Offspring of the Zeus banking Trojan continue to spring to life. Functionally, however, security experts say most POS-infecting banking malware remains almost identical. So why aren't more organizations putting well-known defenses in place?
Nearly three years after the Heartbleed bug - and 600,000 vulnerable servers - was discovered, the vulnerability lives on. The latest scans still count 180,000 at-risk servers. Why won't this bug just die?
Gartner analyst Avivah Litan has long been the go-to expert for insights on fraud detection. Now she has broadened her focus to cover endpoint security and user and entity behavioral analytics. Where do these topics converge, and what insights can she share on the 2017 cybersecurity outlook?
This edition of the ISMG Security Report leads with news that several senior White House staffers had been using a private email server. Also, fueled by worries over Russian hacking, the Australian government plans to educate political parties on improving cybersecurity.
The subscription-based breach notification service LeakedSource appears to have gone dry. Security expert Troy Hunt says the privacy writing has been on the wall for the site, owing to it selling access to stolen personal data.
An overlooked security setting on Twitter may have allowed a hacker to guess the password-reset email addresses tied to accounts used by President Donald Trump, first lady Melania Trump, Vice President Mike Pence plus a top adviser. What's the risk?
Four years after a messy legal battle sparked by Edward Snowden using its service, the secure email provider Lavabit is back with a new platform designed to provide better privacy protection - users can select from "trustful," "cautious" or "paranoid" modes - by encrypting both email content and metadata.
In his eight years in the White House, former President Barack Obama made cybersecurity a priority. But will his legacy be his administration's various IT security initiatives or the damaging breaches that occurred during his tenure? That's the lead story in the latest edition of the ISMG Security Report.
Donald Trump's inauguration has led to a call for a mass online protest of questionable legality designed to "occupy" the White House website. Separately, Anonymous has threatened Trump with "regret" and promised to unearth compromising information.
As President Trump delivered his inaugural address, the White House transitioned its website from the Obama to the Trump administration. Immediately, Trump's team posted a series of position papers, including one that addressed - albeit briefly - cybersecurity.
Say hello to Fruitfly, the first piece of Mac malware to be discovered this year. The two-year-old malicious code is odd - it includes code that dates from the late 1990s - and appears to be designed to exploit biomedical institutions via targeted attacks.
College student Zachary Shames, who's pleaded guilty to developing and selling Limitless Logger spyware, was outed to the FBI by security firm Trend Micro after Shames failed to compartmentalize his online activities. Turns out hiding your identity online is harder than it might appear.
Information security researchers have charted a steep decline in Locky ransomware and Dridex banking Trojan distribution in recent weeks. While that's good news, it may only reflect that a cybercrime gang is on vacation.
Companies involved in mergers and acquisitions are increasingly targeted with cyberattacks that could potentially derail the deals, says Bryce Boland of FireEye, who outlines the risks and offers tips for mitigating them.
In a reminder that healthcare organizations continue to be targeted by more than just crypto-locking extortionists, a cyberattack against an NHS trust didn't involve ransomware - as some initial reports suggested - but rather a never-before-seen Trojan.