Kevin Mitnick, the self-described "world's most famous hacker" - thanks in no small part to his being featured on the FBI's Most Wanted list during a two-year manhunt - has died at the age of 59. After serving time in prison, Mitnick went legit, warning others about the dangers of social engineering.
While self-proclaimed Russian hacktivist groups such as KillNet, Tesla Botnet and Anonymous Russia claim they're wreaking havoc on anti-Moscow targets, a fresh analysis of their attacks finds that despite rampant self-promotion, their real-world cybersecurity impact is typically negligible.
The Biden administration on Tuesday initiated a nationwide cybersecurity certification and labeling program aimed at helping consumers choose smart devices that offer enhanced protection against hacking risks. Products will have a QR code and follow NIST standards.
The Russian Turla hacker group has targeted the Ukrainian defense sector and other Eastern European entities with a novel backdoor, dubbed DeliveryCheck, to deploy secondary payloads likely used for espionage, according to security researchers at Microsoft.
Top U.S. and Australian cybersecurity agencies strongly urged users to patch a critical zero-day flaw in Citrix ADC and Gateway appliances being exploited by unnamed threat actors in the wild. The bug, which is tracked as CVE-2023-3519, gives unauthenticated attackers RCE privileges.
The U.S. government has added two more commercial spyware vendors - Cytrox and Intellexa - to its list of organizations that face restrictions if they attempt to procure American goods or services, owing to the firms' "threatening the privacy and security of individuals and organizations worldwide."
Product security is the other half of the security picture. While IT security focuses on an internal audience, product security teams must respond quickly to issues identified by customers and researchers. Quentyn Taylor of Canon EMEA discussed the value of product security programs.
Many critical infrastructure sector organizations, especially smaller entities, will likely struggle to comply with an upcoming requirement to report cyber incidents to federal regulators within 72 hours - due to an assortment of reasons, said Stanley Mierzwa of Kean University.
China poses a growing threat to U.S. electric infrastructure and could potentially disrupt the power grid, gas and pipeline systems by exploiting compromised equipment and harnessing emerging artificial intelligence technologies for cyberattacks, experts told Congress on Tuesday.
What are your third parties doing for you when it comes to security, and what has been assumed that you are doing, plus what’s the impact of AI? Bridget Kenyon, CISO at Shared Service Connected, said most organizations need better visibility into vendor risks.
Netcraft landed a DigiCert and Progressive Leasing executive as its CEO to expand the company's footprint in the U.S. and better identify cyberattacks in real time. The firm tapped Ryan Woodley to capitalize on the $100 million raised from Spectrum Equity by bringing more scalability via automation.
It's becoming more critical than ever for hospitals to have vigorous programs that continuously evaluate and address the security risks posed by third-party vendors, said John Riggi, national adviser for cybersecurity and risk at the American Hospital Association.
How bad is the breach of the MOVEit zero-day to businesses, government agencies and their customers? The short answer is that the known fallout from the Clop ransomware group attack already looks bad and keeps getting worse as ongoing investigations add to the victim count of 20 million people.
While IT-OT convergence is accelerating, awareness and maturity of OT technologies still have a long road ahead. In this transition, organizations need to ensure the safety and health of workers is always the top priority for OT security, said Andre Shori, CISO, APAC with Schneider Electric.
Warning: Hackers are actively exploiting a flaw in Adobe's ColdFusion rapid web application development platform to execute malicious code. While Adobe attempted to patch the flaw, researchers say attackers appear to have found a way to bypass it by chaining together multiple flaws.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.