As a digital forensics investigator, Vesta Matveeva of Russia's Group-IB has great insight into the latest cyberattack trends - and the attackers. What conclusions can we draw about how to bolster defenses in 2018?
MeitY has announced it will give preferential treatment to locally developed security solutions for use throughout the government at the center and state levels. Private sector security practitioners weigh in on whether it's practical for them to make a similar shift.
A hacker exploited an unpatched, 12-month-old flaw in a small Australian defense contractor's IT help desk and stole data for the country's F-35 Joint Strike Fighter program, among other secrets, the Australian government has warned.
Equifax ex-CEO Richard Smith asserts that a single employee's failure to heed a security alert led to the company failing to install a patch on a critical system, which was subsequently exploited by hackers. But his claim calls into question whether poor patch practices and management failures were the norm.
When Yahoo first disclosed a massive 2013 breach last year, it said 1 billion accounts appeared to have been compromised. But the search giant, now owned by Verizon, says "new intelligence" has revealed that the breach compromised every single Yahoo account, affecting 3 billion users in total.
After a breach, businesses need to know their incident response from their digital forensics. Hint: Forensics enables organizations to know what happened, when and how, to guide incident responders as they defuse the problem, block further exploits and quickly restore all systems and data. Incident response expert...
Gartner's Avivah Litan, a featured speaker at ISMG's Fraud and Breach Prevention Summit in New York on Aug. 8, says hacker attribution is taking on new importance, as traditional methods of determining attack risk and detection linked to indicators of compromise are no longer effective.
Organizations can take steps in advance to help ensure that forensic investigations into data breaches and cyberattacks are successful, says security expert John "Drew" Hamilton, a professor at Mississippi State University.
The cybersecurity epitaph of the fired FBI director could read: "He showed courage to take on Apple." Comey publicly battled Apple CEO Tim Cook over unlocking the iPhone of the San Bernardino shooter, becoming the face of the proponents who seek ways to bypass encryption on mobile devices.
Police are investigating an anonymous email threat against Indian IT company Wipro as a potential "act of terror." On May 5, the company received an anonymous email threatening a massive attack with the poison Ricin on all its offices in Bangalore if it didn't pay a bitcoin ransom.
Travel industry software giant Sabre has alerted hotels that its software-as-a-service SynXis Central Reservations system - used by more than 36,000 properties - was breached and payment card data and customers' personal details may have been stolen.
Businesses around the world are seeing an increase in malware attacks, including ransomware like CryptoLocker, Locky, and zCrypt. These attacks can result in weeks of downtime, and some of the most damaging data breaches originated with malware, including the Target breach in 2014.
A robust malware defense could...
Adam Mudd has been sentenced to a two-year prison term after he pleaded guilty to developing and selling "Titanium Stresser," an on-demand DDoS attack tool tied to over 1.7 million attacks worldwide. Separately, Britain's high court ruled that Lauri Love can fight a U.S. extradition request.
A man who allegedly used a smartphone with a Tor proxy and VPN client to hide his online activities has been arrested and charged with narcotics distribution after U.S. Postal Service employees spotted him mailing large numbers of envelopes while wearing latex gloves.
FireEye's Mandiant investigative unit is seeing a revival in tried-and-true hacking techniques, ranging from social engineering to the snatching of OAuth tokens. Why are these old techniques still working?