Microsoft's March dump of patches fixes two actively exploited zero-day vulnerabilities, including a critical issue in Outlook that Russian threat actor APT28 has used to target European companies. The vulnerability can be exploited before a user views the email in the Preview Pane.
U.S. cybersecurity officials on Thursday issued an alert about a 4-year-old software vulnerability that has been exploited by hackers, including one APT group, in a federal civilian agency. Users are advised to immediately apply the software patch to the Progress Telerik UI for ASP.NET AJAX.
A vendor of clinical and third-party administrative services to managed care organizations and healthcare providers serving elderly and disabled patients said a cybersecurity incident last summer has affected more than 4.2 million individuals.
U.S. and German police seized darknet cryptocurrency anonymizing service ChipMixer, which federal prosecutors say cybercriminals used to launder $3 billion including proceeds from ransomware extortion and North Korean cryptocurrency hacking. Among its alleged customers: LockBit and the Russian GRU.
Rapid7 has purchased a ransomware prevention vendor founded by a former Israel Defense Forces captain to strengthen its managed detection and response muscle. The Minerva Labs purchase will allow Rapid7 to deliver advanced ransomware prevention across cloud resources and traditional infrastructure.
MKS Instruments expects a $200 million revenue hit from February's ransomware attack after the hack removed the company's ability to process orders or ship products. The Feb. 3 ransomware attack required the company to temporarily suspend operations at some MKS Instruments facilities.
The Securities and Exchange Commission proposed a slew of new cybersecurity rules for the companies underpinning the U.S. stock market, the latest sign of increasing unhappiness among Biden administration officials about the private sector's management of digital risk.
In the latest "Proof of Concept" panel discussion, two Capitol Hill observers at Venable, Grant Schneider and Jeremy Grant, join Information Security Media Group editors to break down the Biden administration's new U.S. national cybersecurity strategy and answer the question, "Is it really viable?"
Cybersecurity software giant Rubrik has joined the ranks of organizations that fell victim to attackers who have been exploiting a zero-day vulnerability in Fortra's widely used managed file transfer software, GoAnywhere MFT. The Clop ransomware gang claims to have exploited at least 130 victims.
Threat actors who mine digital assets using other people's infrastructure have found a lucrative new cryptocurrency to motivate their hacking: the privacy-focused currency named Dero. CrowdStrike says it discovered a first - a Dero cryptojacking operation operating on a Kubernetes cluster.
SentinelOne has partnered with Wiz and revamped its pipeline generation efforts to capitalize on growing demand for cloud protection, said CEO Tomer Weingarten. By using a simple deployment process and eschewing kernels and agents, the company has prompted customers to switch to Singularity Cloud.
The top U.S. cybersecurity agency says it is testing how to scan critical infrastructure organizations to detect vulnerabilities ransomware hackers can exploit in a bid to have the flaws patched before extortionists also discover them. The Ransomware Vulnerability Warning Pilot started on Jan. 30.
The U.K. government says a new national agency will work with the private sector to stymie national security threats including foreign hackers after British intellectual property. In an update to British foreign policy, Prime Minister Rishi Sunak vowed to "push back" against China.
Britain's National Cyber Security Agency is examining TikTok to help the government finalize its decision to ban the Chinese video-sharing app from federal networks, the country’s security minister, Tom Tugendhat, revealed. The agency is looking into the app's ownership and security features.
A Florida company will pay nearly $300,000 to settle allegations stemming from a 2020 hacking incident that revealed the personal identifying information of hundreds of thousands of minors. The settlement with Jelly Bean Communications Design is part of a federal crackdown on lax cybersecurity.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.