Bitcoin-seeking phishing attacks have been trying to socially engineer would-be cryptocurrency exchange executives, warn researchers at Secureworks. The attacks use Word documents with malicious macros and control code previously seen in attacks launched by the Lazarus Group, which has been tied to North Korea.
Legislation pending in Congress that would offer protections for companies and individuals who seek to "hack back" in retaliation against cybercriminals who have attacked them is a bad idea, contends Alan Brill of Kroll.
With just a few months left until the EU's General Data Protection Regulation will be enforced, too many so-called "experts" are spreading fear and falsehoods about the regulation, says Brian Honan, a Dublin-based cybersecurity consultant, who clarifies misperceptions in an in-depth interview.
The latest ISMG Security Report leads with a report on a malware attack on an industrial safety system that experts contend could threaten public safety. Also, legislation giving DHS's cybersecurity unit a meaningful name progresses through Congress.
Bitcoin's massive rise in value and hype continues to draw the attention of hackers, scammers and organized crime. Flaws in bitcoin mining firmware and hacks of wallet software show that the infrastructure associated with cryptocurrency is not always well-secured.
A new U.S. law signed by President Donald Trump prohibits federal agencies from running anti-virus software from Moscow-based Kaspersky Lab. The company criticized the action, saying it's being singled out based solely on where its corporate headquarters is located.
What does the title National Protection and Programs Directorate mean to you? It's not so clear, unless you are familiar with the Department of Homeland Security's organizational chart. To clarify its mission, the House has voted to rename - and revamp - the DHS agency.
Most of the criminal activity targeting today's enterprises originates at the endpoint, and the majority of modern breaches use known threats or vulnerabilities for which a patch already exists. For this reason, endpoint visibility must be complete and continuous.
The latest ISMG Security Report focuses on the significant changes found in the latest version of the U.S. government's Framework for Improving Critical Infrastructure Cybersecurity, commonly known as the NIST cybersecurity framework. NIST seeks comments from stakeholders on the draft of version 1.1 of the framework...
Organizations should take an "inside-out" approach to mitigating the insider threat, says Brandon Swafford of Forcepoint, who explains the components of that approach in an in-depth interview.
The adoption of "unconventional" security controls that are risk-driven can help organizations adapt to the changing cyber threat landscape, says Jim Routh, CISO at health insurer Aetna.
A group of Russian-speaking hackers over the past year-and-a-half has stolen nearly $10 million from banks, mostly in the United States, Britain and Russia, the Moscow-based, according to cybersecurity firm Group-IB.
U.S. healthcare entities need to keep security top of mind if they use offshore services to handle protected health information, security experts say, pointing to specific steps to take.
Cybercriminals continue to rely on individuals who undertake the risky operation of moving illicit proceeds from one location to another. But these "money mules" face a multitude of risks, including imprisonment, police warn.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.