A cyber-espionage campaign apparently linked to Russia has targeted more than 200 people in 39 countries and leaked victims' stolen information - sometimes in altered form - as part of a disinformation campaign, according to privacy researchers at Citizen Lab.
Cyber-intelligence expert Tom Kellermann sees a growing hostility in cyberspace, and he fears a new wave of advanced threats aimed not just at committing crimes, but at breaching critical infrastructure. Who are the top threat actors, and what are their key targets?
Cybersecurity incidents have evolved considerably since the TJX and Heartland breaches of 2007-08. And so has the discipline of incident response, says former prosecutor Kim Peretti, now a partner at the law firm Alston & Bird. She defines incident response 2.0.
Russian threat intelligence firm Group-IB alleges that North Korea is behind recent attacks against financial institutions in Europe employing fraudulent SWIFT messages. But other experts caution that such conclusions shouldn't be made solely based on technical data.
The Indian Railways' free Wi-Fi network was affected more than any other ISP in India by WannaCry, according to a report from eScan. Some experts say the disruptions could have been avoided if the organization maintained basic security hygiene and blocked its excessive SMB traffic.
British Airways grounded all flights at London's two biggest airports starting Saturday, leading to multiple days of disruptions. The airline has blamed a power surge for its IT failures, but experts have questioned the airline's resiliency and disaster recovery planning and testing.
Restaurant chain Chipotle Mexican Grill says customers' payment card data was stolen via point-of-sale malware installed at the vast majority of its more than 2,000 restaurant locations for more than three weeks.
Three Nigerian nationals who were convicted of a range of charges - including identity theft and payment card fraud - have been sentenced in the U.S. to serve up to 115 years in jail. Prosecutors says they were part of a "large-scale international fraud network" and involved in so-called "romance scams."
MeitY is requiring every government department in India to appoint a senior staff member as CISO. But some security experts question whether there are enough qualified security experts in all government departments to fill the new CISO positions and suggest departments consider hiring outside experts.
In the wake of WannaCry, there's a critical new flaw in Samba, which provides Windows-based file and print services for Unix and Linux systems. Security experts say the flaw is trivial to exploit. US-CERT recommends immediate patching or workarounds.
Target has reached a record settlement agreement with 47 states' attorneys general over its 2013 data breach. The breach resulted in hackers compromising 41 million customers' payment card details and contact details for more than 60 million customers being exposed.
DSCI is working with the FIDO Alliance in an effort to eliminate the use of passwords for authentication in India. But some security practitioners question whether that's a realistic approach that will prove effective. go
The Donald Trump administration, in its fiscal 2018 budget, outlines steps it contends would strengthen the U.S. federal government's information systems, even as it would cut some cybersecurity spending at specific agencies.
Good news for many victims of WannaCry: Free tools developed by a trio of French security researchers can be used to decrypt some PCs that were forcibly encrypted by the ransomware, if the prime numbers used to build the crypto keys remain in Windows memory.