An advertising software development kit called Mintegral that's embedded in 1,200 iOS apps misattributes ad clicks and logs potentially sensitive app data, security firm Snyk alleges. But Apple says there's no evidence the SDK is harming users.
Political campaigns are at risk from nation-state actors and other hackers seeking to exploit network vulnerabilities and create backdoors to access sensitive data that can be used to undermine the November election, says retired Brigadier General Francis X. Taylor, executive director of U.S. CyberDome.
The FBI and CISA warn that hackers are increasingly using voice phishing, or vishing, to target employees who are working from home due to the COVID-19 pandemic, steal their credentials and other data and use the information to launch other attacks or to steal financial data.
Freepik Co. says an SQL injection attack led to the leak of 8.3 million email addresses and 3.7 million hashed passwords for users of its Freepik graphic resources app and Flaticon icon database platform.
Card-not-present fraud is rising as fraudsters inject malware into e-commerce websites to harvest account information, says Gord Jamieson of Visa. But the artificial intelligence models used to detect this fraud need to be refined to better mitigate this threat, he says.
Lucifer, a botnet that has been infecting Windows devices with cryptominers and using compromised systems for distributed denial-of-service attacks, now has the ability to compromise Linux-based systems as well, according to Netscout's ATLAS Security Engineering & Response Team.
To build a successful vulnerability disclosure program, avoid thinking of it as quick-fix "bug bounty Botox," and instead focus on building positive relationships with the security community, hiring top-notch talent and "building a sustainable ecosystem," says Luta Security's Katie Moussouris.
Join CrowdStrike's Director of the Strategic Threat Advisors Group, Jason Rivera, and learn how to get the most value out of threat intelligence by effectively applying it across your organization - from security operations to executive leadership.
A P2P botnet dubbed "FritzFrog" has breached about 500 SSH servers, infecting universities in the U.S. and Europe and a railway company in an effort to plant cryptomining malware, Guardicore Labs reports. The botnet has also tried to infect banks, medical centers, governmental offices and others.
Implementing an adaptive, risk-based authentication process for remote system access is proving effective as more staff members work from home during the COVID-19 pandemic, says Ant Allan, a vice president and analyst at Gartner.
The Senate Intelligence Committee Tuesday released its fifth and final report on Russia's attempts to influence the 2016 election, providing more details on how Russian hackers resided on Democratic National Commitee servers for months and citing shortcomings in the FBI's investigation.
State and local governments are better equipped to ensure election security than they were four years ago, says Christopher Krebs, director of CISA, who calls on election officials to serve as "risk managers." His comments came at ISMG's Cybersecurity Virtual Summit.
The emerging cloud-delivered service model known as security access service edge, or SASE, is designed to help simplify security for remote access, says Sean Duca of Palo Alto Networks, who explains how the model works.
Copycats using well-known threat actor names, such as Fancy Bear and Armada Collective, are launching extortion campaigns tied to distributed denial-of-service attacks against financial institutions, according to Akamai's Security Intelligence Research Team.