Former Obama White House cybersecurity official Chris DeRusha has been appointed federal CISO by the Biden administration after having served as CISO for the Biden campaign. He joins a number of newly appointed officials who will have cybersecurity oversight.
The operators of the Nefilim ransomware used the credentials of a deceased system administrator to plant their crypto-locking malware in about 100 vulnerable systems during one attack, according to Sophos. These types of "ghost" accounts are an increasing issue for security teams.
A multinational law enforcement operation has disrupted the Emotet botnet, gaining control of hundreds of servers and arresting multiple alleged administrators in Ukraine, Europol says. While the botnet could rebound, cybersecurity experts say the criminal operation has been dealt "a huge blow."
With ransomware continuing to fuel a massive surge in illicit profits, some experts have been calling on governments to launch offensive hacking teams to target cybercrime cartels. They're also calling for a review of cyber insurance payouts being used to fund ransoms.
A targeted phishing campaign is using a fake Microsoft Office 365 update to steal email credentials from business executives, and the credentials are then being offered for sale in underground forums, security firm Trend Micro reports.
Websites advertising pirated and cracked software are being used to deliver an updated version of the DanaBot banking Trojan, which can steal individuals' online banking credentials, according to Proofpoint.
A Cypriot hacker has pleaded guilty to a pair of federal charges after admitting that he hacked the websites of several U.S. organizations, stole data and then threatened to disclose it unless a ransom was paid, federal prosecutors say.
To protect today's dynamic workforce, security teams must be equipped to discern when and how a trusted account has been leveraged for nefarious purposes. This requires more than just an understanding of 'good' vs 'bad' - it requires an 'immune system' approach to security that is not only adaptive, but also grounded...
Despite organizations adopting ‘secure’ email gateways and extensive employee training, 94% of cyber-attacks still start in the inbox. It’s clear a more advanced approach to email security is needed.
Able to spot the subtlest signals of attack, Darktrace Antigena Email recognizes malicious activity even...
In the past, when threat actors were less advanced and when digital activity was more predictable, a traditional approach to security was often adequate to keep cyber-threats at bay. By configuring security tools with static rules and historical attack data, organizations have sought to detect threats by defining...
North Korean hackers have been "targeting security researchers working on vulnerability research and development at different companies and organizations" to trick them into installing backdoored software that gives attackers remote access to their systems, warns Google's Threat Analysis Group.
Email security vendor Mimecast confirmed Tuesday that the hackers responsible for the SolarWinds supply chain hack also breached the security firm's network to compromise a digital certificate that encrypts data that moves between some of the firm's products and Microsoft's servers.
The Austrian construction equipment manufacturing firm Palfinger AG reports being hit with a cyberattack that has knocked the majority of its worldwide IT infrastructure offline, eliminating its ability to use email and conduct business.
Good news on the cybercrime front: "Cryptocurrency-related crime fell significantly in 2020," compared to 2019, reports blockchain analysis firm Chainalysis. Unfortunately, in the same timeframe, ransomware profits surged 311%, stoking calls for a crackdown on ransom payments.