As part of a settlement of allegations that Zoom "engaged in a series of deceptive and unfair practices that undermined the security of its users," the U.S. Federal Trade Commission is requiring the video conferencing provider to implement and maintain a comprehensive security program within the next 60 days.
Check Point Research has uncovered a large and likely profitable business model that involves hackers attacking and gaining control of certain VoIP services, which enables them to make phone calls through a company's compromised system.
The operators behind a botnet dubbed "Gitpaste-12" are abusing legitimate services such as GitHub and Pastebin to help hide the malware's malicious infrastructure, according to Juniper Threat Labs. This botnet mainly targets Linux apps and IoT devices and can mine cryptocurrency.
Apple issued an update for iOS and iPadOS on Thursday that fixes three zero-day flaws found by Google's Project Zero bug-hunting team and a range of other security-related flaws. Google says the bugs are being exploited by attackers but haven't been used in election-related cyber activity.
Victims of crypto-locking malware who pay a ransom to their attackers are paying, on average, more than ever before. But investigators warn that when victims pay for a guarantee that all data stolen during an attack will get deleted, criminals often fail to honor their promises.
California voters passed Proposition 24, the California Privacy Rights Act, on Nov. 3, which expands upon the recently activated California Consumer Privacy Act specifically when it comes to enforcement and how businesses handle personal data.
Attackers have been actively exploiting a flaw in Rackspace's hosted email service to send phishing emails, bearing legitimate and validated domain names, as part of business email compromise scams, warns IT security testing consultancy 7 Elements. Rackspace tells customers it plans to fix the problem soon.
Takeaway from the U.K.'s GDPR privacy fine against hotel giant Marriott: During M&A, review an organization's cybersecurity posture before finalizing any acquisition. Because once a deal closes, you're fully responsible for data security - IT network warts and all.
Despite the soaring list of customers reporting data breaches tied to the May ransomware attack on Blackbaud - and numerous legal actions filed against the company - the fundraising software vendor recently told Wall Street that it expects cyber insurance to cover the bulk of its costs associated with the incident.
The U.K. NCSC responded to over 700 cyber incidents over a 12-month period, 200 of which were related to the COVID-19 pandemic, according to the cyber agency's annual report. NCSC also notes that's it's preparing to step-up its response to cyber incidents involving the NHS and vaccine development.
CISA and Oracle are urging users to apply an emergency patch for a vulnerability in the software giant's WebLogic Server product. This "severe" bug is already under active exploitation and could allow an attacker to run malicious code, security experts say.
Aleksandr Brovko, a Russian national, has been sentenced to eight years in federal prison for stealing personally identifiable data and online banking credentials using a botnet, according to the U.S. Justice Department. Federal prosecutors estimate the losses at $100 million.
Microsoft plans to patch on Nov. 10 a zero-day kernel vulnerability found by Google's Project Zero bug-hunting team. Google released the details of the flaw after a week because attackers are using it in the wild.
In a notification letter filed to the Montana Department of Justice, precious metal trader JM Bullion has revealed that an unknown amount of customer information has been compromised in a data breach. The security incident took place over a five-month period earlier this year.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.