Who watches the penetration-testing testers? Questions are circulating over how some organizations train their employees for the CREST pen-testing certification after some leaked internal documents appeared to contain material from past tests.
The U.S. Justice Department has seized more than $2 million worth of cryptocurrency from terrorist groups who solicited donations via social media and waged fraud campaigns.
Why has the tally of major health data breaches - and the number of individuals affected - spiked in recent weeks? Here's an analysis of the latest trends.
Since 2018, an advanced persistent threat group dubbed RedCurl, which has served as a team of for-hire hackers specializing in corporate espionage, has hit at least 14 targets in Canada, Russia, the U.K. and beyond, says cybersecurity firm Group-IB.
The SANS Institute, which is known for its cybersecurity training courses, is now planning to turn its own data breach into a teachable moment for its membership.
To help mitigate the risks posed by business email compromise scams that target privileged users, enterprises need to create a detailed enterprise risk management plan that spells out procedures to secure accounts, says Espen Otterstad, CISO at Norwegian telematics company ABAX AS.
Sen. Kamala Harris of California, presumptive Democratic presidential nominee Joe Biden's pick for his vice presidential running mate, has a track record of interest in election security issues. But so far, none of her sponsored measures have won Congressional approval.
Yet another ransomware-wielding gang has threatened to steal and leak the data of any victims who refuse to pay a ransom: The operators of Avaddon ransomware have created a dedicated data-leak site that already lists a construction firm victim, and the gang continues to recruit new affiliates.
The Maze ransomware group has posted on its darknet website some data it claims it stole during a recent attack against Canon USA, according to the security firm Emsisoft.
The operators behind the AgentTesla remote access Trojan have upgraded the infostealer with additional capabilities, including the ability to steal credentials from VPNs, web browsers, FTP files and email clients, Sentinel Labs reports. The low-cost malware is used in BEC scams and other campaigns.
High-speed trading firm Virtu Financial says it lost $6.9 million in a business email compromise scam in May. The company is now suing its insurer for failure to cover the loss.
Qualcomm is prepping patches for its Snapdragon Digital Signal Processor, used in an estimated 1 billion or more Android devices, after researchers at Check Point counted 400 flaws that attackers could exploit to take control of devices and steal all data they store.
The Domain Name System, which is at the heart of the internet, is a rich source of data that can help organizations defend themselves against cybercrime. DNS pioneer Paul Vixie says monitoring DNS traffic is crucial, and it's advisable to run your own recursive resolver.
The fight against fraud requires more than using the right technologies; it requires understanding threat actors' techniques, says Robert Villanueva of Q6 Cyber.
Researchers at the security firm Kaspersky say distributed denial-of-service attacks increased dramatically in the second quarter, most likely as a result of the shift to a remote workforce because of the COVID-19 pandemic.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.