The U.S. Office of Personnel Management breach continues to reveal such staggering levels of information security problems, paper-pushing and seeming incompetence that it's creating a new cyber-espionage category: the "victim-as-a-service" provider.
This year's Infosecurity Europe conference in London is offering a top-notch range of sessions, ranging from how to battle cybercrime and social engineering to building a better security culture and workforce. Here's my list of must-see sessions.
Britain's computer emergency response team - CERT-UK - reports that malware remains the dominant mode of online attack for cybercriminals, and Zeus their most preferred tool of choice. But the team is promoting a free information-alert service to help.
The FBI is offering a big-stakes reward for an alleged criminal who ranks at the top of its "cyber most wanted" list. But one cybercrime expert asks: "Would you cross the Russian mafia or some organized crime gang for $3 million?"
Much of today's crime is "cyber-enabled," warns cybercrime expert Raj Samani, and successfully blocking such attacks increasingly demands not just better technology and public-private collaboration, but also an understanding of psychology.
Community banking institutions are at great risk of cyber-attack because they often don't think they're targeted, says Scott McGillivray of Pacific Continental Bank, who describes how to convey this risk to senior management.
More hackers are holding data for ransom, demanding everything from bitcoins to the shutdown of nuclear reactors, under the threat of leaking sensitive information. But it's not clear how many such attacks generate revenue for attackers.
Ransomware attacks are getting more agile, varied and widespread, and are increasingly taking aim at businesses of all sizes in all sectors, rather than consumers. That's why employee education is so critical.
As a result of the explosive growth in worldwide use of smart phones, mobile malware will play a much bigger role in fraud this year, predicts Daniel Cohen, a threat researcher for RSA, which just released its 2014 Cybercrime Roundup report.
Adobe confirms that a zero-day flaw exists in its Flash browser plug-in and promises to soon release Windows, Mac and Linux fixes for affected versions of Flash Player. The vulnerability is reportedly already being targeted by in-the-wild attacks.
Except for the leak of celebrities' private data, the "wiper" malware attack against Sony Pictures Entertainment shares "extraordinary" similarities with previous wiper attacks in Saudi Arabia and South Korea, a security researcher finds.
Citadel financial malware has been upgraded to steal master passwords for software designed to securely store lists of usernames and passwords, according to IBM's Trusteer unit. Security experts offer insights on how to respond to the threat.