U.S. prosecutors have accused a 34-year-old North Korean man of involvement in some of the most destructive and profitable cyberattacks ever seen, including the WannaCry ransomware outbreak, the Sony Pictures Entertainment breach and the theft of $81 million from Bangladesh Bank.
British Airways is warning customers that it suffered a hack attack that compromised up to 380,000 customers' payment cards as well as personal data over a 15-day period. The airline says it was alerted to the breach by a business partner that monitors its websites.
To transparently identify legitimate users in digital channels, organizations need strong digital identity risk assessment capabilities that examine each user's digital patterns and can more accurately detect potential bad actors, says IBM's Matt Konwiser.
All organizations should ensure that they are using the most appropriate tools, technologies, practices and procedures to safeguard their information against today's top threats, says Check Point's Avi Rembaum.
Intelligence adaptive authentication represents the latest advance in authentication and risk analysis - with a dose of machine learning - to help organizations authenticate users and battle fraud in real time, says OneSpan's Will LaSala.
Organizations should be on guard for attacks involving an apparent variant of Hermes ransomware - dubbed Ryuk - that attempts to encrypt network resources. It has already victimized several global organizations in the U.S. and elsewhere, according to a federal alert, which offers mitigation advice.
The new India Post Payments Bank will take banking to the doorstep by using India's mammoth network of post offices. Postmen will perform digital transactions on their phones. That's raising concern among security leaders, who recommend adopting defense-in-depth security.
Officials from Facebook and Twitter appeared before a Senate committee Wednesday to defend their efforts to combat influence operations. Meanwhile, the Trump administration launched a broadside against social media, with President Trump accusing them of meddling in the 2018 midterm elections.
Unknown attackers are intercepting every piece of data handled by more than 7,500 routers made by MikroTik, while also using another 239,000 compromised routers to serve as proxies, researchers say. It's a continuation of a wave of attacks that exploit a vulnerability patched by MikroTik in April.
The Reserve Bank of India, the nation's central bank, is launching a number of efforts to help bolster the cybersecurity of banks. Those include encouraging banks to use access control management and install security operations centers. But critics say the measures aren't bold enough and offer other suggestions.
Keeping endpoint security up to date is a struggle for small to mid-sized companies that have less resources than larger companies, yet have the same risk of attack. And that risk is only increasing. In 2017, the number of ransomware attacks increased by 30x and the number of breaches increased by 40%.
A recent incident involving a chronic care management company spotlights how paying a ransom to recover decryption keys from ransomware attackers can put sensitive data at additional risk. Security experts offer insights on how to prepare for the many challenges posed by attacks.
Enterprise incident response teams tend to lack a diversity of skills and attention to education and testing, says Anne Marie Zettlemoyer, a security strategist who sits on the board of SSH Communications Security. She offers advice on how to make these teams more aligned and effective.
A cybercrime gang called "Silence," which appears to have just two members, has been tied to attacks that have so far stolen at least $800,000, in part via ATM jackpotting or "cash out" attacks, warns cybercrime investigation firm Group-IB.