The Dark Overlord, a hacking group that hijacks data from businesses and holds it for ransom, is now threatening school districts. The apparent intent isn't to get ransoms from schools per se, but to create a fear campaign designed to scare big businesses into paying the group's ransoms.
An analysis on finding a replacement for Social Security numbers as an identifier for individuals leads the latest edition of the ISMG Security Report. Also, assessing Kaspersky Lab's responsibility for the hack of an NSA contractor's computer.
Malware-wielding attackers reportedly hacked into a Taiwanese bank last week and transferred nearly $60 million via fraudulent SWIFT money-moving messages to accounts in Cambodia, Sri Lanka and the United States. Authorities say most of the stolen funds have been recovered.
The commenting platform Disqus is resetting passwords after discovering that its database was breached in 2012. The breach is one of several older breaches that have only now come to light, thanks to the stolen data having surfaced. But how many older breaches have yet to be discovered?
The upcoming enforcement of GDPR puts the spotlight on data governance, but what about the potential impact on vendor risk management? Jacob Olcott of BitSight discusses how to prepare for this new generation of cybersecurity regulations.
If an NSA analyst took malware home and it was stolen from his home PC by a foreign intelligence agency, who are you going to blame? As the U.S. government's campaign against Kaspersky Lab intensifies, here are 10 facts, clarifications and likelihoods to keep in mind.
An Arkansas-based surgery center was recently hit by ransomware that rendered some imaging files, including X-rays, inaccessible. The incident points to the need to carefully assess the risks to all the diverse systems in use at healthcare organizations.
Hackers working for Russia gained access to the home computer of an NSA employee in 2015, pilfering highly classified material and spying code. U.S. officials claim Kaspersky Lab's software helped the hackers, but numerous questions remain unanswered. We round up the issues in play.
Leading the latest edition of the ISMG Security Report: A deep dive into how continuously monitoring user behavior could replace passwords as a means of authentication. Also, U.S. federal agencies continue to fall short on IT security.
Equifax ex-CEO Richard Smith asserts that a single employee's failure to heed a security alert led to the company failing to install a patch on a critical system, which was subsequently exploited by hackers. But his claim calls into question whether poor patch practices and management failures were the norm.
In response to nation-state attackers targeting its account users, Google reportedly is planning to offer stronger authentication to politicians, corporate executives and other at-risk individuals as part of a service called the Advanced Protection Program.
Two dozen federal agencies continue to experience security weaknesses in five critical areas, putting government systems and data at risk, according to a new watchdog agency report. But which agency spends the most on IT security?
When Yahoo first disclosed a massive 2013 breach last year, it said 1 billion accounts appeared to have been compromised. But the search giant, now owned by Verizon, says "new intelligence" has revealed that the breach compromised every single Yahoo account, affecting 3 billion users in total.
A top Department of Homeland Security cybersecurity official says DHS is seeking to play a more active role in responding to cyber incidents at other U.S. federal agencies. At a House hearing, the top DHS policymaker also said securing the U.S. election system is his No. 1 priority.
The latest edition of the ISMG Security Report is devoted to a special report on how enterprises around the world should prepare for the European Union's General Data Protection Regulation, which starts being enforced in May.