often fall victim to the social engineering methods that enable fraud attacks. Fraud attacks increase operational costs, decrease customer satisfaction, and jeopardize brand reputation as customer data is […]
New Leet Botnet Generating Huge DDoS Floods
A new botnet that is capable of some of the larger DDoS attacks ever seen has emerged in the last few days, launching floods of up to 650 Gbps and using a unique payload that researchers say is effective at evading security systems. The network came to light on Dec. 21 when researchers at Imperva […]
Critical Vulnerability Haunts Popular PHP Library
There’s a critical security vulnerability in the PHPMailer library, a flaw that could allow an attacker to execute arbitrary code. The bug can be exploited remotely and a researcher already has released proof-of-concept exploit code for it. The PHPMailer library is used in a large number of web applications and open source projects, including WordPress and […]
Apple Delays Requirement for App Transport Security
Apple has pushed back a deadline for developers to support a key transport security technology in apps submitted to the company’s app stores. Officials said at the Apple Worldwide Developers Conference earlier this year that developers would have to support Apple Transport Security by the end of 2016. But on Wednesday, the company announced that […]
Call Centers a Soft Target for Fraudsters
The fraud schemes that consumers and businesses face every day are the end result of a lot of research, work, and planning on the part of the criminals who perpetrate them. There are a lot of moving pieces in the background that victims never see, and often the schemes involve many intermediate steps before a […]
House Working Group Says Don’t Weaken Encryption
In a year-end report, a key congressional working group on encryption said that any governmental initiative to backdoor encryption systems is against the interests of the country and that there is no clear solution to the battle over encryption right now. The Encryption Working Group, comprised of members of the House Judiciary Committee and House Energy […]