A scareware campaign has been locking iOS devices with faux ransomware, demanding a payoff via virtual iTunes gift cards, security researchers warn. A fix for the exploited iOS flaw is included in a massive batch of product patches and updates released by Apple.
One of the world's biggest botnets, Necurs, is back. But instead of flinging banking Trojans and ransomware, this time it's spouting spam aimed at influencing the price of cheap stocks, say security researchers from Cisco's Talos group.
With ransomware attackers having already launched attack code with themes ranging from horror movies and Pokemon to Hitler to cats, it was only a matter of time before they decided to beam Star Trek's Kirk and Spock direct to would-be victims' PCs.
FireEye's Mandiant investigative unit is seeing a revival in tried-and-true hacking techniques, ranging from social engineering to the snatching of OAuth tokens. Why are these old techniques still working?
In this white paper, Fidelis Cybersecurity will outline key steps to take in the first 72 hours of detecting an alert, how to distinguish what type of incident you are facing and the key differences on how to respond. Based on our firsthand experience, we provide lessons learned from the front lines to explain why it...
The latest ISMG Security Report leads with a profile of Rob Joyce, the National Security Agency operative who is reportedly under consideration to be President Donald Trump's top cybersecurity adviser. Also, cybercriminal ties with Russian intelligence and the lifespan of zero-day vulnerabilities.
Little is known about Evgeniy M. Bogachev, the alleged hacker and Gameover Zeus botnet mastermind. There are clues, however, that he's been helping Russian intelligence agencies, according to a new report. If true, that wouldn't be a surprise.
WikiLeaks says it leaked the "Vault 7" CIA hacking arsenal in part to stoke a debate on cyber-weapon proliferation. Here's how information security experts are reacting to WikiLeaks' claims and potential agenda, as well as the dump and information vulnerability-exploit information it contains.
Apache Struts 2 users are being warned to upgrade immediately, after attackers began targeting a zero-day flaw in the widely used, open source Java EE platform. Some attacks deactivate firewalls on vulnerable Linux systems and install DDoS or BillGates malware, amongst other malicious code.
Security product testers have architectured their test suites to adhere to the technologies of the past 10 years. However, as endpoint security and the threat landscape continue to evolve, so must testing suites evolve as well. Advanced methodologies and a more robust testing criteria are essential to keep...
A look at the return of the Crypt0L0cker ransomware leads the latest edition of the ISMG Security Report. Also, assuring the security of medical devices; and U.S. federal prosecutors drop charges against a child porn suspect rather than reveal the hacking technique used to ensnare him.
When it comes to massive DDoS attacks powered by the likes of a Mirai botnet, "the sky is not falling," says ESET security researcher Cameron Camp. But organizations do need to prepare - and here's where to start.
Crypt0L0cker ransomware - originally tied to the Gameover Zeus gang - has returned, researchers warn, and in some cases is digitally signed to make it appear legitimate. Other attack campaigns are spreading Cerber and Sage Locker via spam emails sent via short-lived domain names.
"Next-generation" endpoint protection, or next-gen AV, has been getting a lot of press recently. But what does the term actually mean?
For IT security managers under pressure, the most important thing isn't the latest buzzword, but finding a solution which is effective in protecting their organization from an...
The notion of "next-gen" is now promoted by some providers of endpoint security software as a way to improve the efficacy of protecting endpoints from compromise, given the prominent role endpoints play in cybersecurity attacks, the ways in which mobility and cloud apps have expanded the attack surface area, and the...