The Biden administration formally accused China's Ministry of State Security of conducting a series of attacks against vulnerable Microsoft Exchange servers earlier this year that affected thousands of organizations. This group is also accused of carrying out ransomware and other cyber operations.
A leak of 50,000 telephone numbers and email addresses led to the "Pegasus Project," a global media consortium's research effort that discovered how Pegasus spyware developed by NSO Group is being used in the wild.
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including the challenges ahead for the new director of the U.S. Cybersecurity and Infrastructure Security Agency and vendor security risk management in the healthcare sector.
DevOps-driven adoption of new
technologies and processes
may mean security is an afterthought
and can expose new
gaps in security coverage and
Download this whitepaper which provides an overview of what DevSecOps is and how organizations can adopt its
practices in conjunction with technologies...
Kubernetes-native security is based on a single principle: security is implemented most effectively
when it is aligned with the system that is responsible for managing all of an organization’s containerized
Download this whitepaper which explores the six characteristics a security platform must...
A Russian group that was behind the massive SolarWinds supply chain attack has returned with a fresh phishing campaign, according to Microsoft. This new campaign compromised a marketing firm used by the U.S. Agency for International Development - USAID - to send malicious messages to thousands.
You can see it in the latest high-profile attacks: Security requirements are ever more complex, exceeding the capacity of current protection capabilities. Enterprises need a new strategy for defending entry points, and Tom Sego of BlastWave believes he has it.
A recent study showed that even though 82% of cybersecurity professionals are familiar with the MITRE ATT&CK framework, only 8% said they used it regularly. This led to development of the new MITRE ATT&CK Defender training and certification. Rick Gordon of MITRE Engenuity explains.
U.S. and U.K. cybersecurity, law enforcement and intelligence agencies issued a joint advisory Friday offering detailed information on how to defend against the activities of the Russian Foreign Intelligence Service, or SVR, in the wake of the 2020 SolarWinds supply chain attack.
Apple has patched a zero-day flaw in macOS 11.3 that attackers have been exploiting since at least January to install advertising software on victims' systems. The flaw enables a malicious script to be deployed that bypasses Notarization, Gatekeeper and File Quarantine security defenses.
Dan Kaminsky, a renowned security researcher, died last week at age 42. He gained cybersecurity fame in 2008 after discovering and helping to coordinate a patch for a massive security flaw in the internet's Domain Name System.
Brokerage account takeover, supply chain attacks, destructive attacks and those that seek to manipulate time or time stamps are among the latest threats uncovered in the new Modern Bank Heists report authored by Tom Kellermann at VMware Carbon Black.
Good news on the cybercrime front: "Cryptocurrency-related crime fell significantly in 2020," compared to 2019, reports blockchain analysis firm Chainalysis. Unfortunately, in the same timeframe, ransomware profits surged 311%, stoking calls for a crackdown on ransom payments.