Perera is editorial director for news at Information Security Media Group. He previously covered privacy and data security for outlets including MLex and Politico.
The U.S. federal government's cybersecurity agency warned that hackers are exploiting a vulnerability in DevOps platform GitLab that was patched in January. The vulnerability allows hackers to use the "forgot your password" function to send a reset link to an attacker-controlled inbox.
Probable nation-state hackers targeted Cisco firewall appliances in a campaign dating to late 2023, the networking giant disclosed Wednesday while releasing three patches, two of them rated critical. Cisco doesn't connect the hackers with a specific country. It dubs the campaign "Arcane Door."
The U.S. federal government instigated a full court press against four alleged Iranian state hackers, unsealing a multi-count criminal indictment, slapping the men with Treasury sanctions and offering a reward of up to $10 million for their capture.
Foundations housing seven large open-source projects are banding together ahead of what they say is a nearly impossible 2027 deadline created by Europe's Cyber Resilience Act - the world's first digital supply chain regulation. European Union lawmakers approved the act in March.
Google is prototyping a method to stymie hackers who get around multifactor security by stealing authentication cookies from desktops. Google says its proposal for cryptographically tying authentication tokens to computers will succeed where previous attempts such as Token Binding failed.
AT&T did an about-face Saturday, saying that a leaked tranche of data pertaining to 73 million individuals does in fact reveal sensitive information of current and former customers of America's largest wireless phone carrier. The company isn't necessarily taking responsibility for the breach.
The widespread advent of artificial intelligence is opening a fraud detection capability gap between large and small financial institutions, the U.S. Department of the Treasury warns, suggesting that it may use its own historical data to narrow the divide.
U.S. federal prosecutors indicted seven Chinese nationals they accuse of hacking for a Beijing economic and intelligence espionage group whose operations reacted to geopolitical trends. The suspects allegedly were contractors for a front company set up by an arm of the Ministry of State Security.
The Biden administration doesn't propose huge leaps in cybersecurity funding in an annual spending blueprint unveiled Monday afternoon. U.S. federal civilian cybersecurity spending would amount to $13 billion, while the military would spend $14.5 billion.
Generative artificial intelligence leader OpenAI returned Sam Altman to its board of directors Friday in a bid to put to rest a leadership crisis that rocked the San Francisco company during the last months of 2023. Fallout from the incident may yet reverberate for OpenAI.
A Russian state hack against Microsoft was more serious than initially supposed, Microsoft acknowledged in a Friday disclosure to federal regulators. Microsoft said a Moscow threat actor obtained access to "source code repositories and internal systems."
Fusty and fussy operational technology devices are probably the farthest things away from a web server. Except - not anymore. But web servers embedded into industrial firmware are also a potential bonanza for hackers, say researchers from the Georgia Institute of Technology.
A post-SolarWinds move away from Active Directory Federation Services to Azure AD - now known as Entra ID - didn't necessarily stop hackers from forging single sign-on authentication messages, warn security researchers from Semperis, who unveiled an attack they dub "Silver SAML."
A campaign by Russian military intelligence to convert Ubiquiti routers into a platform for a global cyberespionage operation began as early as 2022, U.S. and foreign intelligence agencies said. The U.S. disrupted a botnet built by a hacking unit of Russian military's Main Intelligence Directorate.
Russian-speaking ransomware operation LockBit reestablished a dark web leak site Saturday afternoon and posted a lengthy screed apparently authored by its leader, who vowed not to retreat from the criminal underground world. The FBI had no comment.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.