The latest ISMG Security Report leads with information security guru Ron Ross discussing changes coming to the National Institute of Standards and Technology's catalog of IT security and privacy controls. Also, challenges facing an upgraded U.S. Cyber Command.
Beyond the emotion, the arrest of security researcher Marcus Hutchins last month on charges that he developed and sold banking malware has thrust information security researchers into the legal limelight and highlighted just how much law enforcement agencies rely on them.
Card issuers continue to find themselves victims of ongoing attacks perpetrated by fraudsters looking to rapidly exploit any opening they can find in e-commerce transactions. Fraudsters often exploit cards from multiple issuers, which is why they are transitioning to a model that uses real-time device information from...
Ukraine's central bank has warned state-owned and private banks that a new malware campaign targeting financial services firms across the country may be a prelude to a new assault of Not-Petya proportions, Reuters reports.
Carbon Black rolled with the punches last week after it was accused of exposing customer data via a bug in one of its endpoint detection products. It turned out there was no bug. But the company has gone back and uncovered a bug that did expose customer data, albeit on a small scale.
A report claims British intelligence agency GCHQ knew in advance that the FBI planned to arrest WannaCry "hero" Marcus Hutchins when he visited the United States for the annual Black Hat and Def Con conferences last month. The information security community asks: Is that justice?
The malicious use of encryption is growing at an alarming rate according to NSS Labs' BaitNET test infrastructure. Why? Encrypted web communication routinely bypasses enterprise security controls. Left unscanned, these channels are perfect vehicles for hiding infection, command & control and data exfiltration....
Hackers have been targeting the Scottish Parliament in a "brute force cyberattack" aimed at guessing users' email passwords. Security experts say it's unlikely that state-backed attackers would resort to such a blunt assault.
The latest edition of the ISMG Security Report leads with a closer look at a new exploit kit and whether it represents a resurgence in these types of criminal packages. Also featured: a discussion of new vehicle security concerns and communications advice for CISOs.
Locky is back. After falling off the radar last year, the ransomware is once again being distributed via massive spam campaigns - run by the Necurs botnet - in the form of two new variants named Diablo and Lukitus.
Too often card-issuing banks suffer significant losses from fraudsters stealing credit card credentials. Typically, these fraudsters use multiple cards from various issuers to complete purchases from a single device before the stolen cards can be blocked. The goal for banks is to immediately identify and stop these...