Vulnerabilities in Apple Pay, Samsung Pay and Google Pay allow attackers to make unlimited purchases using stolen smartphones enabled with express transport schemes, according to a research report from Positive Technologies. These findings were presented at Black Hat Europe this week.
A subsidiary of the Central Depository Services Ltd. has patched a critical vulnerability that exposed sensitive data such as Permanent Account Numbers, income and net worth, broker names, amount of annual income tax return filed and CDSL client IDs for close to 44 million Indian investors.
Zero Trust deployment - the acts of moving apps and data to the cloud and assuming no user or device is trustworthy until proven otherwise - came into vogue in response to COVID-19. A lot has changed since Zero Trust first appeared in 2014, so our concept of Zero Trust must also evolve. Stephen Banda of Lookout...
CyberEdBoad excutive member Alan Ng of China Taiping Insurance, Singapore, explains the enterprise risk management strategy for the pandemic era and how the Distributed, Immutable and Ephemeral triad works with the Confidentiality, Integrity and Availability triad to make organizations more secure.
APT group Lyceum has targeted ISPs and telecommunication operators in Israel, Morocco, Tunisia and Saudi Arabia, as well as a Ministry of Foreign Affairs in an African country, according to Accenture’s Cyber Threat Intelligence group and Prevailion’s Adversarial Counterintelligence Team.
A new espionage campaign has allowed an unidentified threat actor to access data, including communications and services, on thousands of devices belonging to South Koreans, reports Aazim Yaswant, an Android malware analyst at mobile security company Zimperium.
A criminal hack attack has disrupted healthcare in Canada's easternmost province and resulted in the theft of patient information and personal details for healthcare employees. The province of Newfoundland and Labrador disclosed the apparent ransomware attack on Oct. 30, and has yet to restore all systems.
In this video, LogicGate and Protiviti explores the fundamentals of risk quantification and highlight how the practice empowers you to leverage the power of risk confidently and strategically.
The U.S. Department of the Treasury has blacklisted cryptocurrency exchange Chatex, along with a network of entities the department says support it, for allegedly facilitating ransomware-related financial transactions. This action effectively bars Americans from doing business with the company.
Trading platform Robinhood says an attacker gained access to its customer support system last week, stole 7 million individuals' names and email addresses and tried to extort the company. More personal details were also stolen for a much smaller group of customers.
The calculus facing cybercrime practitioners is simple: Can they stay out of jail long enough to enjoy their ill-gotten gains? A push by the U.S. government and allies aims to blunt the ongoing ransomware scourge. But will practitioners quit the cybercrime life?
Congress has passed the $1.2 trillion physical infrastructure bill, which will inject $1.9 billion in new cybersecurity funding for the federal government. The bill, long held up in Congress, passed the House on Friday and moves to the desk of President Joe Biden, who plans to sign the measure into law.
The U.S. Department of Justice says one Ukrainian man has been arrested and a Russian man indicted for launching devastating REvil ransomware attacks against software company Kaseya and the state of Texas. Separately, Europol announced the arrest of a further five REvil affiliates since February.
As ransomware attacks continue to dominate headlines, Quentyn Taylor, a Canon director of information security, cautions organizations not to forget about "some of the other threats, like business email compromise," which continue to cripple organizations through financial and reputational damage.
Threat actors have breached critical systems internationally by exploiting a recently patched vulnerability in Zoho’s ManageEngine product ADSelfService Plus, with a suspected Chinese threat group leveraging leased infrastructure to scan hundreds of vulnerable organizations.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.