Researchers at open-source software firm Sonatype have uncovered multiple malicious packages that disguise themselves as legitimate JavaScript libraries on npm registries to launch cryptominers on Windows, macOS and Linux machines.
The current state of the XDR market is a "chaotic jumble of different features," according to Forrester analyst Allie Mellon, who has authored a new study to identify the top XDR providers in the industry: The Forrester New Wave: Extended Detection And Response (XDR) Providers, Q4 2021.
In the latest weekly update, four ISMG editors discuss: a federal judge imposing the maximum sentences on a hacker who pleaded guilty to conspiracy and aggravated identity theft, regulators getting tougher on cryptocurrency lending platforms and the return to in-person roundtables.
The outages of the notorious REvil - aka Sodinokibi - ransomware operation have been due to a coordinated law enforcement effort involving the U.S. and foreign partners, aimed at disrupting the group's attack capabilities, Reuters reports.
The U.S. Bureau of Industry and Security has issued an interim final rule to curb and control the export, reexport, or in-country transfer of certain offensive cyber tools that are used in surveillance of private citizens and other malicious activities that undermine the nation's security.
Researchers at Uptycs Threat Research have uncovered a campaign in which the cloud-focused cryptojacking group TeamTNT is deploying malicious container images hosted on Docker Hub with an embedded script to download testing tools used for banner grabbing and port scanning.
The number of cyber intrusions and attacks targeting the Electric sector is increasing from Activity Groups (AG), or threat groups, and from ransomware operations.
In 2020, Dragos identified three new AGs targeting the Electric sector. Of the AGs we are actively tracking, two-thirds of the groups targeting...
The business benefits of digital transformation in grid operations are tremendous, but this progress increases cyber risk to Operations Technology (OT) in the areas of safety, unscheduled downtime, and negative impact on corporate brand.
The good news is that there are practical steps utilities can take to enhance...
Industrial asset owners know that protecting the integrity of their systems is critical for maintaining operations, but the challenges around cybersecurity vulnerabilities make that job much harder. As environments become more connected, and attackers become more advanced, staying a step ahead has never been more...
New York State AG Letitia James served cease and desist letters to two cryptocurrency lending platforms that her office says engage in "unregistered and unlawful activities." Three other platforms were told by the OAG to "immediately provide information about their activities and products."
Israeli officials say they have fended off a wave of attempted cyberattacks on several hospitals and healthcare entities in recent days, as Hillel Yaffe Medical Center continues to recover from a ransomware attack last week that authorities reportedly suspect was carried out by Chinese hackers.
How many ways do U.S. businesses need to be told to lock down their systems to safeguard themselves from ransomware? That's the focus of a new, joint cybersecurity advisory from the U.S. government pertaining to BlackMatter, following an advisory issued last month about Conti.
Social media platform Twitter has suspended two accounts that were being used by members of the DPRK, a North Korean government-backed threat group, according to Adam Weidemann, an analyst with the Google Threat Analysis Group. The accounts allegedly targeted security researchers around the globe.
The U.S. Department of the Treasury unveiled additional steps to curb the illicit use of cryptocurrencies on Friday, warning enterprises not to engage with sanctioned entities exploiting the financial system - particularly to launder ransomware proceeds.
A newspaper reporter in Missouri who responsibly reported the exposure of Social Security numbers on a state government website has been accused of malicious hacking by the state's governor. The governor alleged the publication of the vulnerability after it was fixed was part of a "political vendetta."
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.com, you agree to our use of cookies.
