Intel faces 32 lawsuits filed over the trio of flaws in its CPUs known as Meltdown and Spectre, seeking damages for the security vulnerabilities as well as alleged insider trading. The flaws have also been cited in lawsuits against chipmakers AMD and ARM, as well as against Apple.
Microsoft has been working to reduce the ability of attackers who use the PowerShell scripting language to "live off the land" in enterprise networks, in part via machine learning. But IT administrators should also have these three essential malicious PowerShell script defenses in place.
A U.S. grand jury has taken the extraordinary step of indicting 13 Russian nationals and three Russian companies for allegedly interfering with the U.S. political system, including the 2016 presidential election, in what the Justice Department portrays as "information warfare against the United States."
After a year of brainstorming on blockchain technology, Microsoft says it will add support in its Authenticator app for a decentralized identity system that's designed to put users in control of their personal information.
Criminals in Europe are annually laundering at least $4 billion - and growing - via cryptocurrencies, warns Europol. The agency is calling on regulators and legislators to regulate cryptocurrencies to help battle money laundering and protect consumers.
Attackers recently snuck cryptomining code onto thousands of websites by inserting it into a third-party accessibility plug-in called Browsealoud. Web specifications designed to guard against these types of rogue actions by third-party code libraries already exist. Why aren't more sites using them?
The top U.S. intelligence official has warned Congress that Russia will attempt to meddle in the this year's U.S. midterm elections, a repeat of the country's alleged 2016 U.S. presidential election interference.
Australia is the latest country to roll out real-time payments, where funds from an account at one bank reach an account at another bank in seconds. While convenient, the system poses fresh fraud challenges and consumer protection concerns.
Hackers crashed the Winter Olympics, apparently by using destructive malware dubbed "Olympic Destroyer." The attack resulted in the Pyeonchang 2018 website being offline for 12 hours and WiFi unavailable during the opening ceremony, but organizers say no competitions were disrupted.
Equifax says that its digital forensic investigators have found that while its tally of 145.5 million U.S. breach victims hasn't changed, more of them had their email addresses, tax identification numbers and driver's license information exfiltrated.
More than 4,200 websites, some belonging to the U.S., U.K. and Australian governments, have been turning their visitors' computers into mining machines to harvest the virtual currency Monero. The security lapse continues the recent trend of cryptocurrency mining malware overtaking ransomware.
The Twitter accounts of several celebrities and politicians in India were recently hacked. Cybersecurity leaders discuss the challenges and risk mitigation strategies in dealing with social media attacks.
The U.S. Department of Justice, in one of its biggest-ever cybercrime disruptions, shuttered the Infraud Organization, an online forum prosecutors tied to $530 million in losses. Thirteen suspects - in Australia, France, Italy, Kosovo, Serbia, the U.K. and the U.S. - have been arrested.
Uber CISO John Flynn tells a U.S. Senate subcommittee that the company should have told the public sooner about its 2016 data breach. He says the company's attempt to position its $100,000 payoff to hackers as a bug bounty was not appropriate.
A hacking team dubbed "Group 123" with apparent ties to the government of North Korea has been exploiting a zero-day vulnerability in the Flash browser plug-in, likely to hack high-value targets. Adobe has released an emergency Flash update with security fixes. Or organizations could simply stop using Flash.