The FBI warns that cybercriminals are planning a large-scale operation aimed at emptying ATMs, a type of attack that has caused swift and costly losses for financial institutions. The attack may utilize data from a breach of an unknown card issuer, the FBI says.
Cybercriminals in Brazil have capitalized on older vulnerabilities in D-Link routers for financially motivated phishing attacks. The attackers changed DNS settings to use their own malicious DNS server, allowing for seamless shifts to phishing sites.
An analysis of the privacy issues Amazon will face as it dives deeper into the healthcare business leads the latest edition of the ISMG Security Report. Also featured: A preview of ISMG's Security Summit in New York Aug. 14-15.
Hubris has a new name: Bitfi. The cryptocurrency wallet-building company, backed by technology eccentric John McAfee, earned this year's not-so-coveted Pwnies Award for "Lamest Vendor Response" for how it mishandled security researchers' vulnerability disclosures. Bitfi has promised to do better.
The FIN7 cybercrime gang regularly phoned victims, posing as buyers, to trick victims into opening phishing emails and attachments with malware, federal prosecutors allege. The group's success - 15 million stolen payment cards and counting - is one measure of how difficult these types of attacks are to block.
The cost of the city of Atlanta's mitigation and subsequent IT overhaul following a massive SamSam ransomware infection in March could reach $17 million, of which $6 million has already been budgeted for new devices, security enhancements as well as upgrades, according to news reports.
The chief security officer for the U.S. Democratic Party is recommending that all party officials avoid using mobile devices made by Chinese manufacturers ZTE and Huawei. Bob Lord says that even if devices from those manufacturers are free or low cost, no one wants to be the next "patient zero."
Retired Brigadier General Gregory Touhill, the first CISO of the federal government, spells out what he sees as the essential steps for fighting against Russian meddling in this year's midterm elections. He'll be a featured speaker at ISMG's Security Summit in New York Aug. 14-15.
While the nature of distributed denial-of-service (DDoS) attacks is constantly evolving, two things are clear: the volume of attacks is increasing and every business is at risk.
The most resilient architecture to help combat these attacks is a combination of onpremisesand cloud DDoS scrubbing to mitigate network,...
Applications are consistently amongst the top attack targets for bad actors, and our goal is to provide comprehensive protection where it is needed most. WAFs have evolved into tools that can greatly reduce the risk of an application breach. Today's top-performing WAFs are continually updated and offer a variety of...
Many companies that have adopted a layered security strategy
still fail to protect their Domain Name System (DNS)
infrastructure, a critical Internet protocol that was never
designed with security in mind.
Read this white paper to learn why integrating a DNS-based
solution with layered enterprise...
Assuming that every user, request, and server is untrusted until
proven otherwise, a zero trust solution dynamically and
continually assesses trust every time a user or device requests
access to a resource. But zero trust offers more than a line of
The model's security benefits deliver...
Two cybersecurity veterans detail the specific steps the Trump administration must take now if it has any hope of safeguarding the U.S. midterm elections in November against Russian interference, whether via hack attacks or social media and propaganda campaigns.
One measure of why it's so difficult for organizations to keep their software patched and better secured: Of the nearly 20,000 unique vulnerabilities in 2,000 products cataloged last year, only half involved Microsoft, Adobe, Java, Chrome or Firefox software, says Flexera's Alejandro Lavie.
Three Ukrainian men who were allegedly part of a hacking gang that stole more than 15 million payment card records from U.S. businesses, sold the data in underground markets and enabled at least $12.4 million in fraud have been arrested in Germany, Poland and Spain at the request of the U.S.