Many ransomware-wielding attackers continue to hack into organizations via remote desktop protocol. But some Sodinokibi ransomware-as-a-service affiliates have shifted instead to targeting victims via botnets, saying hackers' use of RDP exploits has grown too common.
It's one thing to plan for a cybersecurity incident, but quite another to have proper insurance coverage to prepare for such an event. Mark Singer of Beazley shares an overview of the cyber insurance myths and realities.
The 2020 Pwn2Own contest will focus on hacking industrial control systems and protocols. White Hat hackers will compete for $250,000 in prizes for finding zero-day flaws in these systems.
The recent discovery of skimming malware on the online store of the American Cancer Society illustrates that the healthcare sector is not immune from e-commerce threats.
FCC Chairman Ajit Pai is pushing a proposal that would ban U.S. telecommunications firms from using commission funds to buy equipment from companies deemed national security threats. The new rule would first target Chinese telecom companies Huawei and ZTE.
Two new security incidents demonstrate how easily millions of customer records can be exposed. Researchers found an unsecured database containing records of customers of Adobe Creative Cloud. And Italy's UniCredit bank announced a "data incident" that exposed a file containing customer records.
Sen. Maggie Hassan, D-N.H., is demanding that the U.S. Government Accountability Office review how the Department of Homeland Security shares personal data with contractors following several recent security incidents in which such information was exposed.
Democratic lawmakers are urging the U.S. Federal Trade Commission to open an investigation into whether Amazon violated federal law by failing to the prevent Capital One's devastating data breach. Amazon dismissed the request as "baseless and a publicity attempt from opportunistic politicians."
The National Cyber Security Center, the U.K.'s national computer emergency response team, investigated 658 serious cybersecurity incidents in a 12-month period and supported nearly 900 victim organizations - most of whom learned they had fallen victim after being alerted by the center.
Virtual private network provider NordVPN says an error by its Finish data center provider allowed an attacker to gain control of a server, but it says its broader service was not hacked. One security expert, however, says the attacker would have had "God mode" on one VPN node.
An unsecure database belonging to a company that provides hotel reservation management technology exposed about 179 GB of customer data, including travel arrangements and other data for U.S. military and other government personnel, according to a new report from two independent security researchers.
Inadequately protected shared network storage devices at a Department of Veterans Affairs regional office left veterans' personal and health information vulnerable to ID theft, fraud and other compromises, according to a new report. Security experts say this kind of security lapse is common in other sectors.
The State Department's years-long review of former Secretary Hillary Clinton's use of a private email server found that although 38 current or former department officials violated government security policies, there was no "persuasive evidence of systemic, deliberate mishandling of classified information."
Sodinokibi/REvil appears to be making millions since it seized the ransomware-as-a-service mantle from GandCrab earlier this year. Security firm McAfee says up to 40 percent of every victim's ransom payment - average: $4,000 - gets remitted to the Sodinokibi actor, with "affiliates" keeping the rest.
Robotic process automation aims to use machine learning to create bots that automate high-volume, repeatable tasks. But as organizations tap RPA, they must ensure they take steps to maintain data security, says Deloitte's Ashish Sharma.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.
