Microsoft says a zero-day flaw in Windows that was publicly revealed by Google - before a patch was ready - was being exploited by the Russian hacking group known as ATP28 and "Fancy Bear" via spear-phishing attacks.
As investigations into the distributed denial-of-service attack on Singaporean ISP StarHub continue, experts believe that the scale of IoT infections - needed to launch attacks of such severity - and the circumstances perpetuating it are the bigger problems.
A potentially explosive story suggests that there were secret communications between Russia and U.S. presidential candidate Donald Trump's business. But computer security experts have dismissed the report, saying it's based on a flawed interpretation of technical information.
This year, the annual Black Hat Europe conference decamps from Amsterdam to London. What's in store? Everything from mobile ransomware and quantum-resistant crypto to "ego markets" and how to turn Belkin IoT devices into launch pads for DDoS attacks.
The Shadow Brokers - the group that released what are purported to be hacking tools tied to the NSA - returns with what it claims to be a list of exploit-staging servers used by the U.S. intelligence agency to stage its cyber-attack and surveillance operations.
In a sign that investigators are paying more attention to disrupting stresser/booter services, script-kiddie-friendly Hack Forums recently announced that it will be shutting down its related Server Stress Testing forum.
The latest ISMG Security Report kicks off with a bit of history: Comparing the similarities between remediating the year 2000 data problem, known as Y2K, that enterprises faced at the end of the 20th century with today's initiatives to drive IT security by modernizing information systems.
After 10 days of Microsoft not issuing an advisory or fix for a zero-day flaw found by Google that's being actively exploited in the wild, Google publicly revealed details of the flaw. But Microsoft says that puts its users at further risk.
The online advertising industry has a malware problem that, in part, has driven increased use of ad-blocking software. It's facing a complicated task: Clean up the security problems or face possible regulation.
Australia's largest-ever known data leak wasn't caused by hackers. Instead, a contractor mistakenly posted a database of blood donor information on a public website, showing how a simple mistake can have deep repercussions.
Proposed White House guidelines for modernizing federal agencies' IT - a critical step to enhance government cybersecurity - come as the Obama administration winds down. That means the next administration likely could be responsible for implementing the plan - or altering it.
We were promised flying cars. Instead, we get malware-infected CCTVs serving as remote launch pads for digital attacks that help criminals earn cryptocurrency by crashing large parts of the internet. But new defenses offer promise for blunting such attacks.
An evaluation of new U.S. government guidance to prevent the hacking of automotive computers and electronics leads the latest ISMG Security Report. Also, IBM takes responsibility for the impact of a DDoS attack and a preview of the ISMG Healthcare Security Summit.
For healthcare information security professionals, the time has come to adopt a "wartime mindset" to ensure patient information is safeguarded from cyber threats. That's why ISMG has recruited a diverse array of experts to provide timely advice at our Healthcare Security Summit in New York Nov 1-2.