A large malware campaign first discovered in Poland may have affected financial institutions in 31 countries. Technical clues point toward the Lazarus group, believed to be linked to North Korea, which used the Sundown exploit kit, researchers say. But attributing cyberattacks is tricky.
At this year's RSA Conference, we have about 35 videos on the docket. And truly we're talking about the A-Z of information security thought leaders, from CrowdStrike co-founder Dmitri Alperovitch to ZixCorp CEO David Wagner, with a stop in the middle to discuss homeland security with U.S. Rep. Michael McCaul.
Russian police have arrested more suspected members of a cybercrime gang that used "Lurk" malware to steal nearly $30 million from Russian banks. Separately, a lead cybersecurity investigator's arrest on treason charges appears to be chilling cross-border cooperation.
For too long, ensuring that code is securely written - and bug free - has been a business afterthought. But there's been new hope for building security into the development lifecycle, thanks to the rise of DevOps, aka rugged software, says Chris Wysopal, CTO of the application security firm Veracode.
In this edition of the ISMG Security Report: An evaluation of the challenges law enforcement faces in using lawful hacking and metadata as an alternative way to collect evidence when cracking an encrypted device is not an option. Also, a look at Trump's revised cybersecurity executive order.
Dozens of banks, governments and telecommunications companies have been struck by fileless malware, which resides in memory and leaves few traces for investigators, according to Kaspersky Lab. The use of open-source tools and utilities makes the attacks difficult to detect.
Just like epidemiologists studying disease outbreaks, cybersecurity professionals can benefit from identifying and mitigating certain behaviors, says Dr. Elizabeth Lawler, an epidemiologist who is CEO of Conjur, a data security firm.
Exploit kits are out and phishing emails are in for attackers who are attempting to infect victims with ransomware, according to new research. Unfortunately, the volume of phishing - and thus ransomware - attacks continues to grow.
The House has passed a privacy bill that would strengthen the legal protection afforded to emails older than 180 days. The bill now moves to the Senate, where it died last year after some senators tacked on controversial, privacy-eroding amendments.
We know why phishing works; we know how it works. And yet the schemes still succeed, and they're only getting more effective. How can we stop phishing? Jim Hansen of PhishMe has some ideas, and they just might surprise you.
A digital forensic analysis of a new type of Mac malware reveals that it has a strong connection to Iran, researchers say. The malware, which turned up on the computer of a human rights advocate, tries to steal authentication details from macOS's Keychain.
Televisions that spy on their users have long been a trope of dystopian fiction, including George Orwell's "1984." But the spying TV appears to be far from fictional, according to a new settlement agreement reached between the FTC and smart-TV maker Vizio.
InterContinental Hotels Group is warning customers that malware infected point-of-sale devices at a dozen of its hotel restaurants and bars in North America and the Caribbean for up to four months in 2016. But it's unclear if the breach ties to reported exploits involving POS service providers.
The FBI says it's continuing to investigate an international cybercrime ring that stole at least $1.2 million via malware, money mules and overseas bank transfers. So far, one Brooklyn-based man has pleaded guilty to related offenses.
When Army intelligence specialist Chelsea Manning leaked classified documents to WikiLeaks in 2010, the federal government's security clearance process served as the main defense against malicious insiders. CERT's Randy Trzeciak explains how insider threat defenses have changed since then.