Supply chain attacks have evolved from exploiting organizations with unpatched vulnerabilities in open-source libraries to proactively injecting malicious code into a victim's IT environment, according to Janet Worthington, senior analyst at Forrester.
Most of the healthcare organizations hit by distributed denial-of-service attacks by pro-Russia hacktivists in January have one or more level 1 trauma centers, indicating that the attackers aimed to disrupt care for the most critically ill and injured patients, according to a new government report.
Every week, Information Security Media Group rounds up cybersecurity incidents in the world of digital assets. Between March 31 and April 6, hackers returned millions of dollars in stolen cryptocurrency, a rogue validator stole $25 million, and bad actors used new malware to steal cryptocurrency.
Every week, ISMG rounds up cybersecurity incidents and breaches around the world. This week, we check in on a breach at a law firm that does work for Uber, Dutch software maker Nebu, the latest in Oakland, California, and more. Oh, are Western Digital cloud services still down? Yes.
North Korean hackers who use social engineering tactics for espionage have learned that less is more when it comes to coaxing victims into clicking a malicious link. Hackers that Google tracks as Archipelago might not introduce a malicious link until after a chain of emails has been exchanged.
Spanish National Police on Friday arrested a teenager hacker who allegedly stole the sensitive data of more than half a million taxpayers from the national revenue service and boasted in an online podcast about having access to personal data of 90% of the population.
Warning to criminals: Could that cybercrime service you're about to access really be a sting by law enforcement agents who are waiting to identify and arrest you? That's the message from British law enforcement agents, who say they're running multiple DDoS-for-hire sites as criminal honeypots.
U.S. federal prosecutors say an Estonian man was prepared violate U.S. export regulations by selling a license for penetration testing software to a Russian individual. Andrey Shevlyakov has been on a U.S. blacklist known as the Entity List since 2012.
OpenText, Varonis and Forcepoint joined Google and Microsoft atop Forrester's data security rankings, while Trellix and Broadcom fell from the leaders category. Data protection historically focused on delivering security controls, but firms are increasingly looking to address adjacent use cases.
A former U.S. Army physician set to go to trial next month in a case alleging a scheme to provide military medical records to the Russian government contends they will not get a fair trial unless they are tried separately from their alleged co-conspirator spouse.
The FBI and other national police are touting an operation that dismantled Genesis Market, a marketplace used by ransomware hackers and bank thieves to gain ongoing access to victims' computers. Genesis Market since 2018 offered access to more than 1.5 million compromised computers around the world.
Not every ransomware group uses a larger-than-life persona designed to scare victims into immediately acceding to bogeyman extortionists' demands. Recently discovered Rorschach - aka BabLock - ransomware, researchers have found, opts instead for speed, stealth and more modest ransom demands.
Before he became a chief technical security officer at Qualys, Josh Hankins was a cybersecurity leader in financial services. He learned how security audit failures are increasingly costly, and he devised new strategies for audit preparation. He shares his insights here.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.