Russian attack group Turla has been named and shamed for hijacking Iranian nation-state attackers' infrastructure. The aim of GCHQ and NSA's attribution is, in part, to make Turla's future cyber espionage efforts more costly and time-consuming.
Big data analytics and search tools give organizations the ability to analyze information faster than ever before. But too many organizations deactivate security controls built into Elasticsearch, Amazon S3 buckets and MongoDB when they deploy, leaving their data exposed, says Elastic's James Spiteri.
Agile environments benefit from development platforms and open-source software, but that also raises the risks of attacks seeded in those supply chains, says Chet Wisniewski of Sophos, who describes steps that organizations can take to mitigate the risks.
Now that the deadline for all e-commerce card-based transactions in the EU to comply with the new PSD2 "strong customer authentication" requirement has officially been extended to Dec. 31, 2020, authorities are emphasizing the need to make a smooth, uniform migration to the new forms of authentication.
Zappos is close to settling a long-running class action lawsuit filed by consumers over a 2012 data breach. The online shoe and clothing retailer's proposed compensation would be a 10 percent discount on a future online purchase. A federal judge has granted preliminary approval to the deal.
Sodinokibi/REvil appears to be making millions since it seized the ransomware-as-a-service mantle from GandCrab earlier this year. Security firm McAfee says up to 40 percent of every victim's ransom payment - average: $4,000 - gets remitted to the Sodinokibi actor, with "affiliates" keeping the rest.
While the Russian-linked hacking group known as The Dukes, Cozy Bear and APT29 in recent years appeared to have gone somewhat quiet, researchers from ESET report that the hackers have been targeting various European embassies and ministries as part of what the security firm dubs "Operation Ghost."
Scammers are using the notorious Phorpiex botnet as part of an ongoing "sextortion" scheme, according to Check Point researchers. At one point, the botnet was sending out over 30,000 spam emails an hour and the attackers made about $110,000 in five months, researchers say.
Organizations are accepting that the network perimeter no longer serves as the "ultimate defense" and thus adapting zero-trust principles, including least privilege, based on the understanding that they may already have been compromised, says Darran Rolls of SailPoint.
Robotic process automation aims to use machine learning to create bots that automate high-volume, repeatable tasks. But as organizations tap RPA, they must ensure they take steps to maintain data security, says Deloitte's Ashish Sharma.
Private-equity firm Thoma Bravo, which already has stakes in several cybersecurity companies, plans to buy U.K.-based security company Sophos in a $3.9 billion deal, the two companies announced Monday. The Sophos board will "unanimously recommend" the sale to shareholders, the company says.
Cybersecurity vendor Imperva's breach post-mortem should serve as a warning to all those using cloud services: One mistake can turn into a calamity. The company accidently left an AWS API key exposed to the internet; the key was then stolen and used to steal a sensitive customer database.
Personalized product retailer CafePress has been hit with a lawsuit alleging that it failed to notify 23 million customers about a data breach in a timely manner or follow security best practices. The company was allegedly still using outdated SHA-1 to hash passwords, which can be easily cracked.