Mexican officials are investigating a series of technical glitches that may have been a prelude to a large cyberattack affecting at least five banks, according to news reports. While the full scope of the incidents remains unclear, up to $20 million may have been stolen.
If operational technology systems need to get connected to IT systems, it's essential to have tight controls on the network, says Lam Kwok Yan, professor of computer science and engineering at Nanyang Technological University in Singapore.
Businesses across the UK and Europe spend billions each year on identity and access management, but almost all of this money is spent on protecting the digital identities of humans - usernames and passwords.
On the other hand, businesses spend almost nothing on protecting machine identities, even though our entire...
The definition of "machine" is undergoing radical change. The number and type of physical devices on enterprise networks has been rising rapidly throughout Europe and the UK, but this is outstripped by the number of applications and services they host.
At the same time, cloud adoption has spawned a tidal wave of...
Even though SSH keys are the credentials that provide the most privileged access in an organisation (including root-level privileges), they are routinely untracked, unmanaged and unmonitored. This guide provides four steps to protect and take control of your SSH keys to minimise your risk of intrusion.
A recently published survey of more than 400 security professionals in the UK, Germany and the US measured how well their organizations implemented security controls for SSH keys. The results show that most organizations are underprepared to protect against SSH-based attacks, with fewer than half following industry...
You know that your organisation is using SSH to safeguard privileged access, but you may not realize that your SSH keys could be vulnerable to insider and cyber threats.
The majority of those we surveyed didn't. Results from a recent study show that most organisations don't have the SSH visibility or security...
A remote code execution vulnerability revealed in late March in the Drupal content management system is now being used on a large scale for mining the virtual currency monero, a researcher says. At least 400 websites have been infected, and the total number is likely far higher, security experts warn.
Businesses spend billions each year on identity and access management, but almost all of this money is spent on protecting the digital identities of humans - usernames and passwords.
On the other hand, businesses spend almost nothing on protecting machine identities, even though our entire digital economy hinges...
Security vendor ProtectWise says a series of operating mistakes has allowed it to gain insight into a group, believed to be affiliated with Chinese intelligence, that specializes in stealing code-signing certificates. The certificates allow for the signing of malware that's unlikely to raise security alarms.
A dozen medication and supply management products from Becton Dickinson and Co. are vulnerable to flaws identified last year in the WPA2 protocol, putting the products at risk for so-called KRACK attacks, according to a federal alert. Such attacks can potentially lead to malware infections.
Industrial control system environments are tough to hack, because each is unique, says Sergio Caltagirone of Dragos. But the recent emergency of Triton malware shows that attackers have been testing how to compromise some environments, which could have catastrophic results.
What are the top cybersecurity threats and trends on security experts' radar? McAfee's Raj Samani and Steve Povolny discuss Olympic Destroyer malware, cryptocurrency mining, the Cambridge Analytica and Facebook scandal and more.
The Thai government has seized servers used to run the so-called GhostSecret cyber espionage campaign that targets organizations in the finance, healthcare and critical infrastructure sectors - and beyond. McAfee suspects the attacks are being launched by "Hidden Cobra" - a hacking group tied to North Korea.
Are you a fraudster craving an easy way to generate Microsoft Office documents with embedded malicious macros designed to serve as droppers that install banking Trojans onto a victim's PC? Say hello to a toolkit that debuted in February called Rubella Macro Builder.