In 2010, a computer security firm in Belarus stumbled upon Stuxnet, a mysterious virus of unparalleled complexity that was attacking systems in Iran. Unlike any other virus or worm built before, this one didn't just simply hijack the targeted computers or steal information from them, it escaped the digital realm to...
Monetarily motivated attacks are by far the most prevalent cyberthreats to organizations worldwide, yet vulnerability management techniques have largely failed to adapt to a threat landscape dominated by distributed crimeware. By understanding the commercialization of attack tools and services - particularly the...
Most leaders in fraud or security work in isolation rather than partnership with customers. With facts revealing consumers and business customers to be highly motivated to protect their own PII and financial assets, why do they commonly use weak passwords or ignore fraud alerts and updates? There is a mismatch between...
Cyber-extortion has reached new proportions, with a wide variety of methods, such as distributed-denial-of-service attacks and ransomware variants, being used to extort individuals and organizations. Ransomware-DDoS hybrid attacks, like Cerber, have showcased how attackers have added DDoS capabilities to ransomware....
Deception is the most successful strategy in military history. Just as armies used deceit to conquer continents, cyber-deception is being used by more and more organizations to exploit a hacker's greatest weakness - being a human, after all, behind a keyboard. Deception techniques such as honeypots are not a new. But...
The U.S. Justice Department is reportedly preparing to charge multiple "Chinese middlemen" with helping to orchestrate the $81 million Bangladesh Bank heist on behalf of North Korea. Security experts have long been reporting that the attack code and tactics appear to trace to North Korea.
Secure sockets layer (SSL) and transport layer security (TLS) have become an integral part of the internet, and adoption rates have skyrocketed. More than 45% of websites are encrypted today (up from 30% in October 2015) and 40-50% of enterprise traffic is encrypted, compared to just 25%-35% in 2013. This growth...
Cloud services firm Coupa is one of the latest business email compromise victims, after a fraudster pretending to be its CEO faked out the HR department and stole all of its 2016 employees' W-2 forms. Security experts say rigorous training remains the only viable defense.
The security landscape changed dramatically with the maturation of crypto-ransomware. Not only did this new type of malware bring about a more lucrative business model for attackers, it also spurred the adoption of many so-called 'next-gen' endpoint security techniques.
While these techniques bring impressive new...
The notion of "next-gen" is now promoted by some providers of endpoint security software as a way to improve the efficacy of protecting endpoints from compromise, given the prominent role endpoints play in cybersecurity attacks, the ways in which mobility and cloud apps have expanded the attack surface area, and the...
Several recent health data security incidents serve as reminders of why healthcare entities need to stay focused on efforts to prevent and detect insider breaches, even as attention is diverted by headlines about hacker attacks.
One of the world's biggest botnets, Necurs, is back. But instead of flinging banking Trojans and ransomware, this time it's spouting spam aimed at influencing the price of cheap stocks, say security researchers from Cisco's Talos group.
Leading the latest edition of the ISMG Security Report: FBI Director James Comey's revelation of a counterintelligence investigation of possible ties between Donald Trump's presidential campaign and Russia's actions to influence the U.S. presidential election.
With ransomware attackers having already launched attack code with themes ranging from horror movies and Pokemon to Hitler to cats, it was only a matter of time before they decided to beam Star Trek's Kirk and Spock direct to would-be victims' PCs.
While attackers continue to innovate, traditional intrusion prevention systems (IPS) have stood still, generating low-value alerts for security teams as attackers slip past in pursuit of high-value targets. Organizations have countered by piling more and more equipment on the network hoping to solve the problem....
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.