One mystery with the recently discovered payment card sniffing attacks against such organizations as British Airways and Newegg has been how attackers might have first gained access to the victims' networks. But a number of cybercrime markets sell such access, in some cases for as little as 50 cents.
Attack code known as EternalBlue, designed to exploit a Windows SMB flaw, continues to work for attackers despite Microsoft having issued patches more than a year ago. One major U.S. business was a recent victim as part of a cryptocurrency-mining malware campaign, a researcher reports.
Intel has had a challenging time lately on the vulnerability front. It has issued yet another patch for its Management Engine after a researcher was able to extract two types of encryption keys. The problem was a repeat of one that Intel patched just last year.
Keeping endpoint security up to date is a struggle for small to mid-sized companies that have less resources than larger companies, yet have the same risk of attack. And that risk is only increasing. In 2017, the number of ransomware attacks increased by 30x and the number of breaches increased by 40%.
While tech-support scams have proliferated for years, the FBI says losses tied to such fraud are now higher than ever. Google has pledged to crack down on fake tech-support listings. But fraudsters regularly employ a variety of channels, including cold calls, pop-up windows and phishing emails.
A lawsuit accuses Google of "the surreptitious location tracking of millions of mobile phone users." The legal action was sparked by a report demonstrating that some Google apps tracked and time-stamped users' locations even if a user deactivated the "location history" setting.
Why are attacks so successful? Legacy endpoint security products are creating more problems than they solve. There is too much cost and complexity, defenses aren't keeping up, and security staff is stretched thin.
The hacking of an email account of a medical clinic employee during travels overseas demonstrates the risks posed to data when workers travel. Security experts offer insights on mitigating those risks.
Devising an effective national IoT security strategy requires four essential steps, says Rishi Bhatnagar, chairman of the Institution of Engineering and Technology's IoT panel India, who describes them in this interview.
Ovum, a market-leading research and consulting business that helps enterprises thrive in the connected digital economy, explains why every enterprise should put stronger authentication service on their radar as a means of better securing their companies data and minimizing their fraud exposure risk all while...
After years of focus, the needle is moving positively toward improving medical device security. But what about the growing cybersecurity issues associated with enterprise IoT? Mac McMillan of CynergisTek shares his concerns.
Hot cybersecurity trends under discussion at this year's RSA Conference include artificial intelligence, facial recognition, protecting not just data but also knowledge, as well as rapid data breach response, says Chris Pierson, CEO of Binary Sun Cyber Risk Advisors.
Cybersecurity pros need to apply the Darwinian approach of "survival of the fittest" to cybersecurity to navigate the risk landscape and raise the industry baseline for security, says Dan Schiappa of Sophos.