The latest edition of the ISMG Security Report features an analysis of whether courts can trust evidence collected by Cellebrite's mobile device forensic tools. Also featured: Report shows attackers' dwell times plummeting; a call for partnership with law enforcement.
Security researchers say API flaws could have exposed the private data of millions of Peloton fitness equipment online service users for months before they were recently patched.
Attackers are increasingly using malicious OAuth 2.0 applications to siphon data and access sensitive information from cloud platforms, and mitigating the risks is proving challenging, according to the security firm Proofpoint.
The average amount of time that online attackers camp out in a victim's network - or "dwell time" - has been declining, FireEye's Mandiant incident response group reports. But the surge in ransomware accounts for some attacks coming to light more quickly because those attackers announce their presence.
The NSA is offering operational technology security guidance for the Defense Department as well as third-party military contractors and others in the wake of the SolarWinds supply chain attack. The agency notes that attackers could use IT exploits to pivot to OT systems.
The latest edition of the ISMG Security Report features an analysis of British spy chief Jeremy Fleming’s "cybersecurity call to arms." Also featured: Insights on COVID-19 business continuity planning; the wisdom of the late Dan Kaminsky.
Some security experts are questioning whether Experian is doing enough to ensure security after a researcher discovered that an API the credit reporting firm uses to allow lenders to check the credit score of prospective borrowers could expose customer's scores.
A lawsuit alleges that a security flaw in a Google COVID-19 contact-tracing tool is exposing personal and medical information of millions of users to third parties through device system logs. But Google says it reviewed the issue, updated code and is ensuring the fix is rolled out to users.
A Massachusetts man has pleaded guilty to running a yearslong scam that used SIM swapping and other hacking techniques to steal more than $530,000 worth of cryptocurrency.
Phishing, online fraud, cryptocurrency scams – they are coming at lightning speed, threatening enterprises and their brands. And just as fraudsters rely on automation to deliver these attacks, defenders can use automated tools to protect their brands. Jeff Baher of Bolster tells how.
An ongoing disinformation campaign dubbed "Ghostwriter," which leverages compromised social media accounts, is targeting several NATO member countries in Europe, attempting to undermine confidence in the defensive organization as well as spread discord in Eastern Europe, according to FireEye.
FluBot Android spyware is once again spreading throughout Europe following a temporary dip in activity in March after police arrested four suspects allegedly involved in the campaign, according to researchers at Proofpoint.
Several bipartisan congressional initiatives are seeking to expand the mission of the U.S. Cybersecurity and Infrastructure Security Agency. Here's a rundown of the details.
Apple has patched a zero-day flaw in macOS 11.3 that attackers have been exploiting since at least January to install advertising software on victims' systems. The flaw enables a malicious script to be deployed that bypasses Notarization, Gatekeeper and File Quarantine security defenses.
A series of cyber incidents targeting a Swedish vendor of oncology radiation systems earlier this month is still affecting some of the company's clients - including cancer treatment facilities in the U.S. - because the company has taken its cloud-based systems offline during its recovery effort.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.