Good news for Microsoft Windows users: The Equation Group exploit tools dumped this month by Shadow Brokers don't work against currently supported versions of Windows, largely thanks to patches Microsoft released in March. But who tipped off Microsoft?
Concern about privacy spurs consumers to work more closely with their banks, says Robert Zerby, vice president and financial crimes manager within the Community Banking Risk Management division at Wells Fargo Financial Crimes Risk Management.
Leading the latest version of the ISMG Security Report: A tale of how a dedicated manager spent her weekends monitoring video of ATMs led to the capture of a criminal skimmer. Also, the growing sophistication of cybercriminals.
When she first joined the Los Angeles County district attorney's office, Maria Ramirez prosecuted street gangs. Now she's cracking down on cyber gangs and is opening her case file to share lessons learned from cases involving business email compromise and ransomware.
An increase in unemployment isn't always a bad sign. It could reflect that more people are entering the workforce and looking for work, but have yet to land jobs. Could that be happening with IT security practitioners?
The recent fix for a zero-day flaw in Microsoft Office appeared more than five months after Microsoft was privately alerted to the flaw, and followed months of it being exploited via in-the-wild attacks. Can Microsoft do better?
Mayra Koury wears a lot of hats at $2 billion Tech Credit Union in San Jose. One of them is fraud investigator. Hear how she single-handedly staked out the institution's ATMs and helped law enforcement catch a skimming fraudster in action.
Many media outlets have suggested that the recent arrest of a Russian computer programmer ties to the 2016 U.S. presidential election meddling blamed on Russia. But the only source for this supposed connection traces to a Russian propaganda arm that's been blamed for participating in said meddling.
Forty targets in 16 countries were attacked using advanced attack tools and techniques that match the capabilities documented via the "Vault 7" stash of alleged CIA network exploitation documents released by WikiLeaks, Symantec says.
Spanish police arrested Russian computer programmer Pyotr Levashov, apparently while he was vacationing with his family. Authorities say his arrest relates to alleged Kelihos spam botnet and pump-and-dump stock campaigns, not to Russia's alleged interference in the 2016 U.S. presidential election.
A zero-day flaw in Microsoft Office is being targeted via in-the-wild attacks, security firms warn, including by the notorious Dridex botnet. While there is a workaround, Microsoft says it plans to issue a full fix this week as part of its regularly scheduled security updates.
A North Korean IP address has turned up in an investigation by Kaspersky Lab into attacks against banks' SWIFT systems. The finding is a strong indication that the Lazarus hacking group may be run by North Korea.
The latest edition of the ISMG Security Report leads off with an interview with the co-editor of a new book, Inside Threat, who uses examples from the physical world that can be applied to the virtual world. Also, organizations fall short on offering identity protection services.
A Government Accountability Office audit suggests a lack of guidelines led the Office of Personnel Management to provide duplicate identity protection services to about 3.6 million individuals victimized by two 2015 data breaches.
The FCC is warning that a scam focuses on tricking people into saying the word "yes" on the phone, which fraudsters record and later reuse as a voice signature in an attempt to make fraudulent charges on utility or credit card accounts.