In the 20 years since the Sept. 11, 2001, al Qaida terrorist attacks on targets in the U.S., the need to shore up critical infrastructure and build resilience into systems remains a priority. But over the past two decades, concerns about physical threats have been displaced by cyber concerns.
The possibility of a terrorist group launching a massive Sept. 11, 2001-scale cyberattack against the U.S. or an ally has been a concern for years, but cybersecurity pros with a background in intelligence and military affairs say such worries are likely unwarranted.
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including how ransomware affiliates change operators and why terrorists aren't launching massive cyberattacks.
The United Nations says its networks were accessed by attackers earlier this year, leading to follow-on intrusions. One cybercrime analyst reports that he'd alerted NATO after seeing access credentials for one of its enterprise resource planning software systems for sale via the cybercrime underground.
The latest edition of the ISMG Security Report features an analysis of the most sought-after type of victim for ransomware-wielding attackers. Also featured: fighting extortion schemes and stress management tips.
"Silence is gold." So says ransomware operator Ragnar Locker, as it attempts to compel victims to pay its ransom demand without ever telling anyone - especially not police. But some ransomware-battling experts have been advocating the opposite, including mandatory reporting of all ransom payments.
Despite a recent slowdown in incidents and some cybercriminals claiming they have stopped or abandoned ransomware attacks, National Cyber Director Chris Inglis says it's "too soon to tell," if the behavior of these groups has changed permanently or if they are waiting for an opportunity to return.
Apparent Babuk ransomware operation spinoff Groove, self-described as being an "aggressive financially motivated criminal organization," has launched as part of the new RAMP cybercrime forum, and is promising affiliates a bigger share of profits than traditional ransomware-as-a-service operations.
The White House is preparing executive branch agencies to adopt "zero trust" network architectures by 2024, with CISA and the OMB overseeing the creation of technology road maps that departments must follow. This is a major component of President Biden's cybersecurity executive order.
On Aug. 25, President Joe Biden invited about 25 technology, insurance, finance and education executives to the White House to discuss pressing cybersecurity issues such as supply chain and critical infrastructure. One of those participants was Resilience CEO Vishaal Hariprasad.
Attackers are actively exploiting a flaw in Microsoft Windows for which no patch is yet available. Microsoft has issued workarounds and mitigations designed to block the zero-day attack for the flaw in the MSHTML browsing engine, which is being exploited via malicious Microsoft Office documents.
Cyberespionage breaches take longer to discover than financial breaches. One of the biggest clues to finding them lies in understanding suspicious network traffic. John Grim of the Verizon Threat Research Advisory Center shares insight from a new study of cyberespionage trends.
An Australian software engineer warns that he was able to create a fake digital COVID-19 vaccine certificate via the government's Express Medicare Plus app, and that the agency in charge has so far failed to acknowledge his bug report. He recommends Australia instead copy the EU's QR code system.
The Ragnar Locker ransomware operation has been threatening to dump victims' stolen data if they contact police, private investigators or professional negotiators before paying a ransom. But as one expert notes: "Perhaps the criminals watched too many TV shows, because this isn’t how the real world works."
There’s no question: 2020 brought unanticipated changes and challenges for financial services. The notable surge in consumers’ use of websites and mobile apps for their banking transactions exposed critical gaps in our digital identity and authentication methods. Keith Swanson of SAS Institute outlines techniques...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.