The CIA has attributed last year's outbreak of NotPetya wiper malware to Russia's GRU military intelligence unit, The Washington Post reports. Other intelligence agencies and information security experts have reached similar conclusions, warning that Russia's hybrid warfare campaigns are intensifying.
Canadian police have charged a 27-year-old man with running LeakedSource, which sold access to 3.1 billion stolen login credentials. Jordan Evan Bloom is accused of making $247,000 by administering the site, which offered a subscription service.
The cyber espionage group that executed a campaign against the Democratic Party has been gearing up to attack the U.S. Senate, cybersecurity firm Trend Micro warns. Separately, a Senate report demands that the White House do more to prevent the 2018 and 2020 U.S. elections from being disrupted.
The browser is the window to the web. But what's going in the background during that browsing is opaque to most users. A new experiment shows how the computing power of tens of thousands of computers could be unknowingly harnessed to crack passwords, harvest cryptocurrencies or conduct DDoS attacks.
An attacker who gains physical access to a corporate PC with an Intel chip could exploit the built-in Active Management Technology to backdoor the system in about 30 seconds, unless default AMT credentials have been changed, Finnish security firm F-Secure warns.
In a reversal, chipmaker AMD is now warning that its chips are susceptible to the speculative execution flaws in microprocessors known as Spectre, but not to the Meltdown. Separately, Intel has confirmed that its firmware updates have led to stability problems for older Broadwell and Haswell processors.
Fresh research into mobile apps designed to control ICS systems from afar has unearthed unnerving findings. More than 20 percent of mobile ICS apps have issues that could allow an attacker to influence an industrial system.
It seems like every vendor in the data security industry makes predictions this time of year. Which ones should you pay attention to? All of them, says Dan Lohrmann, who formerly served as CISO of the state of Michigan.
Following the alert over Meltdown and Spectre vulnerabilities, the U.K. Information Commissioner's Office is warning that failures to patch today could be punished with fines under GDPR once enforcement of the data protection law begins later this year.
A 28-year-old Ohio man has been accused of running a 13-year spying scheme that used malware to steal millions of photos, live images and other data from computers. He is accused of developing and using Fruitfly, a malware application for Apple Macs and Windows.
Mobile phone retailer Carphone Warehouse has been hit with one of the largest fines ever imposed by Britain's data privacy watchdog after an attacker breached its outdated WordPress installation, exposing 3 million customers' and 1,000 employees' personal details.
Fixes for the Meltdown and Spectre vulnerabilities are leading to decreased processor performance, triggering cloud service and data center slowdowns. All Windows servers - plus older PCs - as well as Linux servers appear to be experiencing noticeable slowdowns.
FBI Director Christopher Wray says the agency was unable to access nearly 7,800 devices in fiscal 2017 because of encryption, which he alleges will pose ever-increasing complications for law enforcement. The FBI doesn't want a backdoor, he says, but rather a "responsible" solution to allow lawful access.
Patch or perish to protect against Meltdown and Spectre attacks, and prepare to keep patching as Intel, AMD and ARM, as well as makers of devices running Apple, Google and Windows operating systems, including Apple iOS and Android smartphones and tablets, continue to refine their fixes.
Microsoft has paused issuing security updates to some Windows PCs with AMD chipsets after at least one update - meant to add some Meltdown and Spectre mitigations - has left some systems unbootable. Microsoft blamed the problem on AMD failing to properly document its firmware.