The National Health Service in England should have been able to block the "unsophisticated" WannaCry ransomware outbreak, U.K. government auditors have found. Security experts say the findings should be studied by senior executives across all industries to "learn from the mistakes of others."
RBI has slapped a $1 million penalty on Yes Bank for failing to promptly notify the central bank of a 2016 data breach of its ATM Network. Many security practitioners are praising RBI for issuing the penalty, saying it calls attention to the importance of timely breach notification.
The BadRabbit ransomware attack appears to have been designed for smokescreen, disruption or extortion purposes, if not all of the above. So who's gunning for Ukraine and how many organizations will be caught in the crossfire?
Much of the world's critical infrastructure gets controlled by ICS or SCADA systems. But passive network traffic analysis by industrial control system security firm CyberX found vulnerable protocols, widespread Windows XP use and other concerns.
As a digital forensics investigator, Vesta Matveeva of Russia's Group-IB has great insight into the latest cyberattack trends - and the attackers. What conclusions can we draw about how to bolster defenses in 2018?
Anti-virus vendor Kaspersky Lab says that an internal probe has confirmed that in 2014 a PC running its anti-virus software flagged and submitted new Equation Group APT malware variants. But after an analyst realized the provenance of the source code, the firm says its CEO ordered that it be immediately deleted.
New ransomware called BadRabbit is directly targeting at least 200 organizations, primarily in Russia and Ukraine. The crypto-locking malware demands a ransom, payable in bitcoins, in exchange for a decryption key, and it appears to borrow code from NotPetya ransomware.
The Reserve Bank of India is now requiring all banks, including scheduled commercial banks, small finance and payment banks, to limit consumers' liability for fraudulent credit and debit card transactions. As a result, CISOs must ramp up their fraud prevention efforts to help limit banks' losses.
In a battle to save its reputation, Kaspersky Lab says it will allow independent inspections of its code, infrastructure and processes following U.S. government accusations that it colluded with Russian intelligence agencies. But will the move restore confidence?
The U.S. government has issued a rare technical alert, warning that attackers are continuing to compromise organizations across the energy sector, often by first hacking into less secure business partners and third-party suppliers.
Security companies are warning that a global attack using compromised IoT devices may be coming soon. Check Point says one million organizations are running a device infected with IoTroop, also known as Reaper, which is botnet code that perhaps is related to Mirai but spreads in a much different way.
The Kaspersky Lab saga raises questions about how vulnerable any anti-virus products and back-end cloud networks might be to hacking. Asked to describe exactly what security controls they offer, here's how 17 anti-virus firms answered - or have yet to answer.
A lawn mower engine manufacturer's notification to federal regulators of a health data breach impacting thousands of its workers highlights the HIPAA compliance duties for businesses that are self-insured for healthcare.
Spammers wielding Locky ransomware have a new trick up their sleeves: the ability to infect PCs via malicious Microsoft Word documents that use the Dynamic Data Exchange application-linking feature built into Windows to push ransomware onto victims' systems.