After Reaper malware infects an IoT device, the device passes the infection on. (Source: Check Point)

The Next IoT Botnet Has Improved on Mirai

Jeremy Kirk • October 23, 2017

Security companies are warning that a global attack using compromised IoT devices may be coming soon. Check Point says one million organizations are running a device infected with IoTroop, also known as Reaper, which is botnet code that perhaps is related to Mirai but spreads in a much different way.

Anti-Malware

Equifax, TransUnion Websites Served Up Adware, Malware

Latest

Anti-Malware

Alert: Energy Sector Hacking Campaign Continues

Mathew J. Schwartz • October 23, 2017

The U.S. government has issued a rare technical alert, warning that attackers are continuing to compromise organizations across the energy sector, often by first hacking into less secure business partners and third-party suppliers.

Anti-Malware

Fancy Bear Invites DC Conference-Goers to Install Malware

Mathew J. Schwartz • October 23, 2017

Want to infect systems used by a large swath of cybersecurity professionals in one go? Then use a malicious decoy document to target potential attendees of a NATO and U.S. Army conference on "The Future of Cyber Conflict" being held in Washington.

Anti-Malware

Anti-Virus: Don't Stop Believing

Mathew J. Schwartz • October 21, 2017

Will all of the anonymously lobbed U.S. government allegations against Moscow-based security vendor Kaspersky Lab send anti-virus users running for the hills? Don't let it, one security expert says, noting that ditching AV would be a gift to cybercriminals and intelligence agencies alike.

Anti-Malware

DMARC: A Close Look at the Email Validation System

Eric Chabrow • October 20, 2017

An in-depth look at the DMARC anti-spoofing system - which the U.S. Department of Homeland Security this past week said it will require federal agencies to adopt - leads the latest edition of the ISMG Security Report. Also, continuous monitoring of the insider threat.

Anti-Fraud

IRS Chief Defends Taxpayer Data Protection Efforts

Eric Chabrow • October 18, 2017

The Internal Revenue Service is pushing back at critics who contend the tax agency isn't doing enough to secure its information technology. Commissioner John Koskinen cites headway in preventing criminals from gaining access to tax filers' personally identifiable information.

Authentication

DHS Imposes Email Security Measures on Federal Agencies

Eric Chabrow • October 17, 2017

A new directive from the U.S. Department of Homeland Security elevates federal agencies' email security to the DMARC standard that's widely adopted by commercial email providers, including Google, Yahoo and Microsoft.

Anti-Malware

Profiling DHS Secretary-Designate Kirstjen Nielsen

Eric Chabrow • October 17, 2017

A look at President Donald Trump's pick for the Department of Homeland Security secretary, Kirstjen Nielsen, leads the latest edition of the ISMG Security Report. Also featured: Equifax's and TransUnion's problem with dubious code.

Breach Notification

Hyatt Hotels Suffers International Payment Card Data Breach

Mathew J. Schwartz • October 13, 2017

For the second time in two years, Hyatt Hotels suffered a payment card data breach after attackers infected payment card processing systems with malware. The latest breach lasted for over three months and affected 41 Hyatt hotels across 11 countries.

Breach Response

A Conversation With the Cyber Gang 'The Dark Overlord'

Eric Chabrow • October 13, 2017

A discussion with ISMG Security and Technology Editor Jeremy Kirk about his chat with the cyber gang "The Dark Overlord," which threatened some U.S. school districts with extortion, leads the latest edition of the ISMG Security Report. Also, an update on surging IT security employment.

Breach Notification

Hacker Steals Joint Strike Fighter Plans in Australia

Mathew J. Schwartz • October 12, 2017

A hacker exploited an unpatched, 12-month-old flaw in a small Australian defense contractor's IT help desk and stole data for the country's F-35 Joint Strike Fighter program, among other secrets, the Australian government has warned.

Data Breach

Report: North Korean Hackers Stole War Plans

Mathew J. Schwartz • October 11, 2017

North Korea's leaders apparently blew a gasket over "The Interview," a comedy film that centered on an assassination plot against North Korea's leader. So how might the country have reacted to U.S.-South Korean "decapitation strike" plans reportedly stole last year by Pyongyang-affiliated hackers?

Breach Notification

Equifax: 15.2 Million UK Records Exposed

Jeremy Kirk • October 11, 2017

Credit-reporting agency Equifax now says records exposed in the massive data breach it revealed last month included information relating to 15.2 million U.K. residents - a much higher figure than the business first suggested.