Bad news: A developer has released the source code for Mirai malware, which is designed to automatically find and hack internet of things devices, turning them into DDoS cannons. The malware has been tied to recent record-smashing DDoS attacks.
If Russia is, indeed, meddling with the U.S. election, there's an obvious explanation: It's irritated by U.S. policy. But if Russia's frustration is being expressed through cyberattacks, how can the U.S. respond?
Tens of thousands of Cisco Adaptive Security Appliance devices remain vulnerable to a zero-day exploit released last month as part of the Equation Group toolset dump by Shadow Brokers, according to scans conducted by security firm Rapid7.
Web portal Rambler - likened by some to a Russian version of Yahoo - was reportedly hacked in 2012, resulting in the theft nearly 100 million user credentials. But the company disputes some aspects of the supposed breach.
An unparalleled mystery has piqued the security community's curiosity. A group calling itself the "Shadow Brokers" claims to have stolen code and exploits from the Equation Group, a nation-state spying group suspected to be affiliated with the NSA.
Obviously, ransomware attackers have no scruples. But the latest attacks go to even further extremes, channeling everything from Hitler to cats, as attackers hone their attempts to shake down Windows and Android users alike.
Imagine the security implications of a world in which millions of people have a physical impairment that leaves them internet-connected. Say hello to the promise - and peril - of internet-connected hearing aids, says Global Cyber Alliance's Phil Reitinger.
Scuffles between anti-virus software vendors have stepped up a notch, with startups and industry stalwarts slinging mud at each other. Cylance now says it plans to make its product available for tests used to benchmark security software.
The Petya ransomware gang says it released 3,500 crypto keys that it stole - along with source code - from rival Chimera ransomware developers. If the keys are legitimate, security firms say they can build decryption tools for Chimera victims.
At the Black Hat event in Las Vegas later this month, researchers plan to reveal vulnerabilities in hooking engines, a critical component of security software and other applications, including Microsoft Office.
A bipartisan group of lawmakers has introduced legislation to encourage agencies to use secure cloud computing services as an alternative to continued reliance on legacy systems, which some government officials and IT security practitioners say puts data at risk.
In the wake of the Hillary Clinton email controversy, organizations need to be more aware of the risks of unsanctioned "shadow IT" and take appropriate mitigation steps, says security expert Mac McMillan.
The release this week by the PCI Security Standards Council of a new PCI compliance resource for small merchants is being lauded by the banking and payments community. But how effective will the resource be at actually convincing merchants to move forward with PCI compliance?