One mystery with the recently discovered payment card sniffing attacks against such organizations as British Airways and Newegg has been how attackers might have first gained access to the victims' networks. But a number of cybercrime markets sell such access, in some cases for as little as 50 cents.
Attack code known as EternalBlue, designed to exploit a Windows SMB flaw, continues to work for attackers despite Microsoft having issued patches more than a year ago. One major U.S. business was a recent victim as part of a cryptocurrency-mining malware campaign, a researcher reports.
Intel has had a challenging time lately on the vulnerability front. It has issued yet another patch for its Management Engine after a researcher was able to extract two types of encryption keys. The problem was a repeat of one that Intel patched just last year.
Keeping endpoint security up to date is a struggle for small to mid-sized companies that have less resources than larger companies, yet have the same risk of attack. And that risk is only increasing. In 2017, the number of ransomware attacks increased by 30x and the number of breaches increased by 40%.
While tech-support scams have proliferated for years, the FBI says losses tied to such fraud are now higher than ever. Google has pledged to crack down on fake tech-support listings. But fraudsters regularly employ a variety of channels, including cold calls, pop-up windows and phishing emails.
A lawsuit accuses Google of "the surreptitious location tracking of millions of mobile phone users." The legal action was sparked by a report demonstrating that some Google apps tracked and time-stamped users' locations even if a user deactivated the "location history" setting.
The current state of endpoint security is a "good news / bad news" situation. The good news is that in recent years there has been a modest trend towards fewer vulnerability disclosures, meaning slightly fewer potential ways for computing infrastructures to be exploited. The bad news is that an increasing percentage...
Why are attacks so successful? Legacy endpoint security products are creating more problems than they solve. There is too much cost and complexity, defenses aren't keeping up, and security staff is stretched thin.
Traditional server security controls were not built for ransomware, cryptojacking and other modern attacks. Paul Murray of Sophos discusses deep learning, anti-exploit technology and other key elements of the new wave of server defenses.
Devising an effective national IoT security strategy requires four essential steps, says Rishi Bhatnagar, chairman of the Institution of Engineering and Technology's IoT panel India, who describes them in this interview.
Have you heard the statistics supporting the fact that every enterprise - from airlines and appliance manufacturers to banks and hospitals - needs to make a digital transformation? By 2020, 72% of the world's employees will be mobile workers, more than 20B devices will be connected to the internet of things and we'll...
Ovum, a market-leading research and consulting business that helps enterprises thrive in the connected digital economy, explains why every enterprise should put stronger authentication service on their radar as a means of better securing their companies data and minimizing their fraud exposure risk all while...
After years of focus, the needle is moving positively toward improving medical device security. But what about the growing cybersecurity issues associated with enterprise IoT? Mac McMillan of CynergisTek shares his concerns.