A patch is forthcoming for a privilege escalation vulnerability in the Windows operating system that can allow hackers to gain a foothold. Meanwhile, Linux OS users also need to adopt system upgrades to fix a flaw, and Oracle and Juniper have announced product patches.
A U.K. citizen was arrested in Spain Wednesday at the request of the U.S. Justice Department for his alleged role in a July 2020 hack of Twitter and additional incidents involving TikTok and Snapchat. This is the third arrest in the Twitter case so far.
APT 31, a China-linked hacking group, is targeting French organizations by exploiting home and office routers in an espionage campaign, warns CERT-FR, the French government's computer emergency readiness team that's part of the National Cybersecurity Agency of France, or ANSSI.
Dutch police made two arrests this week in an effort to break up the alleged fraud-as-a-service syndicate known as "Fraud Family," which they say developed, sold and rented phishing frameworks to fraudsters who stole financial information.
Automation is essential to ensuring the security and success of any cloud migration, from the most basic to the most complex. This is the case made by Josh Zelonis of Palo Alto Networks and Dr. Anton Chuvakin of Chronicle Security. They discuss the value and benefits in this interview.
A bipartisan group of senators introduced a federal breach notification bill Wednesday that would require federal agencies, federal contractors and organizations that are considered critical to U.S. national security to report security incidents to CISA within 24 hours of discovery.
New guidance from the National Institute of Standards and Technology spells out security measures for "critical software" used by federal agencies and minimum standards for testing its source code. The best practices could be a model for the private sector as well.
Following revelations that commercial spyware vendor NSO Group was able to exploit the latest model of the Apple iPhone to install surveillance software, experts describe how Apple could be doing more to lock down its iOS mobile operating system as well as curtail attacks by making them much costlier to run.
Microsoft has announced the takedown of 17 domains that an unnamed threat group operating out of West Africa used to host fake Microsoft websites when conducting business email compromise attacks.
Marcus Christian, a former executive assistant U.S. attorney, implores businesses to not immediately abandon their incident response plans once it appears a suspected incident is resolved.
Cybereason, Rapid7 and Microsoft announced acquisitions this week designed to boost their security capabilities. Meanwhile, DevOps security firm Sysdig made a move to add infrastructure-as-code security to its portfolio.
Researchers at Cognyte have identified the six common vulnerabilities and exposures - or CVEs - that were most frequently discussed by apparent cyberattackers on dark web forums between Jan. 1, 2020 and March 1, 2021. Five of these CVEs were for Microsoft products.
A proposed $2.7 million settlement has been reached in a lawsuit filed against the University of Pittsburgh Medical Center in the wake of a 2014 data breach that exposed tens of thousands of employees' personal information and resulted in tax fraud.
Many security experts and analysts are applauding the U.S. for calling out China's cyber behavior, especially after the White House had focused so much attention on Russia's cyber activities. But some are calling for bolder action.
The leaking of an alleged target list of 50,000 individuals, tied to users of NSO Group's Pegasus spyware, has prompted questions over the scale of such surveillance operations, if the use of commercial spyware gets sufficiently policed and whether the sale of spyware to certain countries should be blocked.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.