The Cl0p ransomware group has been attempting to extort Thames Water, a public utility in England. Just one problem: the group attacked an entirely different water provider. Through ineptitude or outright lying, this isn't the first time that a ransomware group has claimed the wrong victim.
Organizations use a lot of different application types, all of which need secrets to do their jobs. And as more applications are developed across the various types, security teams have more secrets that they need to manage, rotate and audit.
Robotic process automation (RPA) helps your business be more efficient, scalable and compliant. By arming your teams with these security best practices, you can help ensure RPA bots and the credentials they need are secure without slowing down the pace of business.
Modern organizations have many different application types across their organization – from DevOps pipelines and cloud-native apps to robotic process automation bots and static homegrown apps. How do you keep the secrets used by all these different types of applications safe from attackers?
An updated version of the Russian-linked SOVA Android Trojan is back with updated attack techniques targeting more than 200 mobile applications, including banking apps and crypto exchanges/wallets. Researchers at Cleafy uncovered that the Trojan now also features ransomware capabilities.
A "secure message-themed" phishing campaign targeting healthcare providers aims to lure recipients to an Evernote notepad website in an attempt by hackers to harvest security credentials, federal authorities warn, saying the scheme puts entities at risk for potential data security compromises.
Security executives at Black Hat USA 2022 discuss the latest cybersecurity trends from confidential computing and unified threat hunting languages to attack surface management and recovery services, social engineering campaigns and blockchain vulnerabilities.
Black Hat USA 2022 opened with somber warnings from Chris Krebs about why application developers, vendors and the government need to solve major industry challenges. Key security executives also discussed DNS visibility, cloud security, patch management, APT strategies and supply chain woes.
ISMG caught up with 11 security executives in Las Vegas on Tuesday to discuss everything from open-source intelligence and Web3 security to training new security analysts and responding to directory attacks. Here's a look at some of the most interesting things we heard from industry leaders.
While Managed EDR can help in many endpoint scenarios, it’s important to be aware that going beyond the endpoint allows MDR and extended detection and response (XDR) to offer broader cybersecurity coverage.
The rise of ransomware brokers and the continued talent shortage mean defenders increasingly need security technology managed on their behalf, Sophos' Kris Hagerman says. Customers must manage all their security products from a single platform and analyze the data these tools generate, he says.
The ongoing Russia-Ukraine war has featured cyber operations being used to target Ukraine as well as Russia. But CyberPeace Institute, which tracks cyberattacks tied to the conflict, has so far seen 27 different countries being affected by more than 300 attacks, and many have affected civilians.
It's not enough for medical device makers to provide a software bill of materials - there also needs to be close attention paid to how vulnerabilities in components are communicated and managed, says medical device security expert Ken Hoyme.
Twilio, which runs a customer engagement platform used by thousands of businesses, says that its employees were tricked via SMS phishing messages into giving attackers their login credentials, resulting in the theft of information on customers, as well as their customers and end users.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.