What happens when an e-commerce retailer sends customers a data breach notification email with a subject line that reads "strictly private and confidential"? "Clearly trying to make people stay quiet," responded one unamused Fat Face customer. Others report being none the wiser as to what risks they now face.
The latest edition of the ISMG Security Report features an analysis of recent “tell-all” interviews with members of ransomware gangs. Also featured: insights on securing IoT devices and mitigating insider threat risks.
The SolarWinds supply chain attack demonstrates that Russian intelligence services have learned from previous operations and adjusted their tactics, says Dmitri Alperovitch, the former CTO of security firm CrowdStrike, which investigated Russian interference in the 2016 election.
Criminals operating online continue to tap ransomware in their pursuit of an illicit payday. That was the cybercrime reality throughout 2020, and unfortunately it still appears to be holding true in the first months of this year, the Cisco Talos Incident Response team reports.
Insurance provider CNA reported Tuesday it was victimized over the weekend by a "cybersecurity attack" that caused a network disruption and affected certain systems, including corporate email.
A third-party claims administrator of health and social services programs for the elderly apparently paid a ransom to Netwalker attackers about a month before global law enforcement officials disrupted the gang in January.
A phishing attack that targeted a unit of the California State Controller’s Office, exposing Social Security numbers and other sensitive information, should raise questions about the type of security deployed by the agency and prompt a fresh examination of its cybersecurity plans, some security experts say.
Criminals continue to target on-premises Microsoft Exchange servers that have not yet been updated with four critical patches, including for a ProxyLogon flaw, which is now being targeted by Black Kingdom ransomware. One expert describes the attack code as being "rudimentary and amateurish" but still a threat.
What's that IoT device on your network? A lot of organizations may not know. That's why Gartner analyst Tim Zimmerman says enterprises need to create IoT security policies and governance rules to reduce risk.
The REvil ransomware gang has added a new malware capability that enables the attackers to reboot an infected device after encryption, security researchers at MalwareHunterTeam report.
A recent phishing scheme used fake Microsoft Office 365 update messages to target financial executives and others in an effort to harvest their credentials, according to the security firm Area 1.
The developers behind the Purple Fox fileless downloader malware have upgraded their operation and are using worm capability to target internet-facing devices running Windows, the security firm Guardicore Labs reports.
Unemployment fraud incidents have spiked in the past year, and high-salaried senior executives are often the fraudsters’ victims. Dr. Christopher Pierson of BlackCloak describes how these scams are pulled off, what impact they have and how the CISO can bolster defenses.
Canadian IoT device manufacturer Sierra Wireless reported Tuesday it had suffered a ransomware attack over the weekend, forcing it to halt production. The attack has disrupted its website and some internal operations.
The SolarWinds supply chain attackers manipulated OAuth app certificates to maintain persistence and access privileged resources, including email, according to researchers at Proofpoint.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.