A look at President Donald Trump's pick for the Department of Homeland Security secretary, Kirstjen Nielsen, leads the latest edition of the ISMG Security Report. Also featured: Equifax's and TransUnion's problem with dubious code.
A Belgian security researcher has discovered a "serious weakness" in the WPA2 security protocols used to encrypt many WiFi communications. Attackers can exploit the flaws to eavesdrop as well as potentially inject code such as malware or ransomware into WiFi-connected systems. Prepare for patches.
The RSA Conference returns to Abu Dhabi in November, and event organizers Linda Gray Martin and Britta Glade say this year's agenda is packed with new speakers and topics unique to this growing annual event.
Security researchers have discovered websites run by credit bureaus Equifax and TransUnion were both affected by dodgy code that redirected users to adware and malware. Both issues are fixed, but the situations beg questions about how closely the companies monitor their online security.
For the second time in two years, Hyatt Hotels suffered a payment card data breach after attackers infected payment card processing systems with malware. The latest breach lasted for over three months and affected 41 Hyatt hotels across 11 countries.
It's a tale that reads stranger than fiction, a true Tom Clancy-ish yarn: Israeli spies hacked Kaspersky Lab, discovering that Russia has been using the company's pervasive anti-virus software to spy on U.S. spies. Will Kaspersky Lab survive?
The Dark Overlord, a hacking group that hijacks data from businesses and holds it for ransom, is now threatening school districts. The apparent intent isn't to get ransoms from schools per se, but to create a fear campaign designed to scare big businesses into paying the group's ransoms.
Malware-wielding attackers reportedly hacked into a Taiwanese bank last week and transferred nearly $60 million via fraudulent SWIFT money-moving messages to accounts in Cambodia, Sri Lanka and the United States. Authorities say most of the stolen funds have been recovered.
Criminals in Mexico have added endoscopes to their ATM-attack toolkits, warns cash-machine manufacturer NCR. Pairing endoscopes with "black box" attacks can enable criminals to defeat sensors and instruct an ATM to dispense all of its cash.
If an NSA analyst took malware home and it was stolen from his home PC by a foreign intelligence agency, who are you going to blame? As the U.S. government's campaign against Kaspersky Lab intensifies, here are 10 facts, clarifications and likelihoods to keep in mind.
Hackers working for Russia gained access to the home computer of an NSA employee in 2015, pilfering highly classified material and spying code. U.S. officials claim Kaspersky Lab's software helped the hackers, but numerous questions remain unanswered. We round up the issues in play.
Equifax ex-CEO Richard Smith asserts that a single employee's failure to heed a security alert led to the company failing to install a patch on a critical system, which was subsequently exploited by hackers. But his claim calls into question whether poor patch practices and management failures were the norm.
At the first of three Congressional hearings slated this week to examine the Equifax mega-breach, one Republican said of the company's delay in detecting the breach: "It's like the guards of Fort Knox forgot to lock the doors and failed to notice the thieves were emptying the vaults."
Upscale supermarket chain Whole Foods Market says it's investigating a payment card breach affecting dozens of taprooms and an unspecific number of restaurants located inside its stores. But it says no point-of-sale systems at checkout lanes were compromised.
French competitive beard-grower Gal Vallerius was arrested in Atlanta while traveling to the World Beard and Moustache Championships in Texas on charges that he's a darknet marketplace administrator and vendor of controlled substances known as "OxyMonster."