Locky is back. After falling off the radar last year, the ransomware is once again being distributed via massive spam campaigns - run by the Necurs botnet - in the form of two new variants named Diablo and Lukitus.
Danish shipping giant Maersk faces losses of $200 million to $300 million as a result of the NotPetya global malware outbreak. Others, including FedEx and household goods manufacturer Reckitt Benckiser, are also beginning to estimate NotPetya's financial impact on their business.
The 30-year-old protocol used by motor vehicle sensors to communicate may have to be rewritten following a proof-of-concept "error flooding" attack that can disable airbags, parking sensors and safety systems.
For just $80 per day, would-be cybercrime entrepreneurs can subscribe to Disdain, a new exploit kit that targets now-patched flaws in browsers and plug-ins, including Flash and WebEx. Disdain's debut shows that while exploit kits may have declined, they haven't died out.
What can CISOs at banks do to help prevent fraud as the region, and in particular India, moves toward achieving a cashless economy? Theo Nassiokas, director, APAC cybersecurity, at Barclays Bank, offers insights in an in-depth interview.
The British security researcher credited with stopping the WannaCry ransomware outbreak pleaded not guilty Monday to charges that he developed and sold a type of malicious software that steals online banking credentials.
How could the private sector benefit from steps federal agencies are taking to improve the cybersecurity of the internet of things and medical devices? In an in-depth interview, two experts at UL who are working closely with the agencies explain the potential impact.
In this latest edition of the ISMG Security Report we learn more about certain Siemens medical devices containing vulnerabilities that could allow hackers to remotely execute arbitrary code. Also: a report on Kaspersky Lab dropping its complaint against Microsoft and part 2 of an election security interview.
FireEye says Russia's Fancy Bear hackers are targeting hotel guests with a sneaky attack that leaves no traces and steals network credentials. It involves no malware and is virtually impossible to stop.
Healthcare organizations can learn important lessons - including the need for granular data access control - from the costly proposed settlement of the breach lawsuit against health insurer Anthem, says Bill Fox, a former federal prosecutor.
In the face of advanced persistent threats and attacks, it's critical for organizations to measure vulnerability to threats before applying machine learning tools, says Rohan Vibhandik, a scientist at ABB Corporate Research Center.
Kaspersky Lab says it will withdraw antitrust complaints it filed against Microsoft over how Windows handles third-party security products, defusing a yearlong dispute. Microsoft says it will work closer with security companies to ensure compatibility with Windows.
Security vendors are known to sprinkle hyperbole among their claims. But the strategy has backfired for DirectDefense, which mistakenly cast endpoint protection vendor Carbon Black as a contributor to the "world's largest pay-for-play data exfiltration botnet."
It's a red-faced moment for FireEye. The company says an investigation reveals that an attack against an analyst's personal online accounts was enabled by the employee's continued use of compromised login credentials.