Desktop of a test system infected by the latest Locky campaign. (Source: Brad Duncan)

Locky Ransomware Spam Infects via Microsoft Office

Mathew J. Schwartz • October 20, 2017

Spammers wielding Locky ransomware have a new trick up their sleeves: the ability to infect PCs via malicious Microsoft Word documents that use the Dynamic Data Exchange application-linking feature built into Windows to push ransomware onto victims' systems.

DDoS

Will Kaspersky Lab Survive the Russia Hacking Scandal?

Latest

Anti-Malware

Surveying 17 Anti-Virus Firms on Their Security Practices

Mathew J. Schwartz • October 21, 2017

The Kaspersky Lab saga raises questions about how vulnerable any anti-virus products and back-end cloud networks might be to hacking. Asked to describe exactly what security controls they offer, here's how 17 anti-virus answered - or have yet to answer.

Anti-Malware

Anti-Virus: Don't Stop Believing

Mathew J. Schwartz • October 21, 2017

Will all of the anonymously lobbed U.S. government allegations against Moscow-based security vendor Kaspersky Lab send anti-virus users running for the hills? Don't let it, one security expert says, noting that ditching AV would be a gift to cybercriminals and intelligence agencies alike.

Anti-Malware

DMARC: A Close Look at the Email Validation System

Eric Chabrow • October 20, 2017

An in-depth look at the DMARC anti-spoofing system - which the U.S. Department of Homeland Security this past week said it will require federal agencies to adopt - leads the latest edition of the ISMG Security Report. Also, continuous monitoring of the insider threat.

Anti-Fraud

IRS Chief Defends Taxpayer Data Protection Efforts

Eric Chabrow • October 18, 2017

The Internal Revenue Service is pushing back at critics who contend the tax agency isn't doing enough to secure its information technology. Commissioner John Koskinen cites headway in preventing criminals from gaining access to tax filers' personally identifiable information.

Authentication

DHS Imposes Email Security Measures on Federal Agencies

Eric Chabrow • October 17, 2017

A new directive from the U.S. Department of Homeland Security elevates federal agencies' email security to the DMARC standard that's widely adopted by commercial email providers, including Google, Yahoo and Microsoft.

Anti-Malware

Profiling DHS Secretary-Designate Kirstjen Nielsen

Eric Chabrow • October 17, 2017

A look at President Donald Trump's pick for the Department of Homeland Security secretary, Kirstjen Nielsen, leads the latest edition of the ISMG Security Report. Also featured: Equifax's and TransUnion's problem with dubious code.

Breach Response

A Conversation With the Cyber Gang 'The Dark Overlord'

Eric Chabrow • October 13, 2017

A discussion with ISMG Security and Technology Editor Jeremy Kirk about his chat with the cyber gang "The Dark Overlord," which threatened some U.S. school districts with extortion, leads the latest edition of the ISMG Security Report. Also, an update on surging IT security employment.

Breach Notification

Hacker Steals Joint Strike Fighter Plans in Australia

Mathew J. Schwartz • October 12, 2017

A hacker exploited an unpatched, 12-month-old flaw in a small Australian defense contractor's IT help desk and stole data for the country's F-35 Joint Strike Fighter program, among other secrets, the Australian government has warned.

Data Breach

Report: North Korean Hackers Stole War Plans

Mathew J. Schwartz • October 11, 2017

North Korea's leaders apparently blew a gasket over "The Interview," a comedy film that centered on an assassination plot against North Korea's leader. So how might the country have reacted to U.S.-South Korean "decapitation strike" plans reportedly stole last year by Pyongyang-affiliated hackers?

Breach Notification

Equifax: 15.2 Million UK Records Exposed

Jeremy Kirk • October 11, 2017

Credit-reporting agency Equifax now says records exposed in the massive data breach it revealed last month included information relating to 15.2 million U.K. residents - a much higher figure than the business first suggested.

CISO

US InfoSec Employment Surpasses 100,000

Eric Chabrow • October 11, 2017

The number of information security analysts employed in the United States has topped 100,000 for the first time, according to an Information Security Media Group analysis of U.S. Bureau of Labor Statistics data.

Compliance

How to Comply With New York's Cybersecurity Regulation

Mathew J. Schwartz • October 10, 2017

New York state's Department of Financial Services is enforcing minimum cybersecurity standards by which all banks and other financial services firms that it regulates must abide. Think of the new regulation "as a playbook or a guidepost," says cybersecurity attorney Paul Ferrillo.