Hacktivist collective Anonymous has, for the second time this month, leaked data belonging to Washington-based domain name registrar and web hosting service Epik. The size of the second set: more than 300GB - double the amount in the first leak.
A bipartisan effort to implement cybersecurity incident reporting and the tracking of ransomware payments has been introduced by leaders of the Senate Homeland Security and Governmental Affairs Committee. While it differs from legislation introduced in July, lawmakers hope to reconcile the bills.
Researchers at the University of Birmingham and University of Surrey say they have uncovered a vulnerability in the Apple Pay-Visa setup that could allow hackers to bypass iPhone’s Apple Pay lock screen, perform contactless payments and skirt transaction limits.
Of all the areas under his direction - business continuity, GRC, data governance - third-party risk is the most challenging, says Peter Gregory, senior director of cyber GRC at GCI General Communications Inc. "Their breach is my breach," he says, offering mitigation advice.
Cybersecurity vendor VMware has published a security advisory detailing 19 vulnerabilities affecting its vCenter server and Cloud Foundation products and has released fixes for all of them. One of the flaws has a high CVSS of 9.8, and CISA is warning of its "widespread exploitation."
Microsoft has indicated it will make changes to reduce the risk around what a security vendor says is a vulnerability that lets attackers run brute-force credential attacks against Azure Active Directory. The issue was reported to Microsoft in June by SecureWorks' Counter Threat Unit.
The founder of Group-IB, one of Russia's largest cybersecurity companies, has been detained on state treason charges and will be held in custody for two months, with alleged crimes punishable by up to 20 years in prison, according to wire reports.
Morgan Princing of Censys recently studied service exposure across cloud providers, and she was surprised by some of the findings related to data breaches and remote administration. She shares insight on how to improve attack surface management.
In a bid to address security risks associated with the use of virtual private network solutions, the National Security Agency and the Cybersecurity and Infrastructure Security Agency on Tuesday offered government leaders guidance on selecting remote access VPNs and strengthening their security.
You can't decrease the motivation of ransomware attackers. But you can curb their success by bolstering your own enterprise's approach to access, credentials and privileges. Morey Haber and James Maude of BeyondTrust share insights on ransomware defense.
Digital transformation and the advent of continuous delivery in software engineering has created a new demand for continuous security. This evolution requires a shift of mindset for most security teams, says Karl Mattson, CISO of Noname Security. He discusses the challenges and benefits.
Cybersecurity and computer science experts testifying before Congress on Tuesday expressed concerns about their inability to access key social media data sets that could allow them to analyze and potentially counter the spread of misinformation.
A bipartisan bill has been introduced in the U.S. Senate which, if passed, would find the Treasury Department actively monitoring cryptocurrency mining abroad, as well as its ultimate impact on U.S. supply chains for critical resources, including semiconductors.
Weaknesses in the systems of ShapeShift, a U.K.-based cryptocurrency exchange, reveal how a North Korean-linked group laundered cryptocurrency that came from the WannaCry 2.0 attack. The issues undermined some protections in Monero, a cryptocurrency designed to provide a high degree of privacy.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.