A confidential, leaked UN report warns that North Korea has funneled an estimated $2 billion - stolen via online bank and cryptocurrency exchange heists as well as generated via cryptocurrency mining - into its nuclear and missile-development programs.
Monzo, a U.K. mobile-only bank that plans to expand into the U.S., alerted about 480,000 customers to change their PINs this week after the company's security team found that a software bug meant some numbers were stored unencrypted in plaintext.
Microsoft warned on Monday that Russia-linked attackers are gaining access to corporate networks through poorly configured devices, such as office printers and VOIP phones. The remedy is paying more attention to deployed IoT devices, including establishing security policies and regular testing.
It's difficult to build a reliable security system based on artificial intelligence and machine learning, says Aleksandr Lazarenko of Group-IB, who offers insights on how to make the most of these technologies.
More lawsuits have been filed in the wake of the Capital One breach that exposed the data of more than 100 million individuals. GitHub is also a target of one of those lawsuits, which alleges the code-sharing site failed to promptly remove breached data.
A new strain of ransomware called MegaCortex is beginning to fill part of the void left by GandCrab and other variants that have been discontinued, targeting large corporations with huge ransom demands, according to a new analysis released Monday by Accenture's iDefense.
Capital One's enormous data breach is a subject of intense scrutiny as well as fear. A definitive post mortem is likely months away. But security professionals have ideas as to how the breach was achieved and the weaknesses that led to it.
The latest edition of the ISMG Security Report analyzes the root causes of the Capital One data breach. Also featured: breach remediation advice and compliance with New York's new third-party risk management requirements.
To leverage blockchain for identity management at the enterprise level, CISOs first need to form a governance structure, says Prasanna Lohar, head of innovation at DCB Bank, a private banking company in India, who describes all the necessary steps.
Through hundreds of millions of selfies, the small Russian company behind FaceApp has likely created one of the largest private troves of geometric and facial landmark data - on the scale of Google and Facebook. The viral app has turned into an intellectual property boon.
A newly discovered vulnerability in Visa's contactless payment cards could allow fraudsters to bypass payment limits of 30 British pounds ($37) at U.K. banks, according to researchers at Positive Technologies, who claim the vulnerability could be exploited in other countries as well.
The U.S. Department of Defense has purchased IT gear known to have significant cybersecurity vulnerabilities, according to a new inspector general audit, which also highlights concerns about the use of equipment manufactured in China.
A newly discovered mobile ransomware strain called Filecoder.C is targeting Android devices through malicious links in online forums and then spreading via contact lists through SMS messages that attempt to entice others to install an app, according to research by the security firm ESET.
In what's likely the first of many investigations, the New York attorney general's office announced late Tuesday that it's launching a Capital One probe following the disclosure that over 100 million U.S. residents had their personal data exposed in a breach. Meanwhile, class action lawsuits are looming.