There's another option for governments trying to overcome the end-to-end encryption barrier: buy a zero-day software exploit. One prominent zero-day broker, Zerodium, has added encrypted messaging apps to its bounty list.
With claims of wanting to dispel "the myth about doping-free football," the Russian-linked hacker group Fancy Bear has released health records related to alleged drug use of more than 150 soccer players worldwide. What's the message they're sending?
EDR (endpoint response and detection) products are powerful tools that provide a play-by-play of exactly what happened on a computer during and after an attack. But the products require the right expertise to get the most value, a Gartner analyst says.
The latest ISMG Security Report leads with information security guru Ron Ross discussing changes coming to the National Institute of Standards and Technology's catalog of IT security and privacy controls. Also, challenges facing an upgraded U.S. Cyber Command.
Beyond the emotion, the arrest of security researcher Marcus Hutchins last month on charges that he developed and sold banking malware has thrust information security researchers into the legal limelight and highlighted just how much law enforcement agencies rely on them.
Ukraine's central bank has warned state-owned and private banks that a new malware campaign targeting financial services firms across the country may be a prelude to a new assault of Not-Petya proportions, Reuters reports.
Carbon Black rolled with the punches last week after it was accused of exposing customer data via a bug in one of its endpoint detection products. It turned out there was no bug. But the company has gone back and uncovered a bug that did expose customer data, albeit on a small scale.
A report claims British intelligence agency GCHQ knew in advance that the FBI planned to arrest WannaCry "hero" Marcus Hutchins when he visited the United States for the annual Black Hat and Def Con conferences last month. The information security community asks: Is that justice?
Hackers have been targeting the Scottish Parliament in a "brute force cyberattack" aimed at guessing users' email passwords. Security experts say it's unlikely that state-backed attackers would resort to such a blunt assault.
The latest edition of the ISMG Security Report leads with a closer look at a new exploit kit and whether it represents a resurgence in these types of criminal packages. Also featured: a discussion of new vehicle security concerns and communications advice for CISOs.
Locky is back. After falling off the radar last year, the ransomware is once again being distributed via massive spam campaigns - run by the Necurs botnet - in the form of two new variants named Diablo and Lukitus.
Danish shipping giant Maersk faces losses of $200 million to $300 million as a result of the NotPetya global malware outbreak. Others, including FedEx and household goods manufacturer Reckitt Benckiser, are also beginning to estimate NotPetya's financial impact on their business.
The 30-year-old protocol used by motor vehicle sensors to communicate may have to be rewritten following a proof-of-concept "error flooding" attack that can disable airbags, parking sensors and safety systems.
For just $80 per day, would-be cybercrime entrepreneurs can subscribe to Disdain, a new exploit kit that targets now-patched flaws in browsers and plug-ins, including Flash and WebEx. Disdain's debut shows that while exploit kits may have declined, they haven't died out.
The British security researcher credited with stopping the WannaCry ransomware outbreak pleaded not guilty Monday to charges that he developed and sold a type of malicious software that steals online banking credentials.