Indian cybersecurity firm CloudSEK says another cybersecurity firm used a compromised collaboration platform credential to obtain access to its training webpages. CEO Rahul Sasi did not identify the alleged perpetrator and says the hacker did not obtain access to the company code base and database.
Microsoft Office's use of Internet Explorer to render HTML is the gift that keeps giving for North Korean hackers. Security researchers at Google say they spotted a Pyongyang threat actor using a now-patched JavaScript engine flaw via a malicious Office document.
Smartphone giant Apple says that starting later this year, users can enable end-to-end encryption of iPhone backups stored in the company's commercial cloud. Apple took pains to frame its announcement in the context of cloud computing data breaches.
SentinelOne plans to go after more Fortune 500 and Global 2000 organizations as the economic downturn prompts customers to shrink the size of their purchases. Over the past year, the company doubled the number of clients spending at least $100,000 and $1 million with SentinelOne annually.
Black Hat Europe returns to London, offering deep dives into the latest cybersecurity research and trends, including how to build an open, transparent, but also secure internet; harvesting zero-day flaws before attackers; what we can learn from "metaparasitical" scammers who scam scammers; and more.
Thousands of Rackspace customers continue to face hosted Microsoft Exchange Server outages after the managed services giant took the offering offline after being affected by an unspecified security incident Thursday. Rackspace urges affected customers to at least temporarily move to Microsoft 365.
The tech giants in the MAMAA club have a disproportionate amount of data. It helps them easily identify customers - even when signing in on new devices - reduces the friction of identity challenges such as multifactor authentication, and helps them spot fraud. Unfortunately, most of the rest of the world sits under...
Acer fixed high-severity bugs that hackers could use to disable the secure boot in several laptops built by the Taiwanese manufacturer. The vulnerability could give threat actors control over operating system boot processes and allow them to disable some protection mechanisms.
A longer sales cycle for small businesses and delayed subscription start dates for large enterprises have forced CrowdStrike to lower its sales forecast going forward. The Austin-based endpoint security company says deals with SMB clients took 11% longer to close in the fiscal quarter ended Oct. 31.
The shortage of cybersecurity professionals in the United States includes a scarcity of expertise in medical device security, says Bill Aerts, senior fellow and managing director of the University of Minnesota's recently launched Center for Medical Device Cybersecurity.
Cybersecurity experts warn that large healthcare and public sector organizations are continuing to get hit by "big-game hunting" attackers wielding Lorenz ransomware. Among the group's known victims are Wolfe Eye Clinic in Iowa and Salud Family Health of Colorado.
As the U.S. celebrates Thanksgiving, let's give thanks for this cybercrime karma: For more than two years, law enforcement and security experts have been exploiting flaws in the crypto-locking malware to help victims decrypt their systems without paying a ransom.
Microsoft says vulnerabilities in outdated web servers are likely responsible for a cyberattack last month against Indian energy giant Tata Power. Attackers targeted Boa servers, which were discontinued in 2005, to potentially compromise Tata and other critical infrastructure organizations around the world.
Before the newly spotted AxLocker ransomware crypto-locks systems, it steals Discord tokens, which can be sold on cybercrime markets. Among Discord's many users are cryptocurrency and NFT enthusiasts, and experts say the stolen credentials facilitate attempts to socially engineer them.
As they turn their attention to identity-focused attack surfaces, threat actors are identifying on-premise and cloud-hosted Active Directory (AD) environments as primary targets.
For most enterprises, AD is the central repository for all accounts and systems within the network, and it is responsible for all...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.
