Two researchers who launched a crowdsourced effort to subscribe to the Shadow Brokers' monthly leak of stolen Equation Group exploits - on behalf of the entire information security community - have dropped their effort, citing legal concerns.
As the adversaries develop new methods to strike at increasingly vulnerable digital infrastructures, it is time businesses take a hard look at the way defense is approached and recast security models to drive the cost to the attacker up, says Palo Alto Network's Sean Duca.
In an in-depth interview about a new study that identifies thousands of vulnerabilities in cardiac devices, security researcher Billy Rios calls on manufacturers to more carefully consider the compromises they make in balancing the usability benefits to patient care versus the cybersecurity risks.
Two security researchers are attempting to crowdfund a recurring subscription fee to Shadow Brokers' monthly exploit dump club in hopes of helping to prevent or blunt future outbreaks of the WannaCry variety. Cue ethical debate.
Businesses are suffering from an influx of too much security technology packaged into too many solutions offered by too many vendors, says former RSA Chairman Art Coviello, who claims the proliferation of products isn't helping improve cybersecurity.
A cyber-espionage campaign apparently linked to Russia has targeted more than 200 people in 39 countries and leaked victims' stolen information - sometimes in altered form - as part of a disinformation campaign, according to privacy researchers at Citizen Lab.
Cyber-intelligence expert Tom Kellermann sees a growing hostility in cyberspace, and he fears a new wave of advanced threats aimed not just at committing crimes, but at breaching critical infrastructure. Who are the top threat actors, and what are their key targets?
Cybersecurity incidents have evolved considerably since the TJX and Heartland breaches of 2007-08. And so has the discipline of incident response, says former prosecutor Kim Peretti, now a partner at the law firm Alston & Bird. She defines incident response 2.0.
Russian threat intelligence firm Group-IB alleges that North Korea is behind recent attacks against financial institutions in Europe employing fraudulent SWIFT messages. But other experts caution that such conclusions shouldn't be made solely based on technical data.
In this special edition of the ISMG Security Report, you'll hear an edited version of an ISMG Fraud and Breach Prevention Summit keynote panel in which current and former federal cybersecurity officials assess the IT security agenda of the Donald Trump administration.
The Indian Railways' free Wi-Fi network was affected more than any other ISP in India by WannaCry, according to a report from eScan. Some experts say the disruptions could have been avoided if the organization maintained basic security hygiene and blocked its excessive SMB traffic.
British Airways grounded all flights at London's two biggest airports starting Saturday, leading to multiple days of disruptions. The airline has blamed a power surge for its IT failures, but experts have questioned the airline's resiliency and disaster recovery planning and testing.
Restaurant chain Chipotle Mexican Grill says customers' payment card data was stolen via point-of-sale malware installed at the vast majority of its more than 2,000 restaurant locations for more than three weeks.
Three Nigerian nationals who were convicted of a range of charges - including identity theft and payment card fraud - have been sentenced in the U.S. to serve up to 115 years in jail. Prosecutors says they were part of a "large-scale international fraud network" and involved in so-called "romance scams."