Attackers recently snuck cryptomining code onto thousands of websites by inserting it into a third-party accessibility plug-in called Browsealoud. Web specifications designed to guard against these types of rogue actions by third-party code libraries already exist. Why aren't more sites using them?
The top U.S. intelligence official has warned Congress that Russia will attempt to meddle in the this year's U.S. midterm elections, a repeat of the country's alleged 2016 U.S. presidential election interference.
After two years of development in stealth mode, the Sheltered Harbor effort to get U.S. financial institutions to use a standard approach to account data backup is shifting into high gear, says Trey Maust, the new CEO of the initiative, which is backed by FS-ISAC.
After suffering one of the worst data breaches in history, in which 145.5 million U.S. consumers' personal details were stolen, credit bureau Equifax has hired Jamil Farshchi to serve as its new CISO. Farshchi joins from Home Depot, which hired him after suffering a massive data breach.
Following the online attack against the opening ceremonies of the Olympic Winter Games in South Korea, some pundits were quick to guess that Russia was involved. But some attribution experts call the rush to attribute any cyberattack premature or even "irresponsible."
Hackers crashed the Winter Olympics, apparently by using destructive malware dubbed "Olympic Destroyer." The attack resulted in the Pyeonchang 2018 website being offline for 12 hours and WiFi unavailable during the opening ceremony, but organizers say no competitions were disrupted.
Equifax says that its digital forensic investigators have found that while its tally of 145.5 million U.S. breach victims hasn't changed, more of them had their email addresses, tax identification numbers and driver's license information exfiltrated.
More than 4,200 websites, some belonging to the U.S., U.K. and Australian governments, have been turning their visitors' computers into mining machines to harvest the virtual currency Monero. The security lapse continues the recent trend of cryptocurrency mining malware overtaking ransomware.
Leading the latest edition of the ISMG Security Report: England's Court of Appeal rejects U.S. extradition request for suspected hacker Laurie Love. Also, what took Uber and Partners Health so long to come clean about their respective data breaches?
Illegal transactions on the internet have long been conducted in the cryptocurrency bitcoin. But underground vendors are accepting new kinds of virtual currency that may be safer to store and offer more privacy protections, according to a new study of 150 dark web markets and forums.
Google is prepping its Chrome browser to brand as "not secure" every site a user tries to visit that does not use HTTPS encryption by default. The move is meant to push more sites to use HTTPS to secure communications and help block eavesdropping and man-in-the-middle attacks.
Do healthcare entities face a growing risk of being hit with cryptocurrency mining attacks, which have become more common in other sectors? A Tennessee hospital may be the first victim in the sector, and some security experts predict many more such incidents.
Uber CISO John Flynn tells a U.S. Senate subcommittee that the company should have told the public sooner about its 2016 data breach. He says the company's attempt to position its $100,000 payoff to hackers as a bug bounty was not appropriate.
A malware incident at Partners HealthCare that was detected last spring but was only recently determined to have exposed patient data illustrates that confirming a data breach through a forensics investigation can be difficult and time-consuming.