Recent incidents involving inadvertent exposure of patient data on GitHub, a software development platform, point to the need to ensure that data loss prevention tools are implemented, all available security controls are leveraged and employees are made aware of the risks involved.
CISA is investigating whether five U.S. government agencies may have been breached when attackers exploited vulnerabilities in Pulse Connect Secure VPN products, according to a senior official. Security researchers believe that at least two nation-state groups have been attempting to exploit these flaws.
The Internal Revenue Service is sharpening its expertise in cryptocurrencies to help prevent their use for tax evasion and money laundering, says Jarod Koopman, a director at the agency. The IRS is partnering with companies that have developed techniques and technologies for tracing blockchain transactions.
Four editors at Information Security Media Group discuss timely issues, including how the zero-day attacks against Accellion File Transfer Appliance users have rewritten the rules of the cyber extortion game and former federal CISO Gregory Touhill taking on an important new role.
The Babuk ransomware gang says it will no longer launch attacks but instead will make its malware source code available for other attackers to use. The gang took credit for recent attacks against the Washington, D.C. Metropolitan Police Department and the Houston Rockets basketball team.
A cyberthreat gang that's been active since 2020 exploited a now-patched zero-day vulnerability in the SonicWall SMA 100 Series appliance to plant ransomware in attacks launched earlier this year, FireEye Mandiant researchers say.
The developer of Berkeley Internet Name Domain, or BIND 9, an open-source implementation of domain name systems, is advising users to mitigate three vulnerabilities that attackers could remotely exploit to cause systems to crash or become inaccessible.
Some security experts are questioning whether Experian is doing enough to ensure security after a researcher discovered that an API the credit reporting firm uses to allow lenders to check the credit score of prospective borrowers could expose customer's scores.
A lawsuit alleges that a security flaw in a Google COVID-19 contact-tracing tool is exposing personal and medical information of millions of users to third parties through device system logs. But Google says it reviewed the issue, updated code and is ensuring the fix is rolled out to users.
A coalition of government agencies and security firms has released a framework for how to disrupt ransomware attacks that calls for expanded regulation of the global cryptocurrency market to better track the virtual coins paid to cybercriminals during extortion schemes.
A bipartisan group of lawmakers has introduced a legislative proposal that would create a program, similar to the National Guard, to deploy those with tech and security skills during significant cyberthreats, such as the recent SolarWinds and Microsoft Exchange attacks.
He’s been an Air Force general, a CEO and the first federal CISO. Now Gregory Touhill is taking charge as director of the Carnegie Mellon University Software Engineering Institute's CERT Division. And he’s bringing all his past experience to bear in a new effort to forge partnerships and protections.
A Massachusetts man has pleaded guilty to running a yearslong scam that used SIM swapping and other hacking techniques to steal more than $530,000 worth of cryptocurrency.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.