A sophisticated nation-state spy network has quietly exploited a backdoor in Microsoft Exchange servers that gave attackers unprecedented access to the emails of at least three targets over five years, security firm ESET warns.
An unsecured database belonging to Canadian mobile operator Freedom Mobile exposed personal details and unencrypted payment card data, according to two security researchers who discovered the data. The database has since been secured, with Freedom Mobile blaming the error on a third-party provider.
JavaScript sniffers, which are used to skim credit card and other customer data from e-commerce websites, are a persistent threat.
In the latest incident, an attack targeted about 200 online campus stores in the U.S. and Canada, Trend Micro reports. But this attack apparently was waged by a new group.
A Chinese hacking group was using exploits and tools developed by the NSA months before the tools were released by another group, Symantec says in a new report. The surprising report deepens the mystery around an extraordinary situation in which the U.S.'s most effective cyberweapons were compromised.
With today's challenges from an increasingly hostile threat landscape, combined with a lack of people, expertise, and budget, organizations are driving toward optimizing their SIEM and SOAR solutions in order to get the highest return their investment. Of the greatest areas of unmet need with SIEM and SOAR solutions,...
Despite a doxing of its targets and tools in March, the advanced persistent threat group known as OilRig remains a significant threat to governments and businesses, researchers at Palo Alto Network's Unit 42 report.
A Ukrainian national is facing wire fraud and other charges stemming from his alleged involvement in a years-long malvertising scheme that infected millions of PCs around the world. Authorities allege that he created a botnet that other cybercriminals could rent out.
In what may be a case of industrial espionage, Massachusetts-based drug development company Charles River Laboratories has reported a cyberattack involving the copying of client data by an intruder. Why is IP theft a growing worry for the healthcare sector?
President Donald Trump on Thursday signed an executive order that offers a mix of incentives and new guidelines aimed at hiring and retaining more security pros to work within the federal government. The order creates a President's Cup Cybersecurity Competition as a way to reward top professionals.
German police have disrupted Wall Street Market and arrested its alleged administrators, who apparently "exit scammed" with $13 million in bitcoins, while U.S. authorities detained two of the site's alleged top narcotics vendors. Separately, Finnish police disrupted Silkkitie, aka Valhalla Marketplace.
New exploits released online that target long-known configuration weaknesses in SAP's NetWeaver platform could pose risks to payroll, invoicing and manufacturing processes, according to researchers at Onapsis. As many as 50,000 companies could be vulnerable.
WikiLeaks founder Julian Assange returned to court on Thursday and told a British judge that he would not voluntarily accept extradition to the U.S. to face a charge of helping to hack into a Pentagon computer, setting up a legal fight that could take months.
The U.S. Department of Homeland Security is requiring that federal agencies speed up patching and remediating "critical" and "high" software vulnerabilities. Security experts say this change is long overdue. But does it go far enough?
An Australian security researcher who pleaded guilty to several charges related to probing the network of popular car-sharing service GoGet has avoided jail time. Nik Cubrilovic was sentenced to 400 hours of community service and must pay restitution to GoGet.
On Wednesday, a British judge sentenced WikiLeaks founder Julian Assange to 50 weeks in prison for violating the terms of his bail after he sought political asylum in Ecuador's U.K. embassy in 2012. Now he faces possible extradition to the U.S. to face a charge of "conspiracy to commit computer intrusion."
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.