The number of reported vulnerabilities found in open source software more than doubled in 2019 to almost 1,000, with projects such as Magento, GitLab, and Jenkins posting the largest increases, according to security firm RiskSense.
Ransomware gangs keep innovating: Maze has begun leaking data on behalf of both Lockbit and RagnarLocker, while REvil has started auctioning data - from victims who don't meet its ransom demands - to the highest bidder. Thankfully, security experts continue to release free decryptors for some strains.
How have the cybersecurity challenges facing healthcare organizations changed during the COVID-19 pandemic? And how are organizations responding? Information Security Media Group's Healthcare Cybersecurity Virtual Summit, to be held on June 9 and replayed June 10 and 11, will provide insights.
How big is the step from humans using drones to kill other humans to building lethal autonomous weapons systems that can kill on their own? Ethically and technologically, that's a huge leap. But military planners are working to build what some call "killer robots." And the UN wants them banned.
Worries over ransomware and malware are slowing down enterprise IoT deployments, which is a reflection of the reputational and customer relationship risks at stake, according to a new survey. Here's what enterprises need to keep in mind when selecting security technology for IoT.
It's not just the latest marketing buzz. Confidential computing is an actual initiative focused on helping to secure data in use. But what are the uses cases? In part two of a two-part podcast, Richard Curran of Intel leads an expert panel discussion on the practice of confidential computing.
Confidential computing is an emerging industry initiative focused on helping to secure data in use. But how does one separate hype from reality? In part one of a two-part podcast, Richard Curran of Intel leads an expert panel discussion on the concept of confidential computing.
Not all data breaches are what they might seem, and not all leakers are who they might claim to be. Take the doxing of the Minneapolis Police Department, supposedly by Anonymous hacktivists: The leaked employee information was almost certainly culled from old breaches. So who did it, and why?
U.S. federal agencies reported 8% fewer cybersecurity incidents in 2019 compared to the previous year, according to the White House's Office of Management and Budget. But 71 audits of agencies' "high-value assets" showed many remain susceptible to attacks because of a lack of security measures.
The developers behind TrickBot have updated it to run from an infected device's memory to help better avoid detection, according to researchers at Palo Alto Network's Unit 42. The use of this malware has increased during the COVID-19 pandemic.
An independent security researcher disclosed a zero-day vulnerability contained in the "Sign in with Apple" feature that, if exploited, could have resulted in a full account takeover. The vulnerability has been patched, and Apple says it found no account misuse tied to it.
Verizon's Data Breach Investigations Report 2020 highlights the leading causes of breaches last year, including credential theft, phishing, ransomware as well as issues linked to cloud implementations and web applications. In an interview, Verizon's Ashish Thapar offers an in-depth analysis.
API attacks are on the rise, and Gartner predicts that APIs will be the top threat vector by 2022. Roey Eliyahu, CEO of Salt Security, discusses the trend and how to build a more effective API security strategy.
Ransomware-wielding attackers are typically breaking into victims' networks using remote desktop protocol access, phishing emails or malware that's sometimes used in drive-by attacks against browsers, experts warn, advising organizations to make sure they have the right defenses in place.
A Russian government-backed hacking group that's been tied to a series of cyberespionage campaigns has been quietly exploiting a critical remote code execution vulnerability in Exim email servers since 2019, the U.S. National Security Agency warns in an alert.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.