Malware designed to get ATMs to spit out their cash - advanced when it first debuted - has been upgraded, according to a report from FireEye. Now, the Ploutus-D malware talks to legitimate ATM middleware, enabling it to target machines from 40 vendors. What does this mean for financial institutions?
A researcher claims WhatsApp has dismissed his finding that there's a backdoor in the application that could allow attackers to unlock encrypted messages. But the controversy is more nuanced - and for most of us, much less threatening - than it might first appear.
Yet another study reveals that millions of people are picking weak passwords, with "123456" remaining our collective favorite. Rules requiring stronger passwords and not forcing passwords to expire both could help boost security.
HHS has issued new health data privacy guidance and announced a contest to create an online "model privacy notice generator." Plus, it's issued a reminder about the importance of reviewing and securing audit logs to help prevent and detect breaches.
England's largest health trust has been hit by a suspected cyberattack that led to IT administrators taking many systems offline at four hospitals in London while the matter gets investigated. The trust says it has not yet determined whether the disruption was malicious, but it has ruled out ransomware.
Examining the causes of a cyberattack that blacked out Ukraine's power system leads the latest edition of the ISMG Security Report. Also, a report on the Anthem breach and commentary on President-elect Donald Trump's characterization of cybersecurity.
Rudy Giuliani, the former New York mayor who's been tapped by U.S. president-elect Donald Trump to lead a cybersecurity corporate outreach program, runs a security consulting firm with a website that's been given a failing grade for its security.
Yet another power blackout in Ukraine was the result of attackers striking via spear-phishing emails and malware, researchers have confirmed. Ukraine's president blamed the campaign on Russia and said it disrupted a number of critical infrastructure targets.
Although HIPAA requires healthcare organizations to conduct a periodic security risk analysis focused on systems containing PHI, larger entities should also perform more comprehensive security self-assessments, advises CISO David Loewy of SUNY Downstate Medical Center, who explains his approach.
A list of "super user" passwords - and a default username - now circulating online appears to allow unauthorized access to some webcam video streams, security researchers warn. If confirmed, it would be yet another massive internet of things security failure by a device manufacturer.
President-elect Donald Trump says he accepts the assessment of the U.S. intelligence community that Russia President Vladimir Putin directed cyberattacks against Democratic Party computers and a social media campaign in an attempt to influence the results of the U.S. presidential election.
The U.S. Federal Trade Commission has filed a complaint against router and camera manufacturer D-Link for allegedly failing to secure its products. Experts say it's the opening salvo in what could be a long-term battle to fix IoT devices.
Both President-elect Donald Trump and the Kremlin have dismissed an explosive report - containing unverified allegations - that they engaged in a "well-developed conspiracy of cooperation" designed to target Hillary Clinton and other Democrats via hacking and other tactics.
Sen. Marco Rubio: Don't think of the Russian-government breach of Democratic Party computers as merely an attempt to influence the presidential election, but rather as a sophisticated campaign aimed to spread disarray through the government and society.