Attackers recently snuck cryptomining code onto thousands of websites by inserting it into a third-party accessibility plug-in called Browsealoud. Web specifications designed to guard against these types of rogue actions by third-party code libraries already exist. Why aren't more sites using them?
The top U.S. intelligence official has warned Congress that Russia will attempt to meddle in the this year's U.S. midterm elections, a repeat of the country's alleged 2016 U.S. presidential election interference.
After suffering one of the worst data breaches in history, in which 145.5 million U.S. consumers' personal details were stolen, credit bureau Equifax has hired Jamil Farshchi to serve as its new CISO. Farshchi joins from Home Depot, which hired him after suffering a massive data breach.
Following the online attack against the opening ceremonies of the Olympic Winter Games in South Korea, some pundits were quick to guess that Russia was involved. But some attribution experts call the rush to attribute any cyberattack premature or even "irresponsible."
Hackers crashed the Winter Olympics, apparently by using destructive malware dubbed "Olympic Destroyer." The attack resulted in the Pyeonchang 2018 website being offline for 12 hours and WiFi unavailable during the opening ceremony, but organizers say no competitions were disrupted.
Equifax says that its digital forensic investigators have found that while its tally of 145.5 million U.S. breach victims hasn't changed, more of them had their email addresses, tax identification numbers and driver's license information exfiltrated.
More than 4,200 websites, some belonging to the U.S., U.K. and Australian governments, have been turning their visitors' computers into mining machines to harvest the virtual currency Monero. The security lapse continues the recent trend of cryptocurrency mining malware overtaking ransomware.
Singapore's new cybersecurity law passed earlier this week mandates that owners of critical information and infrastructure report cybersecurity incidents to the Cybersecurity Agency. Security experts discuss organizations' readiness to comply.
The Twitter accounts of several celebrities and politicians in India were recently hacked. Cybersecurity leaders discuss the challenges and risk mitigation strategies in dealing with social media attacks.
Leading the latest edition of the ISMG Security Report: England's Court of Appeal rejects U.S. extradition request for suspected hacker Laurie Love. Also, what took Uber and Partners Health so long to come clean about their respective data breaches?
Illegal transactions on the internet have long been conducted in the cryptocurrency bitcoin. But underground vendors are accepting new kinds of virtual currency that may be safer to store and offer more privacy protections, according to a new study of 150 dark web markets and forums.
Google is prepping its Chrome browser to brand as "not secure" every site a user tries to visit that does not use HTTPS encryption by default. The move is meant to push more sites to use HTTPS to secure communications and help block eavesdropping and man-in-the-middle attacks.
Uber CISO John Flynn tells a U.S. Senate subcommittee that the company should have told the public sooner about its 2016 data breach. He says the company's attempt to position its $100,000 payoff to hackers as a bug bounty was not appropriate.
Concerns are already being raised about a law passed by Singapore's parliament Monday that establishes an information sharing platform by appointing a commissioner of cybersecurity to obtain confidential information from owners of critical information infrastructure about their security postures.