A Microsoft zero-day vulnerability has not been fixed by the technology giant despite having been reported months ago, according to a security researcher. To protect users, a micropatching service, 0patch, has issued unofficial, free patches.
Speaking about his role as managing director, business information security, at financial giant State Street, TJ Hart says, "I wake up nervous, and I go to bed nervous." But he channels that energy into trying to better understand the threat landscape and use that data to make better business risk decisions.
MSPs and their SMB clients took a beating in 2021 as cybercriminals evolved their strategies and extortion tactics to succeed with costly ransomware, tech supply-chain and other attacks. Recent research shows where businesses and their IT service providers failed to close gaps in defense strategies – gaps that led...
Researchers have identified a new remote access Trojan that uses a unique stealth technique to help it stay undetected on a victim's infrastructure and conceal Magecart malware. Dubbed CronRAT, it hides in the Linux calendar subsystem as a task that has a nonexistent date.
An Iranian attacker has been targeting users who have failed to patch a remote code execution vulnerability in a Microsoft browser engine to spy on Farsi-speaking victims, paralleling a similar campaign being run by North Korean attackers, researchers warn.
The Israeli government's Ministry of Defense reportedly has cut the list of countries to which Israeli companies’ cyber spyware can be exported from 102 to 37, reducing Israel's surveillance tool export market by two-thirds. The list specifically restricts doing business with those involved in offensive cyber.
The annual IRISSCOM cybercrime conference in Dublin aims to give attendees "an overview of the current cyberthreats facing businesses in Ireland and throughout the world" and how to best defend themselves, organizers say. Here are visual highlights from the conference's latest edition.
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including why security teams are still unprepared for cyberattacks over weekends and holidays, which experts warn is when attackers love to strike.
Three U.S. financial agencies have conducted a series of "policy sprints" around cryptocurrency assets and related regulatory gaps, and plan to amend existing guidance and regulations to address security and market risks, the Board of Governors for the Federal Reserve said this week.
Learning management platform Moodle, which caters to about 300 million users in 241 countries, is vulnerable to four high-risk flaws, according to a security advisory issued by the Indian Computer Emergency Response Team, or CERT-In.
Chinese threat actors may increasingly look to steal sensitive, encrypted data in hopes of decrypting it with quantum computing technology in the years ahead, according to a new report. Researchers say Chinese threat actors may target government, business and academic data with long-term value.
Web hosting giant GoDaddy confirms that a data breach which affected about 1.2 million of its active and inactive Managed WordPress customers, has also hit Managed WordPress users tsoHost, Media Temple, 123Reg, Domain Factory, Heart Internet, and Host Europe.
Financial health is now inextricably tied to identity safety, which makes delivering modern digital safety and security critical for financial institutions – especially those looking to attract younger consumers. Winning hard-to-please millennials and Gen Z requires an FI to differentiate itself with compelling...
More than $12 billion has been lost in decentralized finance, or DeFi, applications in 2021 - $10.8 billion of which is attributed to fraud and theft, a 600% increase from 2020, according to a new report from blockchain analytics firm Elliptic.