The Chinese hacking group "Cicada" is exploiting the critical Zerologon vulnerability in Windows Server as part of a cyberespionage campaign that's mainly targeting Japanese companies' locations around the world, according to the security firm Symantec.
European lawmakers are once again considering encryption policies and attempting to strike a balance between the privacy and security afforded by strong encryption and law enforcement's needs. But with encryption being a cornerstone of the internet, is there any new balance to be struck?
An accused ringleader of the notorious FIN7 hacking group, which prosecutors say stole 15 million payment cards over several years, has pleaded guilty to federal charges. Andrii Kolpakov faces up to 25 years in prison.
Waves of support from the InfoSec community continue to pour in for former CISA Director Christopher Krebs, who was fired Tuesday by President Donald Trump. Meanwhile, an acting CISA director reportedly has been named, and Deputy Director Matt Travis has resigned.
Researchers are warning that many domain name system server implementations are vulnerable to a spoofing attack that allows attackers to redirect, intercept and manipulate traffic. Thankfully, fixes are already arriving for this so-called SAD DNS flaw.
Microsoft's Security Intelligence team is warning users of the Office 365 suite about an ongoing phishing campaign that appears to be harvesting victims' credentials. The emails use several techniques to bypass and evade secure email gateways.
A recently identified Chinese hacking group dubbed "FunnyDream" has targeted more than 200 government entities in Southeast Asia since 2018 as part of an ongoing cyberespionage campaign, according to research from Bitdefender.
With COVID-19 as a backdrop and 5G on the horizon, what will be 2021's top issues in identifying, protecting and defending against attacks across a dramatically expanded threat landscape? This latest CEO/CISO panel addresses the challenges of the new year.
Japanese computer game company Capcom acknowledged this week that a November security incident was a Ragnar Locker ransomware attack that resulted in about 350,000 customer and company records, including sales and shareholder data, potentially being compromised.
North Korean hackers are suspected of carrying out a supply chain attack that targeted businesses in South Korea using stolen digital certificates, according to researchers with ESET. The analysts believe that this campaign is related to the Lazarus Group.
President Donald Trump has fired Christopher Krebs, director of the U.S. Cybersecurity Infrastructure and Security Agency. Experts say that thanks in no small part to CISA, this year's election "was the most secure in American history," free from any major cybersecurity incidents.
Federal CISO Camilo Sandoval's decision to take a leave of absence after two weeks on the job to help investigate claims made by President Donald Trump of wide-scale voting fraud during the recent election is drawing criticism.
Over the past five years, ransomware-as-a-service offerings have largely evolved from putting automated toolkits into the hands of subscribers to recruiting affiliates and sharing profits. To maximize revenue, some larger operators are also seeking affiliates with more advanced IT and hacking skills.