Check Point Research has uncovered a large and likely profitable business model that involves hackers attacking and gaining control of certain VoIP services, which enables them to make phone calls through a company's compromised system.
President-elect Joe Biden's approach to cybersecurity will likely mirror that of his old boss, former President Barack Obama. Expect Biden's White House to increase pressure on Russia, practice greater involvement in cybersecurity and return to higher levels of coordination than President Trump demanded.
The operators behind a botnet dubbed "Gitpaste-12" are abusing legitimate services such as GitHub and Pastebin to help hide the malware's malicious infrastructure, according to Juniper Threat Labs. This botnet mainly targets Linux apps and IoT devices and can mine cryptocurrency.
Apple issued an update for iOS and iPadOS on Thursday that fixes three zero-day flaws found by Google's Project Zero bug-hunting team and a range of other security-related flaws. Google says the bugs are being exploited by attackers but haven't been used in election-related cyber activity.
Victims of crypto-locking malware who pay a ransom to their attackers are paying, on average, more than ever before. But investigators warn that when victims pay for a guarantee that all data stolen during an attack will get deleted, criminals often fail to honor their promises.
A recently identified hacking group dubbed UNC1945 used a never-before-seen zero-day vulnerability in the Oracle Solaris operating system to target corporate networks and plant malware, according to FireEye Mandiant. This threat actor is known to focus on telecom, financial and consulting firm targets.
The FBI has issued a flash alert warning that unidentified threat actors are actively targeting vulnerable SonarQube instances to access source code repositories of U.S. government agencies and private businesses.
Takeaway from the U.K.'s GDPR privacy fine against hotel giant Marriott: During M&A, review an organization's cybersecurity posture before finalizing any acquisition. Because once a deal closes, you're fully responsible for data security - IT network warts and all.
CISA and Oracle are urging users to apply an emergency patch for a vulnerability in the software giant's WebLogic Server product. This "severe" bug is already under active exploitation and could allow an attacker to run malicious code, security experts say.
Large, recently levied privacy fines against the likes of British Airways, H&M and Marriott show regulators continuing to bring the EU's General Data Protection Regulation to bear after businesses get breached. But in the case of Marriott and BA, were the final fines steep enough?
Microsoft and the U.S. Cybersecurity and Infrastructure Security Agency are urging local government agencies to patch the Netlogon vulnerability known as Zerologon ahead of next Tuesday's presidential election to improve security. A "small number" of attacks exploiting the flaw are continuing, Microsoft says.
The latest edition of the ISMG Security Report features a discussion with FBI Agent Elvis Chan on the cyber disruptions to expect immediately after the Nov. 3 U.S. election. Also featured: smart lock security flaws; cryptocurrency-funded crimes in 2021.
Not only have enterprises accelerated their shift to the cloud in 2020, but they have also leapfrogged into multi-cloud environments. With this transition comes the top challenge: Maintaining appropriate visibility. Joe Partlow of ReliaQuest discusses how to tackle this challenge.