Faced with few options, companies are increasingly giving in to cybercriminals who hold their data hostage and demand payment for its return, while law enforcement officials struggle to catch the nearly invisible perpetrators.

The risks to organizations have become so severe that many simply pay their attackers to make them go away -- a strategy that may only embolden the crooks.

It's a case of asymmetric electronic warfare. Ransomware, which encrypts files until a victim pays to have them unlocked, can be devastating to an organization. Barring an up-to-date backup, little can be done aside from paying the attackers to provide the decryption keys.

To read this article in full, please click here

The latest zero-day vulnerability in Adobe Systems' Flash player has been used over the last two weeks to distribute ransomware called Cerber, email security vendor Proofpoint said.

Adobe said it would patch the flaw, CVE-2016-1019, on Thursday. The vulnerability affects all versions of Flash Player on Windows, Mac, Linux and Chrome OS.

Ryan Kalember, senior vice president of cybersecurity at Proofpoint, said his company detected an attack trying to exploit the flaw on Saturday.

One of Proofpoint's customers received an email with a document that contained a malicious macro that led victims through a series of redirects that eventually reached an exploit kit.

To read this article in full, please click here

Facebook-owned WhatsApp has strengthened the encryption of its widely used instant messaging app, a development that in theory makes it harder for law enforcement to gain access to communications.

WhatsApp's founders said Tuesday that the application now implements end-to-end encryption, which means only authorized users can decrypt messages.

"The idea is simple: when you send a message, the only person who can read it is the person or group chat that you send that message to," Jan Koum and Brian Acton wrote in a blog post. "No one can see inside that message. Not cybercriminals. Not hackers. Not oppressive regimes. Not even us."

To read this article in full, please click here

The Trump Hotel Collection said on Monday it is working with the Secret Service and FBI to investigate a possible payment card breach, its second one in less than a year.

The luxury hotel group is run by Republican presidential candidate Donald Trump and his family. 

"Like virtually every other company these days, we are routinely targeted by cyber terrorists whose only focus is to inflict harm on great American businesses," said Eric Trump, one of the candidate's sons, in an email statement. "We are committed to safeguarding all guests' personal information and will continue to do so vigilantly."

News of the breach was first reported by computer security writer Brian Krebs, citing three unnamed sources in the financial sector.

To read this article in full, please click here

CNBC inadvertently exposed peoples' passwords after it ran an article Tuesday that ironically was intended to promote secure password practices.

The story was removed from CNBC's website shortly after it ran following a flurry of criticism from security experts. Vice's Motherboard posted a link to the archived version.

Embedded within the story was a tool in which people could enter their passwords. The tool would then evaluate a password and estimate how long it would take to crack it.

A note said the tool was for "entertainment and educational purposes" and would not store the passwords.

That turned out not to be accurate, as well as having other problems.

To read this article in full, please click here

A large healthcare provider in the Washington, D.C., area said it has resorted to paper transactions after malware crippled part of its network early Monday.

MedStar Health, a not-for-profit that runs 10 hospitals, said its clinical facilities were functioning and that it did not appear data had been compromised. The malware prevented "certain users from logging into our system."

"MedStar acted quickly to prevent the virus from spreading throughout the organization," it said in a statement posted on Facebook. "We are working with our IT and cybersecurity partners to fully assess and address the situation."

To read this article in full, please click here

Cybercriminals are redoubling efforts to steal payment card details from retailers before new defenses are put in place, according to FireEye.

More than a dozen types of malware were found last year that target point-of-sale systems, the electronic cash registers the process payments at many retailers.

Over the last few years, hackers have successfully breached the systems, targeting weaknesses or software vulnerabilities in order to extract card details to sell on the black market.

As of last October, retailers are liable for fraudulent transactions that are not completed using EMV payment cards, which have a microchip and enhanced security defenses that better shield card data.  

To read this article in full, please click here

A researcher with RSA says faulty firmware found in security cameras sold by at least 70 vendors may be a contributor to many of the credit card breaches that have proved costly to retailers.

Rotem Kerner based his research on a paper RSA published in December 2014 into a malware nicknamed Backoff, which steals payment card details processed by point-of-sale systems.

The U.S. Secret Service and Department of Homeland Security warned in August 2014 that upwards of 1,000 U.S. businesses may have been infected with Backoff.

To read this article in full, please click here

A malware researcher has found a few tricks to stop one of the latest types of ransomware, called Locky, from infecting a computer without using any security programs.

Ransomware is malware that encrypts a computer's files. Users are shown instructions for how to pay a fee to get the decryption key. The costs can range from a few hundreds dollars to thousands, payable to cybercriminals in bitcoin.

Locky is a relative newcomer to the ransomware scene, which computer security researchers first saw over the last few months. It is primarily distributed through spam messages that try to trick people into opening attachments, such as fake invoices.

To read this article in full, please click here

If you're a hacker, it's a good idea to stay away from Facebook and Gmail to communicate with your colleagues.

Three men, who allegedly were part of a multi-year hacking campaign executed by the Syrian Electronic Army (SEA), left a long digital trail that didn't make them hard to identify, according to court documents.

The U.S. Department of Justice unsealed charges on Tuesday against the men, who are accused of hacking companies and defacing websites.

The SEA, which emerged around July 2011, claimed credit for prominent hacks that sought to support Syrian President Bashar al-Assad. The group targeted the White House, Harvard University, Reuters, the Associated Press, NASA and Microsoft, among others.

To read this article in full, please click here

The Tor Project is fortifying its software so that it can quickly detect if its network is tampered with for surveillance purposes, a top developer for the volunteer project wrote on Monday.

There are worries that Tor could either be technically subverted or subject to court orders, which could force the project to turn over critical information that would undermine its security, similar to the standoff between Apple and the U.S. Department of Justice.

Tor developers are now designing the system in such a way that many people can verify if code has been changed and "eliminate single points of failure," wrote Mike Perry, lead developer of the Tor Browser, on Monday.

To read this article in full, please click here