A former Microsoft software engineer has been sentenced to nine years in prison after being found guilty on 18 criminal charges in connection with the theft of more than $10 million through the company's online retail platform.
The Cyber Risk Institute this week is releasing a new version of its "Cyber Profile" risk assessment framework for the financial services industry that includes expanded information on third-party risk and cloud security. Institute founder, Josh Magri, describes the updates.
Threat actors are increasingly weaponizing advanced analytical tools to attack enterprises, which means organizations must change their security strategies, says Ray Boisvert, associate partner, national public sector, IBM Canada.
As part of a settlement of allegations that Zoom "engaged in a series of deceptive and unfair practices that undermined the security of its users," the U.S. Federal Trade Commission is requiring the video conferencing provider to implement and maintain a comprehensive security program within the next 60 days.
Check Point Research has uncovered a large and likely profitable business model that involves hackers attacking and gaining control of certain VoIP services, which enables them to make phone calls through a company's compromised system.
Researchers at Kaspersky have uncovered a Linux version of the RansomEXX ransomware that, until now, had targeted only Windows devices. The ransomware has been tied to several high-profile attacks over the last several months.
President-elect Joe Biden's approach to cybersecurity will likely mirror that of his old boss, former President Barack Obama. Expect Biden's White House to increase pressure on Russia, practice greater involvement in cybersecurity and return to higher levels of coordination than President Trump demanded.
A hacking operation that targeted defense contractors earlier this year was more expansive than first thought, with hackers using never-before-seen malicious tools to target specific victims, McAfee reports. A North Korean-linked APT group is suspected of carrying out the attack.
COVID-19 accelerated everything else digital; why not fraud, too? In this latest CEO/CISO panel, cybersecurity leaders talk frankly about the pace and scale of new fraud schemes from business email compromise to card not present to insider risk.
The operators behind a botnet dubbed "Gitpaste-12" are abusing legitimate services such as GitHub and Pastebin to help hide the malware's malicious infrastructure, according to Juniper Threat Labs. This botnet mainly targets Linux apps and IoT devices and can mine cryptocurrency.
Apple issued an update for iOS and iPadOS on Thursday that fixes three zero-day flaws found by Google's Project Zero bug-hunting team and a range of other security-related flaws. Google says the bugs are being exploited by attackers but haven't been used in election-related cyber activity.
The Hong Kong Monetary Authority's Cybersecurity Fortification Initiative 2.0, an updated version of a framework designed to strengthen cyber resilience in the banking and financial sector, will officially roll out in January and be implemented over the following two years.
The U.S. Justice Department is looking to seize more than $1 billion worth of bitcoin that investigators have linked to the notorious Silk Road darknet marketplace. The cryptocurrency was stored within a mysterious digital wallet that had been dormant for years, but the subject of much speculation.