Pemex, Mexico's state-run oil company, is refusing to pay attackers a $5 million ransom after a ransomware attack against the firm's administrative offices, according to news reports. The company is still attempting to recover.
There are robust and detailed discussions in cybercriminal forums on how to attack modern vehicles, seeking clandestine methods to steal cars, says Etay Maor of IntSights. Luckily, hackers aren't aiming to remotely trigger an accident, but there are broader concerns as vehicles become increasingly computerized.
The Sophos 2020 Threat Report is out, and among the key findings: Ransomware attackers continue to leverage automated active attacks that can evade security controls and disable backups to do maximum damage in minimal time. John Shier of Sophos analyzes the trends that are most likely to shape the 2020 cybersecurity...
The U.S. Justice Department Tuesday unsealed an indictment charging Russian national Aleksey Burkov with running an underground site called "Cardplanet" that acted as a clearinghouse for stolen payment card data. Burkov arrived in the U.S. Tuesday after being extradited by Israel.
When large-scale data breaches started to proliferate more than a decade ago, security leaders called for end-to-end data encryption. But that approach no longer suffices, says First Data's Tim Horton, who calls for a new multilayered defense.
The EMV 3D Secure specification faces some milestone dates in Europe and the U.S. What are these milestones, and how does the standard fit into fundamental fraud defenses? Jackie Hersch of Fiserv shares insight.
The U.K. Labour Party says its systems were hit by a large-scale online attack that disrupted access to some campaigning systems, but led to no breach. The attack report comes amidst the Conservative government's refusal to release a report into alleged Russian interference in the Brexit referendum.
A new ransomware-as-a-service model dubbed "Buran" that targets vulnerabilities in certain devices running Windows is offered at a deep discount to help the malware spread faster, according to McAfee researchers.
A new defense company has been formed in United Arab Emirates, combining three government-owned and 22 independent companies in an effort to develop technologies to help thwart cyberattacks and repel military drones.
Bala Kumar of iovation, a TransUnion company, sees a marked spike in identity fraud in general, and at account origination in particular. How does this increase manifest across industry sectors, and how should organizations re-think their defenses?
In June, I wrote an in-depth story about how millions of Instagram users worldwide under 18 years old were exposing their email addresses, phone numbers or both. Instagram has finally made a change to address the issue - but it doesn't go far enough.
Nearly four months after Capital One revealed a massive data breach, Michael Johnson, the bank's CISO, is being moved into an outside advisory role, and the company is scouting for a new security leader, according to the Wall Street Journal.
The latest edition of the ISMG Security Report offers an analysis of how Twitter allegedly was used to spy on critics of the Saudi Arabian government. Also featured: A preview of the new NIST Privacy Framework and an update on business email compromise attacks.
In December, PCI SSC plans to publish a new standard for solutions that enable "tap and go" transactions on merchant smartphones and other commercial off-the shelf mobile devices. Troy Leach, the council's CTO, offers insights on the role the standard will play in enhancing security for smaller merchants.