Latest

►

Cybersecurity

Business-Driven Security: Protect What Matters Most

Tom Field  •  July 26, 2017

By 2020, organizations will be spending $100 billion annually on cybersecurity products and services. But are they securing the assets that matter most to their enterprises? RSA's Peter Beardmore discusses the emerging concept of business-driven security.

Anti-Malware

Mac 'Fruitfly' Infections More Numerous Than Believed

Jeremy Kirk  •  July 26, 2017

It has been a fairly slow year for Mac malware. But a former NSA researcher has dug into the first Mac malware sample that was detected earlier this year - dubbed "Fruitfly" - and found at least 400 computers, and possibly more, infected with a variant of the malware.

Cybersecurity

Would Talking to Russians About Cyber Reward Bad Behavior?

Eric Chabrow  •  July 25, 2017

In an in-depth interview, two security experts go head-to-head over the appropriateness of the White House engaging the Kremlin on cybersecurity matters in light of Russia's hacking of the 2016 U.S. presidential election.

Anti-Malware

20 Hot Sessions: Black Hat 2017

Mathew J. Schwartz  •  July 25, 2017

Security comes to Las Vegas this week in the form of Black Hat USA 2017. Hot sessions range from an analysis of power grid malware and "cyber fear as a service" to details of two major hacker takedowns and how the world's two largest ransomware families cash out their attacks.

Business Continuity/Disaster Recovery

Nuance the Latest NotPetya Victim to Report Financial Impact

Marianne Kolbasuk McGee  •  July 21, 2017

Medical transcription software vendor Nuance is the latest company to acknowledge that it's still struggling to recover from the recent global NotPetya ransomware attacks and will see a dip in its financial performance as a result.

►

Endpoint Security

IoT in the Enterprise: The Next Big Thing

Tom Field  •  July 20, 2017

Millions of connected devices already have been potentially compromised - inside and outside of the enterprise. Phil Marshall of Tolaga Research is concerned about when and how attackers will take advantage of these in the next big IoT strike.

Fraud

Russian Citadel Malware Developer Gets 5-Year Sentence

Mathew J. Schwartz  •  July 20, 2017

Russian citizen Mark Vartanyan, aka "Kolypto," has been sentenced to serve five years in U.S. prison after he pleaded guilty to helping develop and distribute the notorious banking Trojan called Citadel.

Data Breach

Ricoh Australia Scrambles to Fix Document Leak

Jeremy Kirk  •  July 20, 2017

Ricoh's Australia office has notified banks, government agencies, universities and many large businesses about a curious data breach that, in some cases, exposed login credentials for its multifunction devices.

Data Loss

Hole in the Cloud Service Bucket: Dow Jones Data Exposed

Mathew J. Schwartz  •  July 19, 2017

Dow Jones is blaming user error for an Amazon Web Services S3 bucket misconfiguration that exposed data on about 2.2 million customers. In recent months, Verizon, WWE, Scottrade and a data analytics firm aligned with the Republican Party have been similarly caught out.

Endpoint Security

IoT Security Cameras Have a Major Security Flaw

Jeremy Kirk  •  July 19, 2017

An investigation into a single IP security camera has unfolded into yet another worrying finding in the land of the internet of things. Millions of IoT devices may have a remotely executable buffer overflow in an open-source code component, according to cybersecurity company Senrio.

Ransomware

UK Beefs Up Hospital Cybersecurity Funding

Marianne Kolbasuk McGee  •  July 19, 2017

While the U.K. is beefing up funding for hospital cybersecurity, in the U.S., some Congressional leaders are pushing for moves that could have the unintended consequence of sapping security investments by some healthcare providers.

Breach Preparedness

Report: Major Cloud Services Attack Could Cost $53 Billion

Jeremy Kirk  •  July 18, 2017

What trait does a global cyberattack and a hurricane share? Both could cost insurers - and victims - dearly. In a new report, Lloyd's of London estimates that a major cloud services attack could trigger $53 billion in losses and cleanup costs.