Because cyberattackers are now using memory-resident malware that leave no trace on the disk, forensics experts using traditional methods will face a challenge, says Christopher Novak, director of Verizon's global investigative response unit.
Cyber espionage groups are using unconventional channels to hack target organizations, according to Mandiant' s latest research. Trusted service provider relationships are being exploited to compromise organizations in government and defense, says Rob van der Ende, Mandiant's vice president for Asia Pacific and Japan.
Unprecedented hack attacks knocked three Ukrainian power providers offline in late 2015, and now a potential repeat hack has surfaced. Security experts recommend all power operators globally hunt carefully for related signs of attack.
Vulnerable firmware has been highlighted again in a range of low-cost Android phones, raising concerns over their security. This latest incident comes 11 months after security analysts first raised flags.
Verizon is reportedly awaiting the full results of a digital forensic investigation into the record-setting Yahoo data breach to ascertain whether it will revise its $4.8 billion bid to buy the search firm. Did the breach have a "material impact" on Yahoo's business? That's the question.
SWIFT screwed up. That's the takeaway from a new report into the Brussels-based cooperative, which alleges that the organization overlooked serious concerns relating to smaller banks' security and the risks they posed to the health of its entire network.
An unparalleled mystery has piqued the security community's curiosity. A group calling itself the "Shadow Brokers" claims to have stolen code and exploits from the Equation Group, a nation-state spying group suspected to be affiliated with the NSA.
CISOs face the continuing challenge of how to clearly communicate information security risk to the board and senior management. But now they can take advantage of a free metrics framework designed to help evaluate an organization's cybersecurity readiness. Phil Cracknell of ClubCISO describes the effort.
While enterprises rebuild or upgrade their security programs, they must guard against over emphasizing technology investments while neglecting staffing issues, says Ben Johnson, chief security strategist at Carbon Black.
There's often a dangerous trade-off made between convenience and security. That's illustrated no better than by a recent issue patched by Microsoft. It's an attack so devilishly smooth that it's a wonder hackers had not figured it out before.
The release this week by the PCI Security Standards Council of a new PCI compliance resource for small merchants is being lauded by the banking and payments community. But how effective will the resource be at actually convincing merchants to move forward with PCI compliance?
Interbank messaging service SWIFT will begin collecting and sharing anonymized attack information and offering incident-response services - backed by Fox-IT and BAE Systems - to help hacked banks. But will financial institutions buy in?
As many as 250,000 credentials for Remote Desktop Protocol servers around the world may have been offered for sale on the now-shuttered xDedic cybercrime marketplace. So what can organizations do to mitigate related risks and avoid a major network intrusion?
While PCI compliance is a priority for many U.S. retailers, some major companies in Australia say they'd rather forego the cost of compliance and risk the possibility of steep fines if a card breach occurs.
The section chief of the FBI's Cyber Division says "the FBI does not condone payment of ransom," in part because it enables criminals to victimize others. Instead, the bureau continues to urge all potential victims to get their IT house in order.