Hackers behind the FASTCash ATM cash-out attack campaign - tied by the U.S. government to North Korea - use Trojan code designed to exploit bank networks running outdated versions of IBM's AIX Unix operating system, Symantec warns.
Bankers Life is notifying more than 566,000 individuals, including Medicare supplemental insurance policyholders, that their personal information was exposed in a hacking incident. Employee credentials were compromised, enabling unauthorized access to certain company websites containing personal data.
As the pace of technology innovation continues to quicken - including the ability to make payments via everything from Alexa to Facebook Messenger - risk-based security is imperative to maintain a frictionless customer experience, says Tim Ayling of Kaspersky Lab.
An analysis of a crackdown on criminals' use of encrypted communications leads the latest edition of the ISMG Security Report. Also: a preview of ISMG's Healthcare Security and Legal & Compliance summits, including expert insights on vendor risk management.
U.S. Attorney General Jeff Sessions resigned on Thursday at the request of President Donald Trump. While long expected, the move raises questions about the fate of an ongoing investigation into Russia's election hacking.
Once again, a supposedly secure service allegedly marketed to criminals has proven to have limits. Dutch police have busted a "cryptophone" operation, allowing them to decrypt more than 258,000 encrypted chat messages, leading to a drug lab bust, 14 arrests and the seizure of cash, drugs and weapons.
HSBC Bank is warning some of its U.S. customers that their personal data was compromised in a breach, although it says it's detected no signs of fraud following the "unauthorized entry." Security experts say the heist has all the hallmarks of a credential-stuffing attack campaign.
Pakistan says the nation's banks have not been hacked, but adds that they are taking defensive steps after nearly 20,000 payment card details appeared for sale online. The State Bank of Pakistan says banks are implementing restrictions on international transactions.
As ransomware and other cyberattacks continues to proliferate, organizations must improve vendor risk management so they have a plan in place in case a business associate falls victim, says Mitch Parker, CISO of Indiana University Health System, who will speak at ISMG's Healthcare Security Summit in New York.
With the U.S. midterm elections occurring on Tuesday, the "trump" keyword remains king for spammers. "Spam campaigners understand the value of brands, and for spam as for ballots, and whether for or against, the election is all about Trump," security firm Proofpoint says.
Criminals wielding crypto-locking ransomware - especially Dharma/CrySiS, GandCrab and Global Imposter, but also SamSam - continue to attack. Insurance firm Beazley says cyber claims for ransomware have increased in recent months, with the healthcare sector hardest hit.
Want to better block business email compromise - CEO fraud - attacks outright, as well as be able to spot and respond more quickly to any BEC attacks that get through? Incident responder David Stubley details essential defenses all businesses should put in place now.
Australia's largest defense exporter says it hasn't responded to an extortion attempt after ship design schematics were stolen by a hacker. Austal says the material is neither sensitive nor classified.
An Iowa eye clinic and its affiliated surgery center recently recovered from a ransomware attack on their common systems within one day and without paying a ransom. This case offers important reminders to other healthcare entities and their vendors about advance planning.
The latest edition of the ISMG Security Report features Kevin McDonald of the Mayo Clinic discussing how to secure connected medical devices. Plus, updates on the indictments of Chinese agents for hacking and the unveiling of the Financial Services Sector Cybersecurity Profile.