Hack-for-hire group StrongPity deployed Android malware to target visitors to Syria's e-government website as part of its latest cyberespionage campaign, security firm Trend Micro reports.
U.S. Customs and Border Protection has not always protected its Mobile Passport Control applications, making travelers' personally identifiable information vulnerable to exploitation, according to a new report from the Department of Homeland Security's Office of the Inspector General.
This edition of the ISMG Security Report features an analysis of ongoing investigations into the use of NSO Group's Pegasus spyware to spy on dissidents, journalists, political rivals, business leaders and even heads of state - and discussion of whether the commercial spyware business model should be banned.
As much as public cloud use is growing, both in total volume and in diversification of services, it is not a one-way trend. To meet evolving business needs, organizations are moving applications and workloads back and forth between cloud and on-premises environments.
A patch is forthcoming for a privilege escalation vulnerability in the Windows operating system that can allow hackers to gain a foothold. Meanwhile, Linux OS users also need to adopt system upgrades to fix a flaw, and Oracle and Juniper have announced product patches.
The older vision of vulnerability management of addressing vulnerabilities in silos is too inefficient and expensive for today’s enterprise. IT and security groups of today must monitor a much larger attack surface. Infrastructures and applications can change on a daily, even hourly basis. As cybercriminals are...
Verizon’s 2019 Data Breach Investigations Report found that technology sector is particularly susceptible to both internal (56%) and external (44%) threats; with financial motives (67%) and industrial espionage (29%) being the major drivers. The technology industry is also particularly vulnerable to DDoS attacks....
New guidance from the National Institute of Standards and Technology spells out security measures for "critical software" used by federal agencies and minimum standards for testing its source code. The best practices could be a model for the private sector as well.
Researchers at Cognyte have identified the six common vulnerabilities and exposures - or CVEs - that were most frequently discussed by apparent cyberattackers on dark web forums between Jan. 1, 2020 and March 1, 2021. Five of these CVEs were for Microsoft products.
Organizations of all sizes and in all industries are modernizing their applications to remain competitive in the digital economy. Often, these organizations find themselves in various stages of modernization requiring diverse tools and management capabilities for secure and efficient development and deployment. Attend...
A new exposé tracking how spyware has been used to target journalists and human rights advocates suggests attackers have been exploiting zero-day flaws in Apple applications and devices. Apple says the flaws, while serious, likely pose no risk to the vast majority of its users.
In an emergency directive, the U.S. Cybersecurity and Infrastructure Security Agency calls on federal agencies to immediately implement a patch to address the "PrintNightmare" Windows Print Spooler service flaw and disable the service on servers on Microsoft Active Directory domain controllers.
Attackers have been exploiting a zero-day flaw in SolarWinds' Serv-U Managed File Transfer Server and Serv-U Secured FTP software, the security software vendor warns. The company has released patched versions that mitigate the flaw, discovered by Microsoft, and is urging users to update.
Investment banking giant Morgan Stanley is the latest company to report a data breach tied to zero-day attacks on Accellion's legacy File Transfer Appliance - yet another indicator of the sustained impact of supply chain attacks.
This edition of the ISMG Security Report features three segments on battling ransomware. It includes insights on the Biden administration's efforts to curtail ransomware attacks, comments on risk mitigation from the acting director of CISA, plus suggestions for disrupting the ransomware business model.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.
