South Korean police investigating the hack of a cryptocurrency exchange are eyeing North Korean hackers as the likely culprits. North Korea has also been tied to recent phishing campaigns and other attacks, including what appears to be the first case of nation-state malware designed to infect point-of-sale devices.
Police in Romania have arrested five individuals on suspicion of launching crypto-locking ransomware attacks. Three men are accused of targeting Europeans via spam carrying CTB Locker, while two men have been charged with using Cerber to target U.S. victims.
A British teenager has avoided jail time after pleading guilty to thousands of DDoS disruptions against Amazon, Netflix, NatWest Bank and others. Separately, a U.S. man has pleaded guilty to launching DDoS attacks on behalf of Lizard Squad and PoodleCorp, among other offenses.
Federal regulators have set up online resources to help healthcare providers as well as consumers navigate circumstances under which HIPAA permits a covered entity to disclose mental health or substance abuse information to a patient's family members and caregivers.
Kaspersky Lab has sued the U.S. Department of Homeland Security for issuing an order that bans the Moscow-based anti-virus firm's software from being used on federal systems, saying DHS violated the company's right to respond to the allegations against it.
An analysis of the cyber component of the Trump administration's just-published National Security Strategy leads the latest edition of the ISMG Security. Also, DHS and industry establish a cyber coordinating council to help secure the U.S. electoral system.
The Trump administration has belatedly announced that hackers tied to the government of North Korea were behind the WannaCry ransomware outbreak that began in May and infected more than 200,000 endpoints across 150 countries. Why is the White House only now airing its attribution?
In an usual move, federal regulators have made arrangements to have a cyber insurer cover a $2.3 million HIPAA penalty on behalf of a bankrupt cancer care clinic chain, 21st Century Oncology, which also signed false claims settlements totaling $26 million.
Bitcoin-seeking phishing attacks have been trying to socially engineer would-be cryptocurrency exchange executives, warn researchers at Secureworks. The attacks use Word documents with malicious macros and control code previously seen in attacks launched by the Lazarus Group, which has been tied to North Korea.
Legislation pending in Congress that would offer protections for companies and individuals who seek to "hack back" in retaliation against cybercriminals who have attacked them is a bad idea, contends Alan Brill of Kroll.
With just a few months left until the EU's General Data Protection Regulation will be enforced, too many so-called "experts" are spreading fear and falsehoods about the regulation, says Brian Honan, a Dublin-based cybersecurity consultant, who clarifies misperceptions in an in-depth interview.
The latest ISMG Security Report leads with a report on a malware attack on an industrial safety system that experts contend could threaten public safety. Also, legislation giving DHS's cybersecurity unit a meaningful name progresses through Congress.
Bitcoin's massive rise in value and hype continues to draw the attention of hackers, scammers and organized crime. Flaws in bitcoin mining firmware and hacks of wallet software show that the infrastructure associated with cryptocurrency is not always well-secured.
A new U.S. law signed by President Donald Trump prohibits federal agencies from running anti-virus software from Moscow-based Kaspersky Lab. The company criticized the action, saying it's being singled out based solely on where its corporate headquarters is located.