Espionage: Every nation does it. But for nation-state hacking that targets intellectual property or interference in political affairs, the U.S. has been using criminal indictments against individuals as a diplomatic way of saying: "We see what you're doing, now knock it off." But does it work?
The FIN7 cybercrime gang regularly phoned victims, posing as buyers, to trick victims into opening phishing emails and attachments with malware, federal prosecutors allege. The group's success - 15 million stolen payment cards and counting - is one measure of how difficult these types of attacks are to block.
A WannaCry outbreak has hit unpatched Windows 7 systems at Taiwan Semiconductor Manufacturing Co., crippling its factories. The world's largest chipmaker, which traced the infection to a new software tool that it failed to scan for malware before installation, says the outbreak could cost it $170 million.
The cost of the city of Atlanta's mitigation and subsequent IT overhaul following a massive SamSam ransomware infection in March could reach $17 million, of which $6 million has already been budgeted for new devices, security enhancements as well as upgrades, according to news reports.
The chief security officer for the U.S. Democratic Party is recommending that all party officials avoid using mobile devices made by Chinese manufacturers ZTE and Huawei. Bob Lord says that even if devices from those manufacturers are free or low cost, no one wants to be the next "patient zero."
Retired Brigadier General Gregory Touhill, the first CISO of the federal government, spells out what he sees as the essential steps for fighting against Russian meddling in this year's midterm elections. He'll be a featured speaker at ISMG's Security Summit in New York Aug. 14-15.
Attackers have targeted a patched vulnerability to exploit more than 209,000 carrier-grade routers made by Latvian manufacturer MicroTik and infect them with two types of malware - Coinhive and Crypto-Loot - designed to mine for cryptocurrency, security researchers say.
Two cybersecurity veterans detail the specific steps the Trump administration must take now if it has any hope of safeguarding the U.S. midterm elections in November against Russian interference, whether via hack attacks or social media and propaganda campaigns.
Three Ukrainian men who were allegedly part of a hacking gang that stole more than 15 million payment card records from U.S. businesses, sold the data in underground markets and enabled at least $12.4 million in fraud have been arrested in Germany, Poland and Spain at the request of the U.S.
Russian national Mikhail Malykhin, who was illegally residing in the U.S., has received a 70-month prison sentence after admitting to hack attacks and conspiring to use fraudulent debit cards issued via a hacked healthcare benefits administrator.
With Australia's data breach reporting law now in effect, its healthcare sector has recently reported the highest number of data breaches - a finding that is sure to intensify the already intense scrutiny of the country's controversial e-health records project.
Facebook has suspended eight pages and 24 accounts for "coordinated inauthentic behavior" tied to apparent political influence campaigns ahead of an event in Washington. While Facebook declined to attribute the activities to specific individuals or groups, U.S. lawmakers are blaming the Kremlin.
What should President Donald Trump do to prevent Russian meddling in the midterm elections? Ed Amoroso, the former CISO of AT&T, offers three bold suggestions. He'll be a featured speaker at ISMG's Security Summit in New York, to be held Aug. 14-15.
Facebook says it has shut down 32 pages and accounts that it claims were "engaged in coordinated inauthentic behavior" apparently designed to influence U.S. politics. But the social network stopped short of attributing the "bad actors" to Russia.
A large Midwestern health network says a successful phishing campaign exposed a raft of personal and medical data stored in its email systems. The count of affected victims numbers 1.4 million, although investigators believe stealing personal data was not the attackers' goal.