Is it ever acceptable for ransomware victims to pay a ransom to obtain the decryption key required to restore access to their data? Due to poor preparation, many organizations continue to face that question.
Security experts are once again warning all Flash users to either update or uninstall the browser plug-in software to protect themselves against active exploit kit attacks that are targeting a zero-day Flash flaw to install ransomware.
The continuing success of attackers stealing billions of dollars from organizations, often through simple business email compromise scams, is a sad commentary on the state of corporate security practices as well as our collective lack of cybersecurity smarts.
A court has approved settlement of a class-action lawsuit filed by employees of Sony Pictures in the wake of its massive 2014 breach. But some legal experts say the consumer protections provided in the settlement do not go much beyond what the company should have routinely provided to victims in the wake of a breach.
Luxury hotel chain Trump Hotels is investigating a possible breach that some security sources say targeted the chain's point-of-service system. If confirmed, it will be the second card breach suffered by the chain in less than a year.
The massive "Panama Papers" data leak apparently was enabled by a law firm failing to have the right information security defenses in place. The breach calls attention to the need for all organizations to encrypt sensitive data, use access controls as well as monitor access patterns for signs of data exfiltration.
Security experts worldwide are sorting through the implications of the so-called "Panama Papers" leak, involving 11.5 million records. The documents highlight an elaborate web of offshore holdings that everyone from heads of state to celebrities and fraudsters have allegedly used to hide billions of dollars.
A new coalition of leaders from government, industry and privacy advocacy groups hopes to help provide a framework for reaching a consensus on how to use IT to ensure society's security while protecting individuals' privacy, says Art Coviello, an organizer of the new Digital Equilibrium Project.
A new report, Threat Horizons 2018, from the Information Security Forum paints a fairly pessimistic picture of enterprises' ability to protect their IT from cybercriminals over the next two years. In an interview, ISF's Steve Durbin discusses what organizations can do to mitigate cyberthreats.
Verizon Enterprise Solutions, which regularly assists clients in responding to their data breaches, admits it's suffered its own breach. The breach of contact information reportedly affected 1.5 million business customers, who now face greater risk of phishing attacks.
Despite the recent move to put the FBI-obtained court order against Apple on hold, the crypto debate is far from over, said a panel of law enforcement, legal and industry experts at Information Security Media Group's Fraud and Breach Prevention Summit in San Francisco.
Neither the FBI nor Apple looks good in the days following the postponement of a hearing on whether Apple should be forced to help the bureau crack open the iPhone of one of the San Bernardino shooters. The FBI's credibility is being questioned as Apple's security technology is being tarnished.
Attackers have targeted an unknown number of Russia's 700 banks with bogus security-alert emails. The combination of official-looking infrastructure and digitally signed malware recalls the Anthem attack, among other campaigns.
A new report suggests that a Chinese cyber espionage APT attack group is behind a string of targeted ransomware infections that have slammed U.S. firms. Dig into the details, however, and the report is nothing but speculation, two security experts caution.
Advanced attacks are out, while persistent, relatively simple attacks are in. Despite all of the APT hype in recent years, cybercriminals, and especially nation-state attackers, prefer to keep things simple. Information security experts explain why.