Cyber Command and the U.S. Cybersecurity and Infrastructure Security Agency issued alerts Friday warning those using Atlassian's Confluence and Data Center products that attackers are actively exploiting the critical remote code execution vulnerability CVE-2021-26084.
Autodesk, a California-based design software and 3D technology firm, now says it was one of several tech and security companies targeted by a Russian-linked group that carried out the supply chain attack against SolarWinds, according to a financial filing with the SEC.
Security firm Cisco Talos reported this week that cybercriminals have found a new way to make money from their victims, by abusing internet-sharing "proxyware" platforms such as Honeygain and Nanowire to illegally share their victim’s internet connection.
When Conrad Bell joined C Spire, the cybersecurity team numbered one - him. Today he has a thriving team. The VP and CISO explains how he built it, describes the skills he values and tells how this team is helping the telecommunications firm respond to today's daunting cybersecurity challenges.
The latest edition of the ISMG Security Report features an analysis of data breach trends. Also featured: yet another Microsoft Exchange vulnerability and misconceptions about cybercrime groups.
While there is currently a lack of specific cyberthreats, Deputy National Security Adviser Anne Neuberger urges organizations, especially those in critical infrastructure, to take precautions over the Labor Day weekend, as threat groups have taken advantage of previous holidays to conduct attacks.
Cryptocurrency exchange Coinbase faces potential user trust challenges after a system error led it to send out false automated security alerts to about 125,000 customers indicating their two-factor authentication settings had been changed.
The Federal Trade Commission has, for the first time ever, banned a company and its CEO from the surveillance business in the U.S. Stalkerware service provider company SpyFone and its CEO, Scott Zuckerman, were banned for allegedly harvesting and sharing data through a hidden backdoor.
Several companies that use the OpenSSL cryptography library toolkit are reportedly scrambling and releasing security advisories to their users following patching of two vulnerabilities that were first fixed and disclosed to users on Aug. 24.
As the last U.S. military flight lifted off Tuesday evening from the airport in Kabul, Afghanistan, what's been left behind reportedly includes a vast trove of biometric data that could be used to identify - including for interrogation or execution - individuals who assisted the occupying NATO forces.
The House began debate Wednesday on legislation that would require companies that own or operate parts of the nation's critical infrastructure to report a cyberattack or breach within 72 hours of confirmation.
Bitcoin ATM operators and blockchain analytics firms that recently launched a "compliance cooperative" acknowledge one of their goals is to influence regulation of the sector.
Business email compromise attacks, which balance low-tech tactics with the potential for big profits, remain popular. Attackers continue to refine their tactics, including subverting legitimate redirect services as well as recruiting English-speaking business partners and cryptocurrency tumbler operators.
The U.S. Securities and Exchange Commission sanctioned eight financial firms for alleged failures related to cybersecurity policies and procedures, each stemming from email account takeovers and related incident response, the regulator announced this week.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.