As staff increasingly connect to networks using internet of things devices, researchers have found a new way of detecting malware on IoT devices. The method leverages electromagnetic field emanations and can detect stealthy malware on the devices even in the presence of obfuscation techniques.
Proofpoint, which was acquired by private equity firm Thoma Bravo in 2021, has merged with Dathena, a New York-based AI data protection platform. Dathena's platform will address the need in Proofpoint's cloud management platform for safeguards against breaches and data exposure.
Amid a surge in cryptocurrency investment - particularly across DeFi - blockchain experts warn that lax security was a main factor in $1.3 billion in cryptoassets being lost to hacks, exploits and scams in 2021. The losses, according to CertiK, rose from $500 million in 2020.
Microsoft released its first rollout of 2022 patches that covers 96 new CVEs, plus 24 CVEs patched by Microsoft Edge (Chromium-based) earlier this month and two other CVEs fixed previously in open-source projects. This makes a January total of 122 CVEs. Nine are rated critical in severity.
Healthcare and public health sector entities must heed the warnings this week by federal authorities of Russian state-sponsored cyberthreats to critical infrastructure organizations, some experts say. Why are the stakes so high?
Cisco Talos researchers have discovered a heap-based buffer overflow vulnerability in the Chitubox Anycubic plug-in. The vulnerability - which scores a 7.8 in criticality - triggers if the user opens a specially crafted .gf file. There is no official fix available.
Attackers wielding Night Sky ransomware are among the latest groups that have been attempting to exploit critical vulnerabilities in widely used Apache Log4j software. Microsoft says that among other attacks, a China-based ransomware operator has been exploiting Log4j flaws in VMware Horizon.
A security researcher in Germany says he's discovered a software flaw affecting a small number of Teslas, allowing him to unlock doors and windows, start vehicles without keys and disable security systems. The flaw, however, does not affect steering, acceleration or braking.
Cybersecurity in today's world is no longer primarily about the implementation of products or solutions. It is more about the analysis of behavior and the ecosystem. Krishnamurthy Rajesh of ICRA discusses the role of artificial intelligence and the need for collaboration among business functions.
A vendor that provides clinical reviews notified nearly 135,000 individuals and dozens of clients of a cyberattack involving the exploitation of a product vulnerability and data exfiltration. Experts say the incident is the latest reminder of the importance of comprehensive vulnerability management.
The U.S. Cybersecurity and Infrastructure Security Agency, FBI and National Security Agency warn in a joint advisory that state-sponsored Russian attackers are actively exploiting and seeking to cause disruption to critical infrastructure, and it urges defenders to mitigate commonly seen attack vectors.
A week after the attacks on Portuguese news firms, the Lapsus$ ransomware group has hit Brazilian car rental company Localiza. Users of the platform were redirected to a porn website in the early hours on Tuesday. The attack on Localiza, which has since partially restored its website, is likely a DNS attack.
Cybercrime gang FIN7 is impersonating the U.S. Department of Health and Human Services and Amazon to trick enterprises in the U.S. into using a malicious flash drive, according to the FBI. The threat actor targeted undisclosed companies in the transportation, defense and insurance sectors.
As the U.S. Congress continues to push for a strengthening of FISMA, lawmakers held a hearing with former government cybersecurity officials on Tuesday, all of whom expressed a need to update the law, last modified in 2014, and focus more on outcomes than on processes and compliance.
The Cyberspace Administration of China's new regulation for companies that offer algorithm-based recommendation services has been met with caution. Some statements in the regulation, which is to go into effect on March 1, are vague enough to be abused, and confidentiality is also a concern.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.