Many regions around the world now have local laws regulating the processing and storage of personally identifiable information (PII). Thats in addition to the GDPR (General Data Protection Regulation), with which every company handling EU residents data in any way must comply. Large organizations have relatively clear show more ...
The National Cyber Security Centre (NCSC) recently revealed that it has defended the UK from a record number of cyberattacks in the last year, including those targeted at supply chains.
Researchers found a phishing campaign that abuses the McAfee antivirus to scare people. It starts with a classic email that notifies the targeted user that a McAfee subscription expired.
Morgan Stanley agreed to pay $60 million to settle a lawsuit by customers who said the bank exposed their personal data when it twice failed to properly retire some of its older IT infrastructure.
To demonstate the doorLock bug, Trevor Spiniolas has released a proof-of-concept exploit in the form of an iOS app that has access to Home data and can change HomeKit device names.
The attack was possible because the abused cloud video platform allows users to add their own JavaScript customizations to players, by uploading a JavaScript file that is included in the player.
A team of academics has tested EDR software from 11 top cybersecurity firms and found that many fail to detect some of the most common attack techniques used by advanced persistent threat actors.
This year will bring new threats and attack strategies from adversaries. Unfortunately, this means any operation in every industry with an online presence is potentially at risk.
The malicious installer is a compiled AutoIt script named "Telegram Desktop.exe" that drops two different files, an actual Telegram installer, and a malicious downloader.
With data breaches on track to reach an all-time high, chief information security officers are on alert to find blind spots in IT infrastructures and mitigate risks to keep their organizations safe.
Microsoft has warned Windows and Azure customers to remain vigilant after observing state-sponsored and cyber-criminal attackers probing systems for the Log4j 'Log4Shell' flaw through December.
A majority of financial service institutions (FSIs) are having trouble properly securing their stored data, which could be particularly troubling given the rise in ransomware attacks.
A group of academics from UCSB demonstrated a "scalable technique" to vet smart contracts and mitigate state-inconsistency bugs, while also discovering 47 zero-day flaws on the Ethereum blockchain.
The attacks have been linked to a threat actor known as Konni, and have been taking place since at least December 20, cybersecurity firm Cluster25 said in a report published on Monday.
A possible nation-state attack on the UK’s primary defense training facility last year forced the academy to rebuild its IT infrastructure, according to a former senior officer.
In extensive research of many websites, including some high-traffic online services, security researcher Youstin ladunca recently discovered 70 cache poisoning vulnerabilities with various impacts.
According to a Positive Technologies report, the number of attacks in Q3 2021 decreased by 4.8% as compared to Q2 2021. This was mainly caused by some major ransomware players leaving the market.
Ransomware operators are back in business with the advent of 2022. Hardly one week of the year had passed, when researchers raised an alarm about a newly discovered Lapsus$ ransomware.
Medical data affected by the breach includes diagnosis, medical history, treatment details, prescription medication information, and physician information, along with health insurance information.
The Healthcare Supply Chain Association released two guides that outline key privacy and security considerations for medical devices, directed at healthcare delivery organizations and manufacturers.
Red Hat Security Advisory 2022-0008-03 - Samba is an open-source implementation of the Server Message Block protocol and the related Common Internet File System protocol, which allow PC-compatible machines to share files, printers, and various information.
Red Hat Security Advisory 2022-0007-02 - Red Hat Identity Management is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.
Red Hat Security Advisory 2022-0011-04 - Telnet is a popular protocol for logging in to remote systems over the Internet. The telnet-server packages include a telnet service that supports remote logins into the host machine. The telnet service is disabled by default. Issues addressed include a code execution vulnerability.
Projeqtor version 9.3.1 suffers from a persistent cross site scripting vulnerability leveraging an svg file.
Trojanized installers of the Telegram messaging application are being used to distribute the Windows-based Purple Fox backdoor on compromised systems. That's according to new research published by Minerva Labs, describing the attack as different from intrusions that typically take advantage of legitimate software for dropping malicious payloads. "This threat actor was able to leave most parts of
A group of academics from the University of California, Santa Barbara, has demonstrated what it calls a "scalable technique" to vet smart contracts and mitigate state-inconsistency bugs, discovering 47 zero-day vulnerabilities on the Ethereum blockchain in the process. Smart contracts are programs stored on the blockchain that are automatically executed when predetermined conditions are met
A persistent denial-of-service (DoS) vulnerability has been discovered in Apple's iOS mobile operating system that's capable of sending affected devices into a crash or reboot loop upon connecting to an Apple Home-compatible appliance. The behavior, dubbed "doorLock," is trivial in that it can be triggered by simply changing the name of a HomeKit device to a string larger than 500,000 characters
The Jerusalem Post says that its website was defaced on Monday, and pointed the blame at pro-Iranian hackers who they said posted an illustration depicting a ballistic missile being launched at an exploding nuclear facility in Dimona.
