A new ransomware-as-a-service model dubbed "Buran" that targets vulnerabilities in certain devices running Windows is offered at a deep discount to help the malware spread faster, according to McAfee researchers.
The White House has developed protocols for notifying the public of nation-state hacking or other interference during the 2020 presidential election cycle. But the full framework has not yet been released.
Bala Kumar of iovation, a TransUnion company, sees a marked spike in identity fraud in general, and at account origination in particular. How does this increase manifest across industry sectors, and how should organizations re-think their defenses?
In June, I wrote an in-depth story about how millions of Instagram users worldwide under 18 years old were exposing their email addresses, phone numbers or both. Instagram has finally made a change to address the issue - but it doesn't go far enough.
Securing user accounts from both bots and human attackers has become one of the most fundamental challenges of delivering modern applications and services. Attackers continuously develop ever more sophisticated techniques for taking over user accounts.
Aggressive security policies lead to false positives and...
Nearly four months after Capital One revealed a massive data breach, Michael Johnson, the bank's CISO, is being moved into an outside advisory role, and the company is scouting for a new security leader, according to the Wall Street Journal.
Federal prosecutors have charged a Long Island company, along with seven of its employees, with selling vulnerability-laden Chinese technology to the U.S. military and other agencies for a decade and passing the gear off as American made.
The latest edition of the ISMG Security Report offers an analysis of how Twitter allegedly was used to spy on critics of the Saudi Arabian government. Also featured: A preview of the new NIST Privacy Framework and an update on business email compromise attacks.
In December, PCI SSC plans to publish a new standard for solutions that enable "tap and go" transactions on merchant smartphones and other commercial off-the shelf mobile devices. Troy Leach, the council's CTO, offers insights on the role the standard will play in enhancing security for smaller merchants.
How do you know if you are protecting your real-time communication networks from unwanted calls coming in that appear to be valid, but in fact they are malicious attempts to tie up communication applications such as IVRs or PBX trunks with long call duration times?
Telephone Denial-of-Service (TDoS) attacks are...
Unified Communications fraud continues to cost carriers and enterprises tens of billions of dollars per year. Bad actors typically
commit telecom fraud for financial gains. Bad actors often cover a broad set of call scenarios - from IP-PBX hacking, to subscription fraud, to Wangiri (one ring and cut)
A Trend Micro employee stole and then sold contact information for 68,000 of the company's consumer subscribers, which led to a raft of unsolicited tech support scam calls, the company says. The employee has been fired. The incident highlights the risk of insider threats.
The U.S. Department of Justice has charged three men with perpetrating a campaign to infiltrate Twitter and spy on critics of the Saudi government. Two of the suspects formerly worked for Twitter, allegedly feeding details to Saudi handlers that could be used to identify and locate critics of the Saudi regime.