Researchers have detected a massive breach of more than 500 stores. All of the targeted sites were still using the 12-year-old Magento 1 e-commerce platform, which Adobe stopped supporting on June 30, 2020.
Jeff Williams, co-founder and CTO of Contrast Security, says people have a right to know if the products they use are secure. It's difficult to tell if software is secure, he says, so companies need incentives to build good security programs, improve their software and disclose any flaws they find.
This edition of the ISMG Security Report analyzes what prosecutors say is the biggest cryptocurrency seizure in U.S. history as well as the biggest financial seizure. It also details how a school district CISO resigned over the district's handling of a severe data breach and busts Zero Trust myths.
Are ransomware-wielding criminals running scared? That's one likely explanation for the sudden release this week of free, master decryption keys for three different strains of formerly prevalent ransomware: Maze, Sekhmet and Egregor.
Technology giant Microsoft has released patches for 51 vulnerabilities as part of its Patch Tuesday announcement. Of the total, none of the fixes are for critical bugs, and three are rereleased patches. Separately, the company says it will block internet macros by default in its Office applications.
Equifax has agreed to a settlement for the 2017 data breach that exposed the personal information of 147 million people. The settlement with the U.S. Federal Trade Commission, the Consumer Financial Protection Bureau and 50 U.S. states and territories includes up to $425 million to help victims.
The arrest of a married New Yorker couple, charged with laundering bitcoins worth $3.6 billion that were stolen from a currency exchange in 2016, highlights the risk facing anyone who wants to launder large amounts of cryptocurrency and stay free long enough to enjoy their alleged rap career.
Israeli officials announced they will set up a commission of inquiry to investigate reports that the nation's police force used the flagship spyware of Israeli firm NSO Group, called Pegasus, to hack the phones of Israeli public officials, journalists and activists.
Meter, a blockchain infrastructure company that provides multi-chain bridging and allows users to trade multiple cryptocurrencies across Ethereum and other public chains, has been exploited for around $4.4 million, the company acknowledged via Twitter. The hack also affected the Moonriver network.
The ransomware operation known as Alphv - aka BlackCat - appears to be a reboot of the DarkSide group, which rebranded as BlackMatter following serious encryption and victim-selection mistakes. Amid reports that Alphv has disrupted 17 oil terminals in Western Europe, how long until the next rebrand?
Eset says it has patched a high-severity privilege escalation bug affecting its clients who use Windows-based systems. The company has released software updates for all affected versions of its product, as well as a workaround, and says no exploits have been reported.
Some of the biggest cybercrime-focused darknet markets selling stolen payment card data, passwords, malware and more have retired in the past year, with administrators oftentimes boasting it's because they've gotten rich. As they exit, other players remain ready to grab their market share, experts say.
Four ISMG editors discuss important cybersecurity issues, including misconceptions around Zero Trust implementation, lessons learned from the crippling NotPetya malware attack of 2017 that nearly sank logistics giant Maersk and how a Russian cyberwar in Ukraine could move beyond its borders.
India’s Union Budget 2022 resolves some of the uncertainty around the legitimacy of crypto assets. While crypto assets will not be considered as currency, Finance Minister Nirmala Sitharaman announced that the Reserve Bank of India will be launching a blockchain-based digital rupee this year.
A variety of underground markets exist to help malware-wielding criminals monetize their attacks, including via log marketplaces such as Genesis, Russian Market and 2easy, which offer for sale batches of data that can be used to emulate a victim, whether it's a consumer, an enterprise IT administrator or anyone in...