Herbert Lin, left, and Paul Rosenzweig (Photos: Stanford University, Heritage Foundation)

Would Talking to Russians About Cyber Reward Bad Behavior?

Eric Chabrow • July 25, 2017

In an in-depth interview, two security experts go head-to-head over the appropriateness of the White House engaging the Kremlin on cybersecurity matters in light of Russia's hacking of the 2016 U.S. presidential election.

Anti-Malware

FedEx Warns NotPetya Will 'Negatively Affect' Profits

Latest

Anti-Malware

Mac 'Fruitfly' Infections More Numerous Than Believed

Jeremy Kirk • July 26, 2017

It has been a fairly slow year for Mac malware. But a former NSA researcher has dug into the first Mac malware sample that was detected earlier this year - dubbed "Fruitfly" - and found at least 400 computers, and possibly more, infected with a variant of the malware.

Anti-Malware

Chinese Police Arrest 11 Over Fireball Adware

Mathew J. Schwartz • July 26, 2017

Police in Beijing have arrested 11 employees of a Chinese digital marketing agency on charges that they developed and distributed Fireball, malicious adware with 250 million global installations worldwide that reportedly generated $12 million, at least some of it via click fraud.

Breach Notification

Sweden Grapples with Sensitive Data Leak Scandal

Jeremy Kirk • July 24, 2017

Sweden is grappling with the fallout from a data breach that occurred two years ago and the scope of which has only recently trickled out. It resulted in the prosecution of the former head of the Transport Agency and deep questions over an outsourcing arrangement with IBM.

Business Continuity/Disaster Recovery

Nuance the Latest NotPetya Victim to Report Financial Impact

Marianne Kolbasuk McGee • July 21, 2017

Medical transcription software vendor Nuance is the latest company to acknowledge that it's still struggling to recover from the recent global NotPetya ransomware attacks and will see a dip in its financial performance as a result.

Vendor Management

Getting Value From Managed Security Services Providers

Jeremy Kirk • July 21, 2017

Organizations rely on a variety of outside firms to deliver security services. But how can they get the most value? Catherine Buhler, CISO of BlueScope Steel, shares how she challenges managed security services providers.

Cybersecurity

Police Seize World's Two Largest Darknet Marketplaces

Mathew J. Schwartz • July 20, 2017

The FBI and Europol announced that they've jointly shuttered the world's two biggest darknet marketplaces, AlphaBay and Hansa, which were responsible for more than 10 times the volume of sales as the notorious Silk Road marketplace.

Endpoint Security

IoT in the Enterprise: The Next Big Thing

Tom Field • July 20, 2017

Millions of connected devices already have been potentially compromised - inside and outside of the enterprise. Phil Marshall of Tolaga Research is concerned about when and how attackers will take advantage of these in the next big IoT strike.

Cybersecurity

FBI Blames Iranian Hackers for Stealing US Missile Tech

Mathew J. Schwartz • July 20, 2017

Two Iranian nationals remain at large after being charged by the U.S. Department of Justice with hacking into a Vermont-based engineering firm and stealing software used to develop projectiles, ranging from bullets to GPS-guided artillery shells and missiles.

Data Breach

Ricoh Australia Scrambles to Fix Document Leak

Jeremy Kirk • July 20, 2017

Ricoh's Australia office has notified banks, government agencies, universities and many large businesses about a curious data breach that, in some cases, exposed login credentials for its multifunction devices.

Endpoint Security

IoT Security Cameras Have a Major Security Flaw

Jeremy Kirk • July 19, 2017

An investigation into a single IP security camera has unfolded into yet another worrying finding in the land of the internet of things. Millions of IoT devices may have a remotely executable buffer overflow in an open-source code component, according to cybersecurity company Senrio.

Cybersecurity

State Department Official Who Backs Russian Cyber Engagement Leaving

Eric Chabrow • July 19, 2017

Christopher Painter, who has advocated for diplomatic engagement with cyber friends and foes alike, is leaving his post as coordinator of cyber issues at the State Department, a job he has held since early 2011.

Breach Preparedness

Report: Major Cloud Services Attack Could Cost $53 Billion

Jeremy Kirk • July 18, 2017

What trait does a global cyberattack and a hurricane share? Both could cost insurers - and victims - dearly. In a new report, Lloyd's of London estimates that a major cloud services attack could trigger $53 billion in losses and cleanup costs.