If you work IR, you know how frustrating the whole process can be, especially when a customer wants to fly the "mission accomplished" banner prematurely. Of course I understand the desire to bring it all to and end. The long hours start to wear on people. Questions of cost start to come in. "How much more time will this take?"
A growing community of private and highly-vetted cybercrime forums is redefining the very...
The fraud shift as a result of the migration to EMV chip payments in the U.S. will extend beyond...
Nearly all forensic investigations today involve digital evidence. But with current forensic workstations, what used to take days to download can now be accomplished in a matter of hours.
At 3 p.m. on Wednesday, the State of Oklahoma plans to execute Richard Glossip in the face of mounting evidence that he is innocent, as he has argued all along.
The FBI has a rather interesting opinion on how users should approach IoT devices and their security. The takeaway? If you want to use it, you'd better know what you're doing - and keep it off the Internet.
Driven by a rapidly developing threat landscape, effective incident response is now a mainstay of rigorous cyber security programs - although it remains an area that even many seasoned information security specialists struggle to come to grips with.
The law enforcement community has been warning technology companies that encryption in their products could let criminals and terrorists off the hook, with little evidence to support that claim. It turns out those warnings have some merit.
Ethnic hair products can change the susceptibility of hair to external drug contamination but race or hair color are not to blame.
At one time, most organizations didn’t really worry about post-breach litigation; they focused almost exclusively on the technical aspects of the incident response. Most people thought of breached organizations as victims of a crime, not someone to sue for getting hacked.
More and more cybercrime surveys are mislabeled as studies, security company PR gets reported as news, reliable stats on cybercrime are elusive, and it's almost impossible to tell realistic threats from headline trends.
Intransigent sort-of hacker collective Lizard Squad is back. Apparently. Sky News reports that it was unable to access the NCA site for a while, and quoted the NCA as saying that its site was an "attractive target" and that "attacks on it are a fact of life."
Who should Ashley Madison blame for the theft of it's information, former CEO Noel Biderman or Thadeus Zu?
There is a lot to be said about understanding the scope of an incident - including how quickly you can understand the scope - and how that ultimately impacts containment. If you ask any tried and true incident responders, you’ll generally get two different answers based on their experience and environment.
In-flight security made quite a lot of headlines earlier this summer, but this time at unusual angle. Aviation has always been focused on safety and had remained the most secure industry that ever existed. However, the buzz was about another aspect of security — the one quite surprising for an average passenger and quite expected for an IT specialist.
Last week, we saw the group behind a significant amount of Angler exploit kit (EK) switch to Neutrino EK. We didn't know if the change was permanent, and I also noted that criminal groups using EKs have quickly changed tactics in the past. This week, the group is back to Angler EK.
Hacked online cheating service AshleyMadison.com is portraying itself as a victim of malicious cyber criminals, but leaked emails from the company’s CEO suggests that AshleyMadison’s top leadership hacked into a competing dating service in 2012.
It appears the original intention of the Ashley Madison hackers was to expose what they see as fraud perpetrated on the users of the Ashley Madison website - not a moral crusade. But they might just end up making a lot of money for class-action lawyers.