Security experts are warning organizations with Juniper Networks SRX firewalls and EX switches to update them immediately to patch multiple vulnerabilities attackers have been targeting to remotely execute code, and which may allow them to pivot to internal networks.
It's critical for healthcare sector entities considering - or already using - generative AI applications to create an extensive threat modeling infrastructure and understand all attack vectors, said Mervyn Chapman, principal consultant at consulting and managed services firm Ahead.
Hackers aligned with Chinese interests are targeting Android users with fake chat apps Trojanized with espionage capabilities in separate and ongoing campaigns, one active since July 2020 and the other for more than 12 months. Eset attributed the campaigns to a threat group tracked as Gref.
SentinelOne CEO Tomer Weingarten hit back at endpoint security rivals CrowdStrike and Microsoft and rumored M&A suitor Wiz for publicly fanning acquisition flames. The endpoint security firm called Wiz acquisition rumors "a head-scratcher," "far from fact" and "pure speculation on their part."
British lawmakers are calling on the government to speed up efforts to articulate a comprehensive artificial intelligence policy in the face of challenges ranging from bias to existential risk. Delay could erode Britain's position "as a center of AI research," the lawmakers said.
In the latest "Proof of Concept," two CyberEd board members, Connecticut state CISO Jeff Brown and Maricopa County CISO Lester Godsey, join ISMG editors to discuss securing digital government services, improving user experiences and balancing user convenience with robust identity verification.
This week, Japan's cybersecurity agency reportedly was breached, social media companies were urged to ward off data scraping, the NSA said it respects foreign intelligence targets, Polish authorities arrested two for hacking a rail network, and a ransomware gang used GDPR fines as scare tactics.
Medical device maker Medtronic MiniMed violated patient privacy by using tracking and authentication technologies such as Google Analytics and Firebase in its InPen diabetes management app and services, according to a proposed federal class action lawsuit filed this week.
Malwarebytes laid off at least 100 workers this week and plans to split its consumer and corporate-facing business units into separate companies. The antivirus firm cut also recently axed its chief product officer, chief information officer and chief technology officer.
Western intelligence agencies lent authority Thursday to a Ukrainian exposé unmasking a campaign by Russian military state hackers targeting battlefield Android devices. Agencies from the Five Eyes intelligence alliance collectively dub the malware components "Infamous Chisel."
The shift from traditional malware-led attacks to identity-based attacks in the realm of cybersecurity has become more prominent than ever. Attackers continuously adapt their tactics, seek the path of least resistance and focus on exploiting vulnerabilities in identity-related weaknesses.
This week, Cypher rolled out a futuristic compensation plan for victims, hackers exploited crypto users via a WinRAR bug and separately stole $900,000 from Balancer, the DEA lost $500K to a crypto scammer and the EU Data Act's smart contract provision raised questions.
Cybersecurity doublespeak is never a good sign, especially when it comes in a letter this week addressed to half a million current and former employees of fast-fashion retailer Forever 21, warning them that their personal information was stolen in an eight-week breach discovered in March.
CrowdStrike CEO George Kurtz said point product companies "are quickly going the way of legacy antivirus" as rivals SentinelOne and BlackBerry reportedly hunt for buyers. The endpoint security market is quickly consolidating from being "littered with dozens of companies" to having several vendors.
Facebook parent Meta unearthed a Chinese propaganda campaign active across dozens of social media sites in what the company calls the largest known cross-platform influence operation in the world. "Spamouflage" operates across more than 50 platforms and forums.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.