Malware designed to get ATMs to spit out their cash - advanced when it first debuted - has been upgraded, according to a report from FireEye. Now, the Ploutus-D malware talks to legitimate ATM middleware, enabling it to target machines from 40 vendors. What does this mean for financial institutions?
A researcher claims WhatsApp has dismissed his finding that there's a backdoor in the application that could allow attackers to unlock encrypted messages. But the controversy is more nuanced - and for most of us, much less threatening - than it might first appear.
Yet another study reveals that millions of people are picking weak passwords, with "123456" remaining our collective favorite. Rules requiring stronger passwords and not forcing passwords to expire both could help boost security.
Yet another power blackout in Ukraine was the result of attackers striking via spear-phishing emails and malware, researchers have confirmed. Ukraine's president blamed the campaign on Russia and said it disrupted a number of critical infrastructure targets.
A list of "super user" passwords - and a default username - now circulating online appears to allow unauthorized access to some webcam video streams, security researchers warn. If confirmed, it would be yet another massive internet of things security failure by a device manufacturer.
While PCI DSS compliance is an important piece of the security checklist, it's not enough to protect retailers from sophisticated Cyber-attacks that fall outside of the cardholder data environment (CDE).
A PCI compliance audit is a little like making sure a lock is on your front door - but it doesn't guarantee...
Sen. Marco Rubio: Don't think of the Russian-government breach of Democratic Party computers as merely an attempt to influence the presidential election, but rather as a sophisticated campaign aimed to spread disarray through the government and society.
Seven state insurance commissioners conclude in a new in-depth report that the massive cyberattack on Anthem Inc. was carried out by a hacker on behalf of a nation-state. But they stop short of naming the nation involved or penalizing Anthem for the breach that affected 80 million.
Because cyberattackers are now using memory-resident malware that leave no trace on the disk, forensics experts using traditional methods will face a challenge, says Christopher Novak, director of Verizon's global investigative response unit.
The KillDisk disk-wiping malware, previously tied to espionage operations, has been updated with crypto-locking capabilities and now targets Linux as well as Windows systems. But security experts warn that attackers using the Linux variant have no way to furnish a decryption key.
To deal with the risks posed by the explosive growth of the internet of things, CISOs and CIOs must expand the scope of their security efforts, says Ganesh Ramamoorthy, vice president of research at Gartner.
Hackers will hack, but any attempt to attribute attacks back to an individual, group or state apparatus too often involves political agendas, cybersecurity marketing moves, attempts to deflect blame or outright errors of interpretation.
Hackers have apparently hijacked potentially thousands of vulnerable MongoDB databases and demanded ransoms for the return of critical data, with some victims paying up, according to security researchers.
A task force led by two lawmakers and a former U.S. CIO recommends the new administration should jettison outdated ways the federal government tackles cybersecurity, saying in a just-issued report: "Once-powerful ideas have been transformed into clichés."
The lack of a smoking gun - absolute certainty - has some security experts not entirely convinced that the Russians or their backers hacked Democratic Party computers in an attempt to sway the U.S. presidential election.