Verizon’s annual data breach report is depressing reading, again
The take away from the 10th annual Verizon Data Breach Investigations Report is depressingly familiar: Of the 1,935 breaches analyzed 88 percent were accomplished using a familiar list of nine attack vectors, meaning they could probably have been prevented by a few simple cyber hygiene measures.
Manufacturing companies got wrecked by cyber-spies last year, Verizon report says
Government-backed cyber spies were behind a majority of data breaches experienced by manufacturing companies in 2016, according to Verizon’s newly published 2017 Data Breach Investigations Report.
Iran-linked hackers used Microsoft Word flaw against Israeli targets, security firm says
The hacking group, dubbed OilRig by security researchers and believed to be tied to Iranian intelligence services, utilized a software flaw that allows attackers to execute a remote computer intrusion to take full control of a target device while leaving little or no trace, said Michael Gorelik, vice president of Israeli security firm Morphisec.
Basic phishing emails are so effective that most hackers don’t use exploit kits anymore
Hackers overwhelmingly prefer to target email accounts as their entry point into organizations, today, and that’s causing a massive drop in exploit kit usage, according to new research conducted by Symantec. The findings underscore a significant and recent transformation in the way that attackers generally seek to compromise systems; a trend that’s greatly accelerated over the last 12 months, Symantec found.
Ransomware demands now average about $1,000 because so many victims decide to pay up
Americans pay ransoms at double the global rate.
Zero day exploits are rarer and more expensive than ever, researchers say
"It's pushing the bad guys to find other ways," said one researcher.
Russian hackers heavily targeted news outlet in days after U.S. election, researchers say
Hackers working for the Russian government sent a barrage of targeted phishing emails between 2014 and 2016 to employees of major news outlets, and they focused particularly on Al Jazeera in the days following the U.S. presidential election, according to new research by cybersecurity firm Trend Micro.
Beyond concerns about AI, consumers see usefulness — particularly in cybersecurity, privacy
Almost two-thirds of American consumers welcome advances in artificial intelligence and machine learning, and cybersecurity is among the areas where assistance from AI has the most appeal, according to a new survey.
Leaked NSA tools, now infecting over 200,000 machines, will be weaponized for years
"Expect more bloodbath," says one researcher.
White House: Cyber executive order is close, will be ‘intertwined’ with federal IT modernization
The Trump administration is "close" to unveiling its cybersecurity executive order and is carefully aligning its policy in that area with plans to modernize federal IT networks being drawn up by President Trump's son-in-law, White House Cybersecurity Coordinator Robert Joyce said Monday in his first public comments since taking office.
Interpol identifies 9,000 computers in Asia owned by hackers, used to launch ransomware
Nearly 9,000 computer servers based in southeast Asia are infected with or currently dispensing malware, according to a newly unveiled Interpol-led operation heavily supported by multiple private sector cybersecurity firms and domestic law enforcement agencies. Hundreds of compromised websites popularly used in Southeast Asia, including regional government portals, were also identified as under the control of hackers, Interpol announced Monday.
That was fast: Thousands of computers now compromised with leaked NSA tools, researchers say
The findings by security researchers are significant because they illustrate, among other things, the rapid pace at which cybercriminals can effectively adopt and then launch cyberattacks with complex, NSA-grade weaponry.
Prolific Russian credit-card hacker gets 27 years
A federal judge in Seattle Friday sentenced prolific Russian payment-card hacker Roman Seleznev to 27 years in prison — the longest sentence for computer crime ever imposed in an American court.
Software flaw that allowed Stuxnet virus to spread was the most exploited in 2016
Software updates aren’t the cybersecurity silver bullet that some computer experts make them out to be.
Android spyware in the Google Play Store was downloaded over 1 million times over 3 years
A piece of malware pretending to be an Android system update was downloaded over 1 million times since launch 2014. The malware, dubbed SMSVova, spied on a victim's location and relayed it to the attacker in real time.
New DARPA program seeks cybersecurity through hardware design
Pentagon scientists say they could stop 40 percent of current cyberattacks by producing secure computer chips. The System Security Integrated Through Hardware and firmware, or SSITH, program is looking for help from industry.
LastPass vulnerability ‘beats the entire purpose’ of two-factor authentication
The problem lies in how they stored the QR code used for setting up 2FA.
Six big vendors dominate a fragmented federal cyber market, numbers show
Federal procurement of cybersecurity goods and services is highly fragmented, according to new research published this week, but despite this long tail of small awards, the market space is dominated by a handful of familiar names.
Leaked NSA hacking tools are a hit on the dark web
A shadowy cast of random hackers are now sharing, promoting and working to reverse engineer the tools in the latest Shadow Brokers dump.
High school student allegedly hacks school, charges fellow students to change grades
Students hacking schools to change grades is a crime seemingly as old as time.