Tom Kellermann, former cybersecurity adviser to the Obama administration, doesn't mince words when he describes the nation-state threat to the U.S. as the "axis of evil in cyberspace." Nor does he hold back about the threat from destructive attacks, 5G deployment and other trends to watch in 2020.
The gang behind Maze ransomware now lists 21 alleged victims on its website that it says have not paid a demanded ransom, including the Florida city of Pensacola. But Canadian construction firm Bird, which was listed as a victim, subsequently disappeared from the list.
Identity and Access Management is at the epicenter of many corporate security vulnerabilities. Markku Rossi of SSH Communications Security discusses how a "Just-in-Time" approach to credential management eliminates standing privileges.
The Wawa convenience store chain is investigating why malware planted on point-of-sale devices at nearly all of its over 850 locations throughout the East Coast went undetected for nearly eight months.
The National Institute of Standards and Technology has released three biometric datasets to help organizations research new types of secure digital identification systems and authentication processes. NIST also released a study on facial recognition technology that raises some concerns.
IoT devices are generating duplicate prime numbers while generating RSA keys, putting them at risk of a factoring attack, according to new research, which shows such an attack could be done at scale and at a low computing cost.
To help enhance security, Firefox extension developers will be required to set up their accounts to support two-factor authentication beginning early next year, Mozilla, the open source community that supports the browser, has announced.
The gang behind Maze ransomware has begun publicly identifying its victims and listing data that it exfiltrated from systems before leaving them crypto-locked. The intent is clear: By naming and shaming victims, the Maze gang is trying to compel them to pay.
Suspicious code uploaded to VirusTotal points to Ryuk ransomware being used in a crypto-locking malware attack against New Orleans. Mayor LaToya Cantrell has declared a state of emergency and the city is continuing its recovery, noting that no emergency services have been affected.
The latest edition of the ISMG Security Report discusses why cyber defense teams need to think more like attackers. Plus, a case study on cross-border payment fraud, and an expert's take on security for the 2020 elections.