Western governments should take a page from China's cybersecurity playbook and sponsor sector-specific capture-the-flag competitions, not just for talent development and recruitment but also to help forge strong "social bonds," says a new report from Washington think tank Atlantic Council.
Cryptocurrency-seeking hackers are increasingly targeting macOS users. So warn security researchers as they track a rise in macOS backdoors and information-stealing malware, much of which traces back to a well-known cryptocurrency heist culprit: North Korea.
Firewall maker Sophos disclosed Thursday a half-decade worth of efforts by multiple nation-state Chinese hacking groups to infiltrate its appliances, calling the admission a wake-up call for the cybersecurity industry. Targeting firewall appliances is a known nation-state tactic.
A Russian-state hacking group is posing as Microsoft employees and sending malicious configuration files as email attachments to target organizations across the world. The campaign has the hallmarks of a Midnight Blizzard phishing campaign although its use of an RDP configuration file is novel.
Potential Ukrainian military recruits are being targeted by a "hybrid espionage and information operation" - likely Russian - involving Telegram anti-mobilization messaging and a "Civil Defense" website designed to distribute Windows and Android malware, warns Google's Threat Intelligence Group.
Security researchers found backdoored software packages in the NPM software library, apparent evidence of an ongoing campaign by North Korean hackers to social engineer coders into installing infostealers. Pyongyang hackers have a history of bizarre methods for stealing money.
The FBI said Friday afternoon it is investigating Chinese nation-state hacking of commercial telecommunications infrastructure following a news report that Beijing actors targeted data from phones used by Republican presidential nominee Donald Trump and his running mate, Ohio Sen. JD Vance.
In the latest weekly update, election security expert Annie Fixler joined ISMG editors to discuss the urgent challenges of safeguarding U.S. election infrastructure, countering cyberthreats and preventing foreign interference as Election Day approaches.
Check Point and Mimecast will each pay regulators nearly $1 million to settle charges of making materially misleading disclosures related to the SolarWinds Orion hack. The SEC alleged public disclosures from Check Point and Mimecast didn't capture the severity of the compromise.
The Cybersecurity and Infrastructure Security Agency is ramping up its warnings of potential election interference and influence campaigns in the lead up to the November vote. But voters can be assured their ballots are secure and will be counted as cast, the agency said.
Cybercriminals posing as a top security firm in Israel have launched wiper attacks on local cybersecurity professionals after bypassing significant security measures, according to recent reports. Cybersecurity firm Eset said threat actors did not compromise its systems.
Plans by Japan and U.S. to conduct military exercises near the coast of eastern Russia prompted Russia-linked threat actors to unleash a series of denial-of-service attacks this week against a dozen websites in Japan including the majority political party, business groups and governments.
North Korean threat actors posing as remote information technology workers are increasingly extorting ransom from Western companies after securing jobs under false pretenses, according to a new report from Secureworks' counter threat unit.
Iranian cyber actors are increasingly using brute force techniques, such as password spraying and multifactor authentication push bombing, to target critical infrastructure sectors, according to a cybersecurity advisory released Wednesday by the Cybersecurity and Infrastructure Security Agency.
Hackers may have circumvented a months-old patch for Fortinet gateway devices leading to a warning from the U.S. federal government over its active exploitation. Some security researchers say a February patch may not have fully squashed a flaw.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.