As fraudsters continue to improve their email spoofing with better socially engineered schemes, business email compromise attacks will become more successful, says Denyette DePierro of the American Bankers Association, who discusses how banks can help customers avoid becoming victimized.
Organizations have more endpoints today than ever, and securing those endpoints is challenging, because it's rare that any one organization is responsible for all the endpoints that touch its network and servers, says Mike Spanbauer, vice president of research and strategy at NSS Labs.
Score another one for social engineering: A phishing campaign used a bogus "Google Docs" app to trick people into surrendering full access to their Google accounts and contacts. Before Google squashed the campaign, up to 1 million of its users may have fallen victim.
Here are five cyber-related takeaways from FBI Director James Comey's testimony before the Senate Judiciary Committee, including his rationale on notifying Congress of his decision to reopen the probe of Hillary Clinton's use of a private email server and steps the bureau is taking to defend against the insider threat.
As attorney general of the state of Georgia, Christopher Carr sees the rise of cybercrime. But he also sees the growth of the cybersecurity industry in response to criminal threats. How does he envision his role in protecting the state?
Travel industry software giant Sabre has alerted hotels that its software-as-a-service SynXis Central Reservations system - used by more than 36,000 properties - was breached and payment card data and customers' personal details may have been stolen.
IBM and Lenovo have issued a security alert, warning that they inadvertently shipped malware-infected USB flash drives to some customers who use their Storwize hardware. The malware, known as Reconyc, is designed to install additional attack code on infected endpoints.
Make sure your Amazon S3 buckets have no holes. A California vehicle financing company has learned the hard way after exposing up to 1 million records online related to auto loan holders, according to a researcher's report.
Chipmaker Intel has issued a security alert for a flaw that has existed in many of its non-consumer CPUs for a decade. The flaw could be remotely exploited by attackers, using Intel's own remote-management tools, to access devices, install malware and breach networks.
Interpol, working with countries and security vendors, says it has uncovered 270 websites - including some government portals - compromised by malware. In some instances, the websites contained personal data of citizens.
Two men have pleaded guilty to hacking London-based telecommunications giant TalkTalk in 2015. Police say one of the men boasted in social media account chats about wiping and encrypting his hard drives, as well as taking part in the hack attack.
Adam Mudd has been sentenced to a two-year prison term after he pleaded guilty to developing and selling "Titanium Stresser," an on-demand DDoS attack tool tied to over 1.7 million attacks worldwide. Separately, Britain's high court ruled that Lauri Love can fight a U.S. extradition request.
Warning: A dumped Equation Group exploit is designed to bypass authentication on 386 types of Oracle databases. One concern is that the exploit might be used by attackers such as the Lazarus Group to refine their attempts to inject fraudulent money-moving messages into the SWIFT network.