Nation-state attackers have been targeting known flaws that customers have yet to patch in their Pulse Secure, Palo Alto and Fortinet VPN servers, Britain's National Cyber Security Center warns, adding that any organization that didn't immediately apply patches should review logs for signs of hacking.
Rather than focusing solely on rankings offered by the common vulnerability scoring system, or CVSS, when setting priorities for risk mitigation, organizations need to size up the specific potential risks that vulnerabilities pose to their critical assets, according to a new report from RiskSense.
A large-scale banking botnet has targeted approximately 800,000 Android devices belonging to Russian citizens since at least 2016, according to a new research report by a trio of cybersecurity researchers.
Banking Trojans and cryptocurrency mining malware continue to be among the most-seen types of malicious code used for nontargeted attacks. But cybercrime attackers are increasingly running targeted campaigns, security researchers warn.
Threat actors that may have connections to China have been using a variety of malware in a series of information-gathering espionage campaigns across Southeast Asia since at least 2013, according to researchers at Palo Alto Networks' Unit 42 division.
British police have auctioned off bitcoins and other cryptocurrencies seized from a U.K. teenager who participated in the hack of the London-based telecommunications firm TalkTalk in 2015. The auction netted $294,000, which will be used by law enforcement to help fund crime-fighting efforts.
The Food and Drug Administration has issued an alert warning healthcare organizations about 11 vulnerabilities dubbed "URGENT/11" involving IPnet, a third-party software component that may introduce risks for certain medical devices and hospital networks.
With all of the tools deployed for endpoint detection and response, enterprises today are often overwhelmed by threat intelligence, says J.J. Thompson of Sophos. To alleviate "analysis paralysis," Sophos has just launched its Managed Threat Response service. Thompson details its offerings.With all of the tools...
"Cyberattacks are one of the unfortunate realities of doing business today," reads gaming company Zynga's data breach notification, thus breaking the first rule of crisis management: Own your mistakes. Hacker Gnosticplayers claims the company was still storing passwords using outdated SHA1.
Delayed enforcement of the "strong customer authentication" requirements for online transactions under the European Union's PSD2 regulation is hampering efforts to enhance security. That's why the European Banking Authority should act quickly to develop a new timeline.
The city of Baltimore's ransomware outbreak - $18 million in costs and counting - led to many crypto-locked files being lost forever, because no IT policy mandated centralized file backups. But effective IT solutions exist to help solve this challenge, provided they're deployed in advance of an attack.
More proof that when it comes to crime, there's nothing new under the sun: Federal prosecutors have charged two men with attempting to extort cryptocurrency worth more than $12 million from a startup firm planning to undertake an initial coin offering, in part via physical intimidation.
A threat group has been targeting U.S. veterans through a spoofed website promising help for those looking for jobs, according to research from Cisco Talos. Instead of providing job links, however, the phony website installs malware and spyware on a victim's device.