Kaspersky Lab says it "inadvertently" scooped up classified U.S. documents and code from an NSA analyst's home computer, but suggests it wasn't the conduit by which the material ended up in Russian hands. It claims that the computer was riddled with malware.
A security service from McAfee designed to scan and block malicious links sent via email appears to have given a free pass to "Emotet" banking malware, a researcher warned. But McAfee contends that its ClickProtect service worked as intended.
Since last year, North Korean hackers have been targeting businesses in the financial services, aerospace and telecommunications sectors by exploiting a remote administration tool, or RAT, according to an alert issued Tuesday by the United States Computer Emergency Response Team.
A top DHS cybersecurity official says she has seen no conclusive evidence that Russian-owned Kaspersky Lab's security software had been exploited to breach federal information systems. Jeanette Manfra told a House panel most agencies have complied with a directive to stop using Kaspersky software.
The latest ISMG Security Reports leads with a top DHS cybersecurity leader, Jeanette Manfra, providing a case study on how information sharing helped mitigate the WannaCry attack in the U.S. Also, the SEC mulls toughening its cyber risk reporting requirements.
Rare, massive data breaches don't necessarily pose the greatest risk to organizations, according to a new study co-authored by Google researchers. Also beware of quiet pedestrian schemes - think phishing, keyloggers - and attack tactics unchanged since the mid-2000s.
A federal judge has dismissed a lawsuit filed against anti-malware software vendor Malwarebytes over its labeling of two applications as being harmful. Plaintiff Enigma Software says it plans to appeal the decision.
The ISMG Security Report leads with a discussion about the sale of compromised remote desktop protocol credentials for as little as $3 on darknet marketplaces. Also, grading the performance of DHS in sharing cyberthreat information.
A 21-year-old man appeared in British court this week to face 11 charges, including using DDoS attacks to disrupt sites run by Google, Pokemon and Skype, as well as money laundering and selling malware and "crypting services."
In May 2017, the Singapore Government cut direct access to the Internet from its internal systems. This is a policy that is already adopted by Korean banks, many U.S. and U.K. military establishments, as well as the Japanese government. This is to protect government-owned computer systems from potential cyber threats...
Cyber threats have become part of the new reality across industries and governments, and some organizations are responding to this growing threat by mandating internet separation - restricting internet access from corporate or government computers to protect against cyber threats. Fears around data loss compounded...
In a world where cyber threats have become the norm, organizations must equip themselves with solutions that prevent and isolate attacks. Today, many organizations are mandating Internet separation as a means of controlling these threats. While physical Internet separation or air gap networks is one possible approach,...
Following the WannaCry outbreak, the British government says it's increased cybersecurity funding for England's national health service. But in addition to funding shortfalls and poor cybersecurity practices, experts have also blamed management failures, in part by the U.K. government.
It's a score to find a severe software vulnerability in a widely used Google product. But finding information on all unpatched software flaws reported to Google is a whole new, frightening level. Here's how one researcher did it.