A hacker exploited an unpatched, 12-month-old flaw in a small Australian defense contractor's IT help desk and stole data for the country's F-35 Joint Strike Fighter program, among other secrets, the Australian government has warned.
North Korea's leaders apparently blew a gasket over "The Interview," a comedy film that centered on an assassination plot against North Korea's leader. So how might the country have reacted to U.S.-South Korean "decapitation strike" plans reportedly stole last year by Pyongyang-affiliated hackers?
Credit-reporting agency Equifax now says records exposed in the massive data breach it revealed last month included information relating to 15.2 million U.K. residents - a much higher figure than the business first suggested.
It is said that "Data is the new oil." If that's the case, then organizations need to do a far better job inventorying and securing their wells, says Laurence Pitt of Juniper Networks. He offers insights on leveraging and securing data.
The Dark Overlord, a hacking group that hijacks data from businesses and holds it for ransom, is now threatening school districts. The apparent intent isn't to get ransoms from schools per se, but to create a fear campaign designed to scare big businesses into paying the group's ransoms.
An analysis on finding a replacement for Social Security numbers as an identifier for individuals leads the latest edition of the ISMG Security Report. Also, assessing Kaspersky Lab's responsibility for the hack of an NSA contractor's computer.
New York state's Department of Financial Services is enforcing minimum cybersecurity standards by which all banks and other financial services firms that it regulates must abide. Think of the new regulation "as a playbook or a guidepost," says cybersecurity attorney Paul Ferrillo.
Malware-wielding attackers reportedly hacked into a Taiwanese bank last week and transferred nearly $60 million via fraudulent SWIFT money-moving messages to accounts in Cambodia, Sri Lanka and the United States. Authorities say most of the stolen funds have been recovered.
The commenting platform Disqus is resetting passwords after discovering that its database was breached in 2012. The breach is one of several older breaches that have only now come to light, thanks to the stolen data having surfaced. But how many older breaches have yet to be discovered?
Criminals in Mexico have added endoscopes to their ATM-attack toolkits, warns cash-machine manufacturer NCR. Pairing endoscopes with "black box" attacks can enable criminals to defeat sensors and instruct an ATM to dispense all of its cash.
If an NSA analyst took malware home and it was stolen from his home PC by a foreign intelligence agency, who are you going to blame? As the U.S. government's campaign against Kaspersky Lab intensifies, here are 10 facts, clarifications and likelihoods to keep in mind.
Hackers working for Russia gained access to the home computer of an NSA employee in 2015, pilfering highly classified material and spying code. U.S. officials claim Kaspersky Lab's software helped the hackers, but numerous questions remain unanswered. We round up the issues in play.
Leading the latest edition of the ISMG Security Report: A deep dive into how continuously monitoring user behavior could replace passwords as a means of authentication. Also, U.S. federal agencies continue to fall short on IT security.
CISOs need to anticipate the important questions their CEO is likely to ask as mega-breaches make headlines and data security is in the spotlight. Here, security leaders offer insights on how to answer eight tough questions.
Equifax ex-CEO Richard Smith asserts that a single employee's failure to heed a security alert led to the company failing to install a patch on a critical system, which was subsequently exploited by hackers. But his claim calls into question whether poor patch practices and management failures were the norm.