U.S. CERT has issued a fresh warning about a newly discovered Trojan called Hoplight that is connected to a notorious APT group with links to North Korea. The malware has the ability to disguise the network traffic it sends back to its originators, making it more difficult to track its movements.
Two Romanian nationals have been convicted by a federal jury for their roles in stealing more than $4 million from victims by creating a botnet of more than 400,000 PCs through custom-designed malware called Bayrob.
The latest edition of the ISMG Security Report features an update on a congressional report that slams Equifax for lacking a strong cybersecurity culture. Also featured: A new study on the status of women in the cybersecurity industry and the use of Android phones as security keys.
WikiLeaks founder Julian Assange, who released hacked emails from Hillary Clinton's campaign and many other secret U.S. documents, was arrested in London Thursday, and now the U.S. is seeking his extradition.
A new type of malware, dubbed TajMahal, offers its users a host of espionage techniques, including the ability to steal documents sent to a printer queue and pilfer data from a CD, Kaspersky Lab reports. But researchers have only identified one victim so far.
FIN6, a cybercrime group that has focused on attacking point-of-sale devices to steal credit card numbers, now also is waging ransomware attacks that target businesses with either LockerGoga or Ryuk, according to a new analysis from security firm FireEye.
Security researcher Zammis Clark, who pleaded guilty to hacking Microsoft - with an accomplice - and later Nintendo, as well as stealing data and uploading malware to Microsoft's network, has received a suspended sentence.
Arrests made last week by European, U.S. and other law enforcement agencies appear to have led to the closure of the "Dream Market" dark web site, which, in turn, disrupted certain ransomware attacks, according to an analysis by incident response firm Coveware.
Malicious bot attacks now account for nearly one-third of all internet traffic, says Franklyn Jones of Cequence, who describes why conventional tools for fighting against these attacks are ineffective.
Microsoft is using its legal muscle to push back against an advanced persistent threat group that is says is "widely associated with Iranian hackers." Following court approval, it is taking control of 99 website domains allegedly used by the attackers as part of an ongoing spear-phishing campaign.
Distinguishing nation-state attacks from organized crime continues to grow more difficult because some attackers wear both hats, a Europol official reports. Further complicating the picture: Young attackers enjoy access to ever-more sophisticated and inexpensive tools and services.
The information security world has been beset by the emergence of multiple side-channel attacks, including Meltdown, Spectre and most recently Spoiler, that have proven difficult to fully fix, says Bill Conner, president and CEO of SonicWall.