Has the REvil ransomware operation come storming back? Experts say a new operation called BlackMatter has wielded REvil's code against at least one victim, claims to combine "the best features of DarkSide, REvil and LockBit," and may be a former affiliate of one or more of these ransomware operations.
DataVisor recently conducted its latest Digital Fraud Trends study, and it uncovered some startling findings about the latest threats to the digital banking/payments landscape. CEO Yinglian Xie shares insights on how to improve fraud defenses with machine learning.
Calls are growing for an investigation into how commercial Pegasus spyware developed by Israel's NSO Group gets sold to autocratic governments and used to target journalists, lawyers, human rights advocates and others, with some lawmakers saying "the hacking-for-hire industry must be brought under control."
At a Senate hearing on pipeline cybersecurity, leaders from several federal agencies briefed lawmakers on the roles regulators can play in the aftermath of the Colonial Pipeline attack. Lawmakers urged the agencies to "flatten the bureaucracy" to improve relationships with companies that support pipelines.
The Federal Reserve Bank of Atlanta and Georgia State University’s Evidence-Based Cybersecurity Research Group are working together on a research project focused on how to prevent online payments fraud. Two participants describe the project's goals.
As chief security scientist and advisory CISO to security vendor Thycotic, Joseph Carson is well aware of risks employees will take to get their jobs done. He's just authored a new ethical hacker's guide to help enterprises plug their holes - before their adversaries breach them.
Remote management software company Kaseya says it obtained the ability to decrypt all victims of a massive REvil - aka Sodinokibi - attack via its software, without paying a ransom to attackers. But Kaseya has still not revealed how it obtained the decryption key, except to say it was supplied by a third party.
NIST has selected 18 technology companies to demonstrate "zero trust" security architectures as it prepares to draft guidance for use of the model by federal agencies, which the private sector can also follow.
Malware developers increasingly are relying on "exotic" programming languages - such as Go, Rust, DLang and Nim - to create malicious code that can avoid detection by security tools and add a layer of obfuscation to an attack, according to a report released Monday by BlackBerry.
Australia's data regulator has found that Uber interfered with the privacy of 1.2 million of its customers as a result of a 2016 global data breach. Uber says it's made improvements to its systems and its internal security policies.
A recently discovered ransomware-as-a-service gang dubbed AvosLocker is recruiting affiliates and partners, including "pentesters" and "access brokers," on darknet forums, according to the security firm Malwarebytes.
With corporate America beginning to ask employees to come back to their offices in the fall, cybersecurity teams have the huge task of ensuring that the work environment is safe. This is particularly true of IoT devices, as many have been left unprotected for months.