Attackers are increasingly hacking into banks' networks to gain access to the IT infrastructure connected to their ATMs, security experts warn. Attackers push malware onto ATMs that's designed to allow money mules to "jackpot" or "cash out" the machines, then delete itself.
It's the age of "open banking," and that means changes for banking institutions and their customers - as well as for the fraudsters. Shaked Vax of IBM Security Trusteer talks about new vulnerabilities and anti-fraud strategies.
The chairman of the Securities and Exchange Commission, Jay Clayton, promised the Senate banking committee Tuesday that his agency is pursuing numerous cybersecurity improvements in the wake of a May 2016 breach.
Researchers investigating the CCleaner malware outbreak have had a lucky break: The attackers' backup server shows that they pushed secondary malware onto systems at Intel, VMware, Fujitsu and Asus, among others, as part of what appears to be a very targeted attack campaign.
Freedom of Information requests sent to 430 U.K. local government councils by Barracuda Networks found that at least 27 percent of councils have suffered ransomware outbreaks. Thankfully, almost none have paid ransoms, and good backup practices appear widespread.
An attack campaign involving a trojanized version of the CCleaner Windows utility, built and distributed by British developer Piriform, was much more extensive than it first appeared and may have installed backdoor software on endpoints at hundreds of large technology firms.
The chairman of the U.S. Securities and Exchange Commission will face the Senate Banking Committee next week following the agency's belated disclosure that in May 2016, hackers stole secret market data from the SEC's systems and apparently used it for "illicit gain through trading."
In today's dynamic threat landscape, "real-time" is the operative phrase - and it needs to apply both to threat detection and incident response, says Tim Bandos of Digital Guardian. What are the required security controls and tools?
Hackers behind the mega-breach at Equifax stole data in May, but they - or other attackers - penetrated the credit bureau's systems in March, exploiting a vulnerability for which Apache Struts had issued a patch, just four days prior.
Are organizations making the same security mistake with APIs today that they made with their websites 10 and 20 years ago? Jeffrey Costa of Akamai Technologies says yes and offers insight on securing and caching APIs.
Mobile malware threats are surging in India. For example, about 40 percent of all the attacks involving Xafecopy malware were targeted at the nation. The increasing attacks on mobile phones have called attention to the need to boost awareness of mobile security and take critical mitigation steps.
The arrest of 10 men in Uttar Pradesh for allegedly cloning fingerprints of authorized Aadhaar enrollment officers is once again stirring debate over whether it's wise for India to rely so heavily on Aadhaar for authentication.
Equifax made an error that led to one of the largest and most sensitive data breaches of all time, and the mistake was elementary: The credit bureau failed to patch a vulnerability in Apache Struts - a web application development framework - in a timely manner.
In cryptocurrency we trust: The government of North Korea has been turning to bitcoin exchange heists and cryptocurrency mining - potentially using malware installed on other countries' systems - to evade sanctions and fund the regime, security experts say.
Equifax has a new problem on its hands: Argentina. Investigators with security consultancy Hold Security discovered that Equifax's Argentina website exposed national identity numbers for at least 14,000 citizens. But the information exposure may be far more extensive.