Two researchers who launched a crowdsourced effort to subscribe to the Shadow Brokers' monthly leak of stolen Equation Group exploits - on behalf of the entire information security community - have dropped their effort, citing legal concerns.
As the adversaries develop new methods to strike at increasingly vulnerable digital infrastructures, it is time businesses take a hard look at the way defense is approached and recast security models to drive the cost to the attacker up, says Palo Alto Network's Sean Duca.
In an in-depth interview about a new study that identifies thousands of vulnerabilities in cardiac devices, security researcher Billy Rios calls on manufacturers to more carefully consider the compromises they make in balancing the usability benefits to patient care versus the cybersecurity risks.
Two security researchers are attempting to crowdfund a recurring subscription fee to Shadow Brokers' monthly exploit dump club in hopes of helping to prevent or blunt future outbreaks of the WannaCry variety. Cue ethical debate.
Russian threat intelligence firm Group-IB alleges that North Korea is behind recent attacks against financial institutions in Europe employing fraudulent SWIFT messages. But other experts caution that such conclusions shouldn't be made solely based on technical data.
Restaurant chain Chipotle Mexican Grill says customers' payment card data was stolen via point-of-sale malware installed at the vast majority of its more than 2,000 restaurant locations for more than three weeks.
Leading the latest edition of the ISMG Security Report: Secretary John Kelly's congressional testimony on how DHS led government efforts to mitigate the WannaCry ransomware attacks. Also, reports on ransomware defenses as well as big data and machine learning combining to secure IT.
The identity of the individual or group behind the global WannaCry ransomware campaign remains unclear. But whoever wrote the ransom notes appears to have been fluent in Chinese and pretty good at written English, according to a linguistic analysis from security firm Flashpoint.
In the wake of WannaCry, there's a critical new flaw in Samba, which provides Windows-based file and print services for Unix and Linux systems. Security experts say the flaw is trivial to exploit. US-CERT recommends immediate patching or workarounds.
A number of media reports have recently suggested there's a "link" between WannaCry and the Lazarus hacking group, implying that North Korea authorized the ransomware campaign. But based on the evidence available so far, it's much too early to attribute the attacks to anyone.
Target has reached a record settlement agreement with 47 states' attorneys general over its 2013 data breach. The breach resulted in hackers compromising 41 million customers' payment card details and contact details for more than 60 million customers being exposed.
DSCI is working with the FIDO Alliance in an effort to eliminate the use of passwords for authentication in India. But some security practitioners question whether that's a realistic approach that will prove effective. go
The Donald Trump administration, in its fiscal 2018 budget, outlines steps it contends would strengthen the U.S. federal government's information systems, even as it would cut some cybersecurity spending at specific agencies.