Mexican officials are investigating a series of technical glitches that may have been a prelude to a large cyberattack affecting at least five banks, according to news reports. While the full scope of the incidents remains unclear, up to $20 million may have been stolen.
If operational technology systems need to get connected to IT systems, it's essential to have tight controls on the network, says Lam Kwok Yan, professor of computer science and engineering at Nanyang Technological University in Singapore.
A remote code execution vulnerability revealed in late March in the Drupal content management system is now being used on a large scale for mining the virtual currency monero, a researcher says. At least 400 websites have been infected, and the total number is likely far higher, security experts warn.
Businesses spend billions each year on identity and access management, but almost all of this money is spent on protecting the digital identities of humans - usernames and passwords.
On the other hand, businesses spend almost nothing on protecting machine identities, even though our entire digital economy hinges...
Security vendor ProtectWise says a series of operating mistakes has allowed it to gain insight into a group, believed to be affiliated with Chinese intelligence, that specializes in stealing code-signing certificates. The certificates allow for the signing of malware that's unlikely to raise security alarms.
Industrial control system environments are tough to hack, because each is unique, says Sergio Caltagirone of Dragos. But the recent emergency of Triton malware shows that attackers have been testing how to compromise some environments, which could have catastrophic results.
What are the top cybersecurity threats and trends on security experts' radar? McAfee's Raj Samani and Steve Povolny discuss Olympic Destroyer malware, cryptocurrency mining, the Cambridge Analytica and Facebook scandal and more.
The Thai government has seized servers used to run the so-called GhostSecret cyber espionage campaign that targets organizations in the finance, healthcare and critical infrastructure sectors - and beyond. McAfee suspects the attacks are being launched by "Hidden Cobra" - a hacking group tied to North Korea.
Are you a fraudster craving an easy way to generate Microsoft Office documents with embedded malicious macros designed to serve as droppers that install banking Trojans onto a victim's PC? Say hello to a toolkit that debuted in February called Rubella Macro Builder.
Corporate espionage appears to be the motive behind cyberattacks targeting a variety of medical-related equipment and systems, researcher Jon DiMaggio of Symantec says in an in-depth interview about the activities of a hacker group the company has dubbed "Orangeworm."
At the opening of the RSA Conference in San Francisco, executives from RSA, Microsoft and McAfee offered an update on the state of cybersecurity, focusing on WannaCry. They called for the industry to work more closely together to protect not just individuals but also society.
Security researchers are claiming at least a temporary victory over an enormously productive malware distribution scheme that shuffled as many as 2 million users a day from legitimate websites to malware.
FireEye has noticed an emerging trend: Breach investigations are increasingly prompting audits intended to ensure publicly traded companies are compliant with Sarbanes-Oxley. IT has changed dramatically since SOX became effective 16 years ago. Here's what to keep in mind.
During this session, we walk through applied use of indicators of compromise for several recent malware campaigns. The presentation starts with weak/tactical indicators, which are low cost for attackers to change and build, to strong/strategic indicators, which significantly increase costs to attackers.