Three banks and a pharmaceutical company in India are reported to have been hacked by attackers who compromised IT administrators' computers using Lechiffre ransomware, demanding payment in bitcoins. How should CISOs defend against extortion?
Cybercriminals are in mourning after the shocking announcement from Oracle that it will deep-six its beloved Java Web browser plug-in technology, owing to browser makers failing to support "standards based" plug-ins.
Israel has reportedly foiled a "severe cyberattack" launched against the Israeli Electricity Authority. The malware attack doesn't appear to have resulted in any disruption to the country's power grid, but many government systems remain offline.
Sophisticated phishing campaigns, increasingly targeted because of social media, are fueling business email compromises - a growing wire fraud scheme that is attacking businesses worldwide, says Jim Hansen of PhishMe.
Security experts are warning that Chinese networking product manufacturer TP-Link has been shipping routers with a WiFi password that's based on their MAC address, thus making their passwords easy for would-be attackers to sniff.
The Ukrainian energy sector is being targeted by fresh phishing attacks, the country's computer emergency response team warns. But it's not clear who's behind those campaigns, or a recent malware infection at Kiev's main airport.
Because of the U.S. migration to EMV, 2016 is expected to be a watershed year for mobile payment adoption, says Randy Vanderhoof of the EMV Migration Forum. Now, he says, the industry should be more focused on new applications hitting the market than on the number of adopters.
Extortion campaigns waged by cybercriminals are expected to become more damaging in 2016, putting additional pressure on CISOs to enhance protection of internal networks and educate employees about extortionists' techniques, says iSight Partner's John Miller.
Here's why the acquisition of rival threat-intelligence firm iSight Partners by breach investigation heavyweight FireEye makes sense, and why market watchers predict that other stand-alone intelligence firms will soon get snapped up.
A new report from security firm FireEye that says the mobile banking Trojan dubbed SlemBunk is rapidly becoming more sophisticated illustrates why mitigating mobile malware risks must be an urgent priority for banks this year.
Cryptocurrency exchange Cryptsy has revealed that it suffered a 2014 hack attack that now leaves it insolvent. The exchange is appealing to its attacker to return the stolen bitcoins, worth $5 million today - no questions asked.
The FBI is investigating the point-of-sale malware breach at hotel chain Hyatt, which says related infections stretched for four months and affected 250 hotels worldwide. But Hyatt has yet to reveal how many customers or payment cards were compromised - or how attackers got in.
Tracing bitcoin transactions, some security experts suspect multiple gangs have each amassed more than $1 billion, making them the equivalent of "unicorns" - a term venture capitalists apply to extremely successful startup firms. In case there was any doubt, cybercrime really does pay.
The discovery of a serious remote code execution flaw in Trend Micro's consumer security software - now patched - is a reminder that even security software has code-level flaws. But shouldn't security vendors be held to a higher standard than others?