Malware is widely available in an "as-a-service" model on the cybercriminal underground to anyone with criminal intent and a bit of money, says John Shier, senior security adviser at Sophos, who explains exactly how the model works in this in-depth interview.
The BadRabbit ransomware attack appears to have been designed for smokescreen, disruption or extortion purposes, if not all of the above. So who's gunning for Ukraine and how many organizations will be caught in the crossfire?
If Eugene Kaspersky had attended Wednesday's House hearing on the risk his company's anti-virus software poses to the U.S. federal government, he would have faced an unfriendly reception. But Kaspersky wasn't invited, although the panel may "entertain" the possibility of inviting him to a future hearing, according to...
Anti-virus vendor Kaspersky Lab says that an internal probe has confirmed that in 2014 a PC running its anti-virus software flagged and submitted new Equation Group APT malware variants. But after an analyst realized the provenance of the source code, the firm says its CEO ordered that it be immediately deleted.
In a battle to save its reputation, Kaspersky Lab says it will allow independent inspections of its code, infrastructure and processes following U.S. government accusations that it colluded with Russian intelligence agencies. But will the move restore confidence?
DataBreachToday Executive Editor Mathew J. Schwartz's examination of the growing threats facing the critical energy sector leads the latest edition of the ISMG Security Report. Also in this report: A discussion of safeguarding the telehealth marketplace.
Is digital transformation an impending "disaster" - leaving more attack surfaces open to exploit and putting enterprises at further risk? Or is there a chance to rewrite how the security department operates? Former Burberry CISO John Meakin shares his views.
The U.S. government has issued a rare technical alert, warning that attackers are continuing to compromise organizations across the energy sector, often by first hacking into less secure business partners and third-party suppliers.
Want to infect systems used by a large swath of cybersecurity professionals in one go? Then use a malicious decoy document to target potential attendees of a NATO and U.S. Army conference on "The Future of Cyber Conflict" being held in Washington.
Will all of the anonymously lobbed U.S. government allegations against Moscow-based security vendor Kaspersky Lab send anti-virus users running for the hills? Don't let it, one security expert says, noting that ditching AV would be a gift to cybercriminals and intelligence agencies alike.
An in-depth look at the DMARC anti-spoofing system - which the U.S. Department of Homeland Security this past week said it will require federal agencies to adopt - leads the latest edition of the ISMG Security Report. Also, continuous monitoring of the insider threat.
The FBI is asking all U.S. victims of DDoS attacks to please come forward. The bureau's plea for more information from cyberattack victims parallels similar requests made this week by British authorities speaking at ISMG's Fraud and Breach Prevention Summit in London.
Researchers say they've identified faulty cryptographic code in microchips made since 2012 by Infineon Technologies, posing risks to government-issued smartcards, consumer laptops, authentication tokens and more.
Can U.S. law enforcement use a warrant to seize emails stored outside the U.S. by a cloud services provider? That's the question the Supreme Court has agreed to consider next year. Microsoft continues to fight an order to turn over emails stored in an Irish data center.
The RSA Conference returns to Abu Dhabi in November, and event organizers Linda Gray Martin and Britta Glade say this year's agenda is packed with new speakers and topics unique to this growing annual event.