Personal information for 1,000 North Korean defectors, including their names and addresses, has been stolen via a malware attack, officials in South Korea warn. They've traced the leak to a malware infection at a refugee resettlement center, and say police continue to investigate.
Mark Karpeles, the former head of hacked Tokyo-based bitcoin exchange Mt. Gox, has continued to maintain his innocence during the closing arguments in an embezzlement trial against him, Japanese local media report. Prosecutors are seeking a 10-year prison sentence for the French national.
In the wake of Equifax and other major breaches, sophisticated fraudsters are finding success as never before. Al Pascual of Javelin Strategy and Research discusses how identity impersonation is manifesting.
Digital steganography is the practice of hiding information in plain sight, especially inside other data or images. And a new toolset, which debuted earlier this month at the Black Hat Europe conference, suggests steganography is going to get much more difficult to spot.
President Donald Trump is reportedly continuing to weigh an executive order that would ban all U.S. organizations from using telecommunications hardware built by China's Huawei and ZTE. Australia and New Zealand have blocked the firms from their 5G rollouts, while other nations weigh similar moves.
What not to do after a breach? Share your incident response plan with your attorney and say, "Don't pay too much attention to it; we don't follow it." Randy Sabett of Cooley LLP discusses this and other lessons learned from breach investigations.
In an increasingly complex world of interconnected information systems and devices, more must be done to protect critical infrastructure, says Ron Ross of the National Institute of Standards and Technology.
Critical systems are under attack from external and insider threats. No access or transaction should go unchecked. That's why former federal CISO Gregory Touhill advocates the broad adoption of zero-trust security in the public and private sectors.
Fifteen of the world's biggest "stresser/booter" services, designed to enable users to launch DDoS attacks against sites on demand, have been shut down, and three men who allegedly ran such services have been charged.
Web portals designed to provide convenient service to consumers can pose substantial security risks, as numerous breaches in recent years have clearly illustrated. What steps can be taken to reduce those risks?
Open source components help developers build and deploy applications faster, but with increased speed comes greater risk. Maria Loughlin of Veracode describes how to reduce those risks through several steps, including component inventories and developer education.