The banking malware known as Carbanak continues to evolve, and cybercriminals are now using it to wage APT-style attacks against banks as well as companies in other sectors, according to security researchers at Kaspersky Lab.
Java users are being warned to only use newly released installers to avoid a nasty potential exploit. Meanwhile, a veteran bug hunter questions whether Oracle's move to ditch Java browser plug-ins will have a significant security upside.
The rise in RFID-based contactless payment cards has led to increased concerns that fraudsters could wirelessly crack cards' secret cryptographic keys. But a team of MIT researchers has debuted defenses against such hack attacks.
The trend across industries is that automation results in a drastic reduction of operational job roles, even as it brings in economies of efficiency. What then does automation in security mean for the profession?
"We never negotiate" might be the expectation whenever law enforcement or government agencies get targeted by criminals or even "cyberterrorists." But outside Hollywood, the reality too often turns out to be far less rigid.
Sometimes language barriers can be a good thing: Many malware-wielding cybercriminals have historically targeted users in North America and Europe over Japan, owing to linguistic challenges. But that's changing.
Law enforcement and intelligence agencies will have plenty of chances to snoop on criminals, terrorists and citizens even as communications vendors enable default encryption on mobile devices, a study from Harvard University says.
Mobility and IoT are acknowledged by security practitioners to be a whole different beast when it comes to management. MetricStream's French Caldwell says that GRC likewise needs to change its paradigm to accommodate this disruption.
Global restaurant chain Wendy's is investigating a suspected data breach following fraud patterns tied to credit and debit cards used at some of its locations. Two card issuers confirm that they've seen signs of related fraud in some U.S. regions.
Cybercriminals are in mourning after the shocking announcement from Oracle that it will deep-six its beloved Java Web browser plug-in technology, owing to browser makers failing to support "standards based" plug-ins.
Israel has reportedly foiled a "severe cyberattack" launched against the Israeli Electricity Authority. The malware attack doesn't appear to have resulted in any disruption to the country's power grid, but many government systems remain offline.
How many networking vendors - like Juniper - have been selling devices with backdoors attackers could use to intercept and decrypt communications? Some networking giants say they've launched code reviews. But why are eight vendors staying silent?
Networking giant Fortinet warns that more products than it initially suspected have a hardcoded password that attackers could abuse to remotely gain backdoor access to vulnerable devices. But why did the flaws take so long to be found?