Advanced attacks are out, while persistent, relatively simple attacks are in. Despite all of the APT hype in recent years, cybercriminals, and especially nation-state attackers, prefer to keep things simple. Information security experts explain why.
Spear phishing, well-crafted socially engineered wire-transfer schemes and mobile-app overlay attacks will continue to escalate, which is why anti-phishing education is becoming increasingly critical, Dave Jevans of the Anti-Phishing Working Group says in this video interview.
Webroot has just released its 2016 edition of its annual threat brief. In an exclusive interview, Michael Malloy, executive vice president of products and strategy, discusses the report and how its key findings will likely play out in the year ahead.
It has become accepted in many security corners that "breach is inevitable." But Rohyt Belani, CEO of PhishMe, rejects that notion. In this video, learn how he believes organizations should be arming their employees to help fight back against attackers.
It's springtime in San Francisco: cue the annual RSA Conference. Here are some notable trends that have already emerged from the event, ranging from ransomware and phishing attacks to hacker self-promotion and Facebook fakery.
Kevin Haley, a researcher at Symantec, says the moneymakers behind Dridex are successfully infecting thousands of users worldwide on a monthly basis, purely through spam - making Dridex the most dangerous banking Trojan on the market today.
Here's more evidence of how a data breach can have a major financial impact. The bill for U.K. telecom giant TalkTalk's October 2015 data breach could be as much as $94 million, and the incident resulted in the loss of 95,000 customers.
Who is responsible for fraud losses resulting from business email compromise? Texas-based AFGlobal Corp. is suing its insurance firm to settle this question. Experts weigh in on the lawsuit and why cyber insurance rarely covers losses from these scams.
Sophisticated phishing campaigns, increasingly targeted because of social media, are fueling business email compromises - a growing wire fraud scheme that is attacking businesses worldwide, says Jim Hansen of PhishMe.
The Ukrainian energy sector is being targeted by fresh phishing attacks, the country's computer emergency response team warns. But it's not clear who's behind those campaigns, or a recent malware infection at Kiev's main airport.
The latest strain of Android malware called SlemBunk tries to trick mobile banking application users into sharing their banking, social network and other credentials, as security experts see the number of mobile malware attacks continuing to increase.
Attorneys general in nine states say card issuers should move to chip-and-PIN, rather than chip-and-signature, as they roll out EMV. But are other issues, such as wider use of encryption and tokenization, more worthy of attention?
As the unfolding investigation into the Paris attacks shows, just sharing threat-related data - without adding the crucial context that turns it into actionable intelligence - won't help organizations block attacks.
The massive cyberattacks that struck Chase and other leading U.S. financial services firms illustrate just how vulnerable larger institutions can be to cyber-attacks. They also show why organizations must encrypt customer data, says security and forensics expert Chuck Easttom.