Security firms are warning that they've seen a spike in infections tied to a virulent strain of trojanized Android adware called Shedun - a.k.a. HummingBad - that can root smartphones, survive factory resets and earn cybercriminals big money.
Nationwide fast food chain Wendy's has revised from 300 to 1,025 the number of restaurants that suffered payment card compromises. Investigators say the breach was more severe than they first believed, and involved two separate waves of point-of-sale malware attacks.
A bitter battle flares up in the fiercely competitive endpoint protection products market, and uncovering the real impact over Hillary Clinton's email server. These items highlight this edition of the ISMG Security Report.
Security vendors are issuing warnings about two new types of dangerous Mac malware - Eleanor and Keydnap - which serve as a reminder that it's not just Windows users coming under fire from malicious software developers and tricksters.
Forget the 2015 mega-breach, an ongoing FTC probe or multiple class-action lawsuits: A new leadership team wants to reboot infidelity-focused online dating website Ashley Madison, promising that this time they'll get security and privacy right.
More than half of all Android smartphones have a flaw that can be exploited to bypass the devices' full-disk encryption. As a result, law enforcement agencies - or attackers - could access all supposedly encrypted data being stored on vulnerable devices.
Endpoint protection vendors compete fiercely for customers, and allegations of impropriety are common among rivals. The latest battle pits Sophos against Cylance. Whose version of the story is the truth?
Members of Congress have sent a letter to federal regulators saying that because ransomware attacks are "different" from other breaches in the healthcare sector, there's a need for new recommendations in upcoming government guidance.
Bank of the West's new approach to the insider threat is focused less on detection, more on preventing fraud in the first place. David Pollino tells why a "noisy" insider fraud program is more effective than covertly monitoring employee activity.
More than 200,000 internet-connected systems remain vulnerable to the OpenSSL vulnerability known as Heartbleed, more than two years after the flaw was publicly announced and related patches released, warns security researcher Billy Rios.
Ukraine's central bank has confirmed that one of the country's banks fell victim to a fraudulent SWIFT heist in April. This latest such attack revelation should spur all SWIFT-using banks to assume they've been hacked, until proven otherwise.
While malware may be used for an initial attack, hackers quickly begin using tools to move around networks that often don't raise suspicion. Here's what to look out for to detect a "low and slow" attack.
The Dark Overlord selling stolen healthcare databases for bitcoins leads the ISMG Security Report. Also hear about banks' move toward real-time transaction fraud controls and a bipartisan attempt in Congress to tackle the ongoing crypto and "going dark" debates.
The MySpace and LinkedIn data dumps have been made available by a security researcher on his website, which is perhaps the most easily accessible source for obtaining it. But does it put people at greater risk?
In the wake of recent SWIFT-related interbank payment heists, more banks are monitoring transactions for anomalous behavior in an attempt to catch fraud in real time, says Andrew Davies, a fraud prevention expert at core banking services provider Fiserv.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.