In the wake of Juniper Networks finding "unauthorized code" in its firewall firmware that could be used to remotely access devices and encrypted communications, Cisco is reviewing its own code for signs of tampering. Will other vendors follow suit?
GOP presidential hopeful Carly Fiorina proposes standing up a centralized cyber command that would be responsible for all aspects of government IT security response. But such a plan could face resistance in Congress if it gives the military authority over federal civilian cybersecurity.
A U.S. House committee recently passed legislation that's aimed at helping law enforcement bring to justice cybercriminals from other nations who buy and sell payment card data stolen from U.S. citizens. But would it really help the global fight against cybercrime?
Here's how police and intelligence officials in Europe and the United States are collaborating to identify and disrupt the network of people that planned, supported and launched the Nov. 13 terror attacks in Paris.
Buoyed by massive illicit profits, cybercriminals have continued to refine their ransomware attacks, including updating their crypto techniques to foil decryption tools, encrypting file names and threatening to leak stolen secrets.
The FFIEC has issued an alert calling on financial institutions to take specific risk mitigation steps in light of an increase in the frequency and severity of cyberattacks involving extortion. Fraud experts applaud the move while offering additional recommendations.
The quantity and duration of distributed denial-of-service attacks continue to increase. The latest attacks are being launched via MySQL servers infected with Chikdos malware, as well as compromised Internet-connected CCTV systems, researchers say.
ATM fraud losses are increasing globally, and we can expect to see this trend continue as the U.S. ramps up its migration to EMV at the point of sale. Unattended terminals are easy to compromise, and they will always be among fraudsters' favorite targets.
FBI Director James Comey's declaration that the Obama administration will not pursue legislation to require vendors to create a backdoor that would permit law enforcement to circumvent encryption on mobile devices isn't the end of the matter.
Reports that a Linux-based botnet has been lobbing 160 Gbps packet storms highlight how DDoS attacks remain alive and well. Experts also warn that DDoS attackers are mixing Windows and Linux malware and running extortion scams.
Adjusting risk management strategies in the aftermath of the newly discovered hacker attack on Excellus BlueCross BlueShield, as well as other recent massive cyber-attacks, will be among the hot topics discussed at the Healthcare Information Security Summit in San Francisco on Sept. 17.
Policymakers must consider three factors before imposing sanctions in retaliation for state-backed hacks: Confidence in its attribution of responsibility, the impact of the incident and the levers of national power at a state's disposal.
International law enforcement agencies are warning banking institutions and businesses about extortion attacks being waged by an entity known as DD4BC, or DDoS for Bitcoin. They're advising organizations not pay any ransom and to notify their ISPs and law enforcement officials of any threats.
Lizard Squad, which markets the Lizard Stresser distributed denial-of-service attack tool, appears to have targeted the public-facing website of the U.K.'s National Crime Agency in retaliation for its recent DDoS-tool crackdown.