Did you know that once a secret makes it into a Git commit history, it stays there forever and can be left undiscovered for months or years? Recent attacks like Uber and Toyota underscore the risks. Once hackers gain access to critical systems via an exposed secret, they can move laterally across an organization to...
A Dutch court extradited a Ukrainian national to the United States, where he faces criminal charges related to his role in the malware-as-a-service Raccoon Stealer. The extradition of Mark Sokolovsky, 28, comes nearly two years after Netherlands police arrested him in March 2022.
The FDA's multifaceted approach to strengthening medical device security centers on several key areas, including enhanced regulatory oversight, industry collaboration and a recent organizational change that raises the profile of the agency's device work, said the FDA's Dr. Suzanne Schwartz.
In the latest weekly update, four ISMG editors discussed the relatively low profile of cyberwarfare in recent international conflicts, the potential revival of a dormant HIPAA compliance audit program and the security implications of sovereign AI development.
CISO Sam Curry and CMO Red Curry discuss the chaos and disruption of cyberwar and how attacks on critical infrastructure can tactically help attackers in combat, demoralize the general population and affect critical capabilities at just the right point in time.
This week, the Zeus leader pleaded guilty, Prudential detected hackers, U.S. telecoms have to report breaches, Microsoft patched zero-days, researchers said Chinese threat intel is faulty, ransomware hit Romanian healthcare entities, Juniper was breached and Poland allegedly previously used Pegasus.
Russia continues to focus on running cyber operations and espionage that target Ukraine's military, government and civil society in support of its ground campaign, researchers at Google said, warning that the information operations will likely soon be brought to bear on Western elections.
The U.S. federal government says it disrupted a criminal botnet that Russian military intelligence had converted into a platform for global cyberespionage. The malware targets Linux-based IoT devices - in this case, routers made by New York manufacturer Ubiquiti.
This week, the U.S. Treasury reported on crypto in crime, Changpeng Zhao's sentencing was rescheduled, PlayDapp was hacked, the UN probed North Korean hacking, suspicious crypto transactions increased in South Korea, the U.K. blocked fraud sites and Hong Kong warned about crypto phishing sites.
Supply chain security firm Eclypsium found corporate VPN maker Ivanti's Pulse Secure devices - which underwent much emergency patching amid a likely Chinese espionage zero-day hacking campaign - operate on an 11-year old version of Linux and use many obsolete software packages.
Email is a major entry point for threat actors, who have evolved their tactics to bypass traditional security solutions and now leverage AI to make attacks more scalable and harder to detect. In response, organizations are buying AI-enabled solutions to bolster their security posture. Download The Role of AI in Email...
In the past year, generative AI made groundbreaking strides in understanding and generating human-like text. User-friendly tools like ChatGPT quickly gained popularity, allowing modern businesses to streamline operations like never before. Unfortunately, access to generative AI has also empowered cybercriminals to...
The advent of generative AI has transformed the way modern organizations operate. While many business users are adopting tools like ChatGPT and Google Bard to enhance productivity, cybercriminals are also capitalizing on this technology—resulting in more attacks with increased sophistication.
To understand how...
Time and time again, cybercriminals have demonstrated their impressive ability to identify new ways to leverage everyday communication tools as mechanisms for deceiving employees.
The newest example of this exploitative expertise? QR code attacks.
In our latest email threat report, Abnormal researchers dive into QR...
The cyber threat landscape is projected to undergo significant transformation in the coming year, characterized by the emergence of novel and refined threat vectors as well as a resurgence of traditional attack methods.
Advancements in technology have provided malicious actors with an extensive toolkit to exploit...