The steady stream of new reports about years-old breaches continues as Imgur, the popular photo-sharing service, belatedly warns that it suffered a breach in 2014 that compromised 1.7 million users' accounts.
Like its mythological namesake, the source code for Zeus malware appears to be immortal. New variants continue to surface, including the Terdot banking Trojan, which is also designed to steal email and social networking credentials while remaining hidden.
HyphBot botnet malware is forcing infected PCs to sneakily view high-priced video ads, allowing fraudsters to reap upwards of $1.3 million in daily ad spending, a Danish advertising technology firm warns. The scheme highlights the challenges facing online advertisers seeking legitimate viewers.
Give crooks credit for topicality: They remain loathe to miss a trick. Indeed, hardly any time elapsed after Uber came clean about the year-old breach it had concealed before crack teams of social engineers unleashed appropriately themed phishing messages designed to bamboozle the masses.
U.S. prosecutors have unsealed an indictment against an Iranian man charged with trying to extort entertainment company HBO for $6 million in bitcoins. The case marks a rare public naming of someone accused of cyber extortion, which poses an increasing risk for all organizations.
U.S. government agencies now find themselves having to comply with Binding Operational Directive 18-01 to enhance email and web security. What are the immediate tasks? Patrick Peterson of Agari offers insight and advice.
We all see the headlines about high-profile breaches that started because of a phishing exploit. But how severe is the global email infiltration problem? Patrick Peterson of Agari offers insight and advice.
A House committee is urging HHS to act soon on a recommendation made by its cybersecurity task force: Develop a description of the cyber risks of components of medical devices. But a task force member says Congress should be pressing HHS to take action on all of the panel's recommendations, not just one.
Security experts are awaiting more details from Intel about two classes of vulnerabilities in its chips that could put organizations' most trusted data at risk. Millions of computers are affected, and computer manufacturers must prepare and distribute customized patches.
Recent versions of Windows have a security problem: They're not random enough, CERT/CC warns. The problem centers on certain uses of ASLR, which is designed to block return-oriented programming techniques and code reuse attacks.
HealthcareInfoSecurity Executive Editor Marianne Kolbasuk McGee reflects on the just-concluded Healthcare Security Summit in New York in the latest edition of the ISMG Security Report. Also, PCI Security Standards Council CTO Troy Leach addresses ransomware risks.
A British man who was initially arrested on suspicion of hacking English socialite Pippa Middleton's iCloud account has been sentenced to serve a three-year prison sentence after he pleaded guilty to unrelated fraud and blackmail crimes. But he may also have ties to The Dark Overlord extortion gang.
A veteran security researcher has become entangled in a conflict with Chinese drone manufacturer DJI over his security vulnerability report, which initially qualified for the manufacturer's bug bounty program. The researcher says communications broke down after he refused to sign a legal agreement.