Nation-state attackers have been targeting known flaws that customers have yet to patch in their Pulse Secure, Palo Alto and Fortinet VPN servers, Britain's National Cyber Security Center warns, adding that any organization that didn't immediately apply patches should review logs for signs of hacking.
Rather than focusing solely on rankings offered by the common vulnerability scoring system, or CVSS, when setting priorities for risk mitigation, organizations need to size up the specific potential risks that vulnerabilities pose to their critical assets, according to a new report from RiskSense.
Microsoft says that over the past two months, a hacking group apparently linked to Iran targeted email accounts associated with the campaign of one 2020 U.S. presidential candidate, current and former U.S. government officials, journalists covering global politics and prominent Iranians living outside Iran.
A Nigerian man charged with helping to run a $1 million phishing scheme that targeted the Government Services Administration and other agencies has been extradited to the U.S., where he has pleaded not guilty to a wire fraud charge, according to the Justice Department.
Banking Trojans and cryptocurrency mining malware continue to be among the most-seen types of malicious code used for nontargeted attacks. But cybercrime attackers are increasingly running targeted campaigns, security researchers warn.
More than 600 ransomware attacks pummelled local governments, schools districts and healthcare providers across the U.S. in the first three quarters of this year, according to a study by security firm Emsisoft. Meanwhile, the FBI this week issued a fresh warning about the threat.
Ransomware crime reports are up 300 percent in Toronto, but it's not just the frequency of crimes that is a concern - it's the complexity, says Kenrick Bagnall, detective constable with the Toronto Police Service.
Ransomware, business email compromises and the malicious insider threat: These are the three top concerns of Canadian attorney Imran Ahmad as he looks ahead to the cybersecurity legal landscape in 2020.
Dr. Matthew Kane spent years in the Canadian Armed Forces as an intelligence officer, honing his skills in deception detection. Now, as CEO of Solaris Intelligence, he's helping organizations spot and stop fraud and malicious insiders.
The latest edition of the ISMG Security Report analyzes concerns about the use of Huawei equipment by U.S. telecommunications firms. Also featured: A Huawei executive discusses 5G security, plus an update on an Australian ransomware attack.
U.S. senators Mark Warner and Marco Rubio are urging social media firms to create policies and standards to combat the spread of "deepfake" videos, which they say pose a potential threat to American democracy.
Threat actors that may have connections to China have been using a variety of malware in a series of information-gathering espionage campaigns across Southeast Asia since at least 2013, according to researchers at Palo Alto Networks' Unit 42 division.
A newly discovered cybercriminal gang is putting a twist on business email compromise scams by initially targeting vendors or suppliers with phishing emails and then sending realistic-looking invoices to their customers, according to the security firm Agari, which labels the approach "vendor email compromise."