PrincessLocker ransomware is back, although it's less demanding than it used to be, with attackers decreasing the quantity of bitcoins they require to unlock forcibly encrypted files. Unusually, the ransomware is being spread by the RIG exploit kit.
A massive Locky ransomware campaign has been infecting devices via malware-laced spam messages as well as through fake Dropbox phishing pages. More than 23 million Locky spam email have been seen in just one 24-hour period.
Hospitals in Lanarkshire, Scotland, are continuing to recover following an outbreak involving a new variant of Bitpaymer ransomware. Security experts say the malware often gets spread via brute-force attacks against endpoints running remote desktop protocol software.
Admitted Mirai malware attacker Daniel Kaye has been extradited from Germany to the United Kingdom, where he faces charges that he launched DDoS attacks and extortion attempts against the U.K.'s Lloyds Banking Group and Barclays banks.
Verizon has made a strong case for continual PCI DSS awareness with its new study of payment card data security. But like many vendors that conduct their own studies supporting their business cases, Verizon makes suspect logical stretches.
Password security guidance: Do block users from picking commonly used passwords. But to avoid a usability nightmare, don't block users from picking any password that's ever been seen in a data breach, security experts advise.
A list of weak credentials for vulnerable Internet of Things devices has prompted a new effort to notify their owners. The fear is of another mass, IoT-fueled DDoS attack along the lines of last year's Mirai attacks.
Yes, malware commonly targets the Windows operating system. But if you limit malware analysis to Windows OS, you're leaving gaping vulnerabilities, says Christopher Kruegel of Lastline Inc. Here's how to maximize your analysis.
The FBI has arrested Chinese national Yu Pingan on charges that he was a "malware broker" for a remote-access Trojan called Sakula that was used in the massive breaches of Anthem and the U.S. Office of Personnel Management, among other organizations.
Analyzing Donald Trump's cybersecurity policy seven months into his administration highlights the latest edition of the ISMG Security Report. Also, Cybersecurity Coordinator Rob Joyce disses Kaspersky Lab on network TV.
The never-ending stream of bad information security news is fueling a virtual gold rush for companies offering protection. A new report from Forrester predicts a healthy growth rate over the next five years, with some specific technologies expected to see double-digit growth.
A judge has designated the case against Marcus "MalwareTech" Hutchins, who's been accused of creating and selling the Kronos banking Trojan, as "complex" after his defense requested more time to review chat logs, malware samples and other evidence submitted by prosecutors.
Extradited Canadian national Karim Baratov, who's been accused of helping the Russian intelligence officers who allegedly ordered up the hacking of 500 million Yahoo users' accounts, pleaded not guilty to related charges in a San Francisco federal courtroom.
Crew error - not hacking - remains the most likely explanation for this week's deadly collision between a U.S. Navy guided-missile destroyer and a merchant oil and chemical tanker off the coast of Singapore, experts say.