Avast has recovered a nearly complete list of all firms targeted with second-stage malware via trojanized CCleaner installations.

Trojanized CCleaner Investigation: Lucky Break

Jeremy Kirk • September 26, 2017

Researchers investigating the CCleaner malware outbreak have had a lucky break: The attackers' backup server shows that they pushed secondary malware onto systems at Intel, VMware, Fujitsu and Asus, among others, as part of what appears to be a very targeted attack campaign.

Breach Notification

Kaspersky Lab Debate: Put Up or Shut Up

Latest

Breach Response

Senate Testimony: SEC Chairman Signals Cyber 'Mea Culpa'

Mathew J. Schwartz • September 26, 2017

The chairman of the Securities and Exchange Commission, Jay Clayton, will promise the Senate banking committee that his agency is pursuing numerous cybersecurity improvements in the wake of a May 2016 breach, according to prepared testimony.

Breach Response

Do CISOs Need to 'Dumb Down' Cybersecurity for Boards?

Eric Chabrow • September 26, 2017

Experts speaking out on how boards of directors and CISOs must do a better job in strengthening board involvement on cybersecurity matters leads the latest edition of the ISMG Security Report. Also, "Catch Me if You Can" impostor Frank Abagnale on the Equifax hack.

Data Breach

Buying Cyber Insurance: Who Should Be Involved?

Marianne Kolbasuk McGee • September 25, 2017

All the key players of a company's management group, including the CISO, need to be involved in the decision about whether to invest in cyber insurance, says Greg Markell of Ridge Canada Cyber Solutions, a cyber insurer.

Breach Notification

Profiting From the SEC Breach

Eric Chabrow • September 22, 2017

Analyzing the impact of a breach of computers at the U.S. Securities and Exchange Commission leads the latest edition of the ISMG Security Report. Also, exploring alternative plans to implement cybersecurity regulations on credit reporting bureaus in the wake of the Equifax breach.

Anti-Malware

Part of FTC Complaint Against D-Link Dismissed

Jeremy Kirk • September 21, 2017

A federal judge Tuesday dismissed three of six counts in a complaint filed by the U.S. Federal Trade Commission against IoT manufacturer D-Link that alleges its sloppy security practices deceived consumers. The FTC has until Oct. 20 to amend the complaint.

CISO

Why Adding Technical Experts to Boards Is Urgent

Tracy Kitten • September 20, 2017

Given the current threat environment, it's urgent that organizations add technical experts to their boards of directors to help ensure the development of effective cybersecurity strategies, says Art Coviello, retired chairman of RSA.

Breach Response

Do CISOs Need IT or InfoSec Academic Credentials?

Eric Chabrow • September 19, 2017

In the latest edition of the ISMG Security Report: a look at the former Equifax chief information security officer and whether her lack of academic credentials in IT or IT security is relevant to the massive breach at the credit reporting agency.

Anti-Malware

Avast Distributed Trojanized CCleaner Windows Utility

Mathew J. Schwartz • September 18, 2017

For one month, the installer for a widely used, free Windows utility called CCleaner also installed a malicious payload that was designed to allow attackers to push additional malware onto infected PCs, warns Cisco Talos. Developer Piriform, owned by Avast, has released updates that expunge the malware.

Anti-Malware

CDDC: One Secure Screen for Classified, Secret and Public Networks

Jeremy Kirk • September 15, 2017

Researchers in Australia says they've conquered a thorny problem: how to view information stored on multiple air-gapped networks at the same time without security or usability concerns. They've created a device, called the Cross Domain Desktop Compositor, that's been tested by the Australian Department of Defense.

Breach Preparedness

Gauging Equifax's Future in Wake of Massive Breach

Eric Chabrow • September 15, 2017

Top IT security and information risk experts, including former RSA Executive Chairman Art Coviello, analyze the struggles Equifax faces in the wake of a massive data breach in the latest edition of the ISMG Security Report.

Breach Notification

Equifax's Colossal Error: Not Patching Apache Struts Flaw

Jeremy Kirk • September 14, 2017

Equifax made an error that led to one of the largest and most sensitive data breaches of all time, and the mistake was elementary: The credit bureau failed to patch a vulnerability in Apache Struts - a web application development framework - in a timely manner.

Anti-Malware

Report: North Korea Seeks Bitcoins to Bypass Sanctions

Mathew J. Schwartz • September 14, 2017

In cryptocurrency we trust: The government of North Korea has been turning to bitcoin exchange heists and cryptocurrency mining - potentially using malware installed on other countries' systems - to evade sanctions and fund the regime, security experts say.