The U.S. Cybersecurity and Infrastructure Security Agency has issued an emergency directive requiring executive branch agencies to mitigate by Friday the risks posed by a zero-day vulnerability and three other recently patched flaws in Pulse Connect Secure VPN products.
The REvil - aka Sodinokibi - ransomware gang is threatening to release stolen Apple device blueprints unless it receives a massive payoff. The extortion threat - with a reported $50 million opening demand - was unveiled hours before Apple made a series of major new product announcements.
SonicWall has patched three zero-day vulnerabilities in the hosted and on-premises versions of its Email Security product after attackers began exploiting them last month. Attackers can exploit the flaws to access email and pivot deeper into organizations' systems, FireEye Mandiant reports.
The European Union has officially proposed a strict new regulation on artificial intelligence that would ban the use of biometrics for surveillance, citing privacy concerns. The regulation would prohibit the use of facial recognition and other biometrics in public places.
The Lazarus group, an offensive hacking team with ties to North Korea, rolled out a new weapon during a recent phishing campaign targeting South Koreans: Image-laden documents containing malicious bitmap files, reports security firm Malwarebytes.
Ransomware attacks now routinely feature multifaceted extortion efforts, and defenses need to evolve, says Stuart McKenzie of FireEye, who offers an analysis of the findings of the FireEye M-Trends 2021 report.
The U.S. Cybersecurity and Infrastructure Security Agency, Ivanti and FireEye report that federal agencies and other entities have been compromised by two attack groups, with one possibly acting on behalf of the Chinese government. The groups are exploiting vulnerabilities in Ivanti's Pulse Connect Secure.
A bombshell news report suggests that Dutch mobile network provider KPN in 2010 didn't know if one of its major equipment suppliers - China's Huawei - was spying on users. Viewed 11 years later, the report stands as a reminder to constantly review and address risks posed by suppliers.
A Ukrainian national who admitted to working as a system administrator and IT manager for the notorious FIN7 cybercriminal gang, which has been involved in the theft of millions of payment cards, has been sentenced to 10 years in federal prison.
Criminals continue to target ATMs with black boxes to run cash-out attacks and use explosives to get cash out of machines. But during the pandemic, most other types of attacks used to target ATMs, payment terminals and point-of-sale devices sharply declined, a new European study shows.