South Korean cryptocurrency exchange Upbit says hackers have stolen $49 million worth of ethereum, in what is the year's seventh major cryptocurrency heist. Much of the $158 million stolen so far this year is likely fueling the North Korean regime's appetite for luxury goods and weapons of mass destruction.
An audit from the U.S. Energy Department's Inspector General finds that the agency is prone to making the same cybersecurity mistakes year-after-year. This includes exposing critical infrastructure, including nuclear facilities, to outside hacking and attacks.
T-Mobile says it suffered a breach of prepaid accounts as a result of unauthorized access to its systems. The exposed data includes names, billing addresses, phone numbers, account numbers, rate plans and more.
The FCC voted unanimously Friday to ban telecommunications companies from using FCC funds to buy equipment from Chinese manufacturers Huawei and ZTE because they pose a "national security threat." Also under consideration is a plan to rip and replace equipment from the firms.
This edition of the ISMG Security Report features an analysis of the very latest ransomware trends. Also featured: Discussions of Microsoft's move to DNS over HTTPS and strategies for tackling IoT security challenges.
While IoT devices are entering enterprises at a rapid pace, the security practices around them are as much as 20 years behind those for enterprise computing, says Sean Peasley of Deloitte, who outlines steps organizations can take to ensure safe IoT computing.
Multifactor authentication is gaining traction - but it also is causing additional user friction when deployed poorly. Corey Nachreiner and Marc Laliberte of WatchGuard Technologies discuss how best to deploy and administer MFA.
A House impeachment hearing has revealed that President Donald Trump spoke by phone with a key ambassador - who was sitting in a Kiev restaurant - about "investigations." If that mobile phone call was unsecured, security experts say, foreign intelligence agencies could have intercepted it.
There are robust and detailed discussions in cybercriminal forums on how to attack modern vehicles, seeking clandestine methods to steal cars, says Etay Maor of IntSights. Luckily, hackers aren't aiming to remotely trigger an accident, but there are broader concerns as vehicles become increasingly computerized.
In June, I wrote an in-depth story about how millions of Instagram users worldwide under 18 years old were exposing their email addresses, phone numbers or both. Instagram has finally made a change to address the issue - but it doesn't go far enough.
In December, PCI SSC plans to publish a new standard for solutions that enable "tap and go" transactions on merchant smartphones and other commercial off-the shelf mobile devices. Troy Leach, the council's CTO, offers insights on the role the standard will play in enhancing security for smaller merchants.
A handful of common lures still have astounding success in compromising computers: phishing emails, malicious links and the king of them all: the malicious Microsoft Office document. But Microsoft is introducing virtualized containers in Office 365, which will isolate untrusted documents.
Say hello to NortonLifeLock, as Symantec anti-virus for consumers is no more, following the sale of Symantec's enterprise assets and name to Broadcom for $10.7 billion. But can the new, pure-play consumer "cyber safety" business succeed where the combined consumer and enterprise business previously stumbled?