A recently discovered backdoor named Sidewalk has been linked to Grayfly, the espionage arm of the China-linked group called APT41, and used to strike telcos and other organizations in the U.S., Taiwan, Vietnam and Mexico, Symantec researchers say.
Microsoft has disclosed details of a vulnerability that researchers at Palo Alto Networks have named "Azurescape" because the attacks start from a container escape technique. The flaw "could potentially allow a user to access other customers’ information in the ACI service," Microsoft says.
The possibility of a terrorist group launching a massive Sept. 11, 2001-scale cyberattack against the U.S. or an ally has been a concern for years, but cybersecurity pros with a background in intelligence and military affairs say such worries are likely unwarranted.
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including how ransomware affiliates change operators and why terrorists aren't launching massive cyberattacks.
Researchers have discovered email fraud campaigns in which unidentified threat actors are swindling victims out of bitcoin by tempting them with a substantial amount of tax-free cryptocurrency. This follows an SEC warning about fraudulent cryptocurrency schemes making the rounds
Last weekend’s confirmed attack on the Jenkins project using a recently discovered vulnerability in the Atlassian Confluence server could be the tip of the iceberg, suggests a security researcher who says thousands of Confluence servers remain vulnerable.
Attackers are actively exploiting a flaw in Microsoft Windows for which no patch is yet available. Microsoft has issued workarounds and mitigations designed to block the zero-day attack for the flaw in the MSHTML browsing engine, which is being exploited via malicious Microsoft Office documents.
Researchers say a pro-China influence operation leveraging a network of fake social media accounts has expanded, promoting in-person protests and narratives around COVID-19 and U.S. domestic policy, according to Mandiant, which does not definitively attribute the activity to the Chinese government.
Hybrid work is here to stay. Your users are on prem, at home, and occasionally logged in from the beach. Keeping all those laptops, mobile devices, and devices secure when their location is constantly shifting is proving to be a real challenge to the enterprise organization.
XDR, extended detection and response,...
Hybrid work is here to stay. Your users are on prem, at home, and occasionally logged in from the beach. Keeping all those laptops, mobile devices, and devices secure when their location is constantly shifting is proving to be a real challenge to the enterprise organization.
XDR, extended detection and response,...
The U.S. SEC in a new advisory warns against schemes targeting digital assets. Security experts say that with social engineering attempts on the rise, individuals and organizations must defend against related scams and other "get rich quick" schemes.
The Ragnar Locker ransomware operation has been threatening to dump victims' stolen data if they contact police, private investigators or professional negotiators before paying a ransom. But as one expert notes: "Perhaps the criminals watched too many TV shows, because this isn’t how the real world works."
Many organizations are relying on Managed Detection & Response (MDR) providers to make sure they’re able to respond to threats like ransomware as they emerge, without hiring any headcount.
With an expected shortage of 2.5 million cybersecurity professionals it’s become critical to dedicate resources to better...
Download this guide which highlights 10 tactical prescriptions when evaluating Managed Detection and Response (MDR) vendors for what a provider should be able to offer your business, and Rapid7's approach to each.
With the proliferation of high-profile hacks, data breaches, and ransomware, it’s easy to worry about your organization’s compliance and security. But not all security issues have to do with purposeful hacks and attacks.
For many IT teams, the challenge is maintaining strict rules and regulatory requirements...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.
