As investigators probe the SolarWinds hack, they're finding that the supply chain campaign appears to have deeply compromised more than the 50 organizations originally suspected. Meanwhile, the federal agencies overseeing the investigation now officially believe a Russian-linked hacking group is responsible.
Researchers at Morphisec Labs have published fresh details about a malware variant called JSSLoader that the FIN7 hacking group has used for several years.
The attorneys general of 27 states have entered into a $2.4 million settlement with Sabre Corp. to resolve a lawsuit tied to a 2017 data breach that struck the company's Sabre Hospitality Solutions hotel booking system, compromising 1.3 million payment cards.
The major appliances giant Whirlpool acknowledges it was hit with a ransomware attack in November, with the cyber gang Nefilim taking responsibility for the cyber incident and claiming to have stolen company data.
The FBI is warning of a rise in "swatting attacks," which see hackers use compromised email accounts to access poorly-secured home smart devices that are equipped with cameras and voice capabilities to make hoax calls to emergency services.
The Cybersecurity and Infrastructure Security Agency has released an emergency directive requiring all federal organizations running the vulnerable SolarWinds Orion software to immediately update to the latest version.
Ticketmaster has agreed to pay a $10 million criminal fine to resolve charges that the company illegally accessed an unnamed competitor's computer system on at least 20 separate occasions, using stolen passwords to conduct a cyber espionage operation.
The latest edition of the ISMG Security Report offers leadership lessons from Equifax CISO Jamil Farshchi and Mastercard's deputy CSO, Alissa "Dr. Jay" Abdullah. Also featured: An assessment of cybersecurity priorities for President-elect Joe Biden.
The U.S. Treasury's Financial Crimes Enforcement Network is alerting financial institutions about the potential for fraud, ransomware attacks or similar types of criminal activity related to COVID-19 vaccine research and distribution organizations.
The growth in the use of telehealth during the COVID-19 crisis means that healthcare providers must carefully reassess and bolster the security of the connected devices, applications and systems used, says Kelly Rozumalski of the consultancy Booz Allen Hamilton.
Kawasaki Heavy Industries is reporting that an unknown threat actor gained access to its internal network through servers located in an overseas office, according to a company statement. The result: Some corporate data may have leaked to a third party.
He's commanded armed forces, directed the National Security Agency, and now he is president of vendor IronNet Cybersecurity. From this unique perspective, retired General Keith Alexander says the SolarWinds breach is "a call for action."
A cybercriminal gang known as "UltraRank" has launched a new campaign, targeting at least a dozen e-commerce sites to steal payment card data using a JavaScript sniffer, says security firm Group-IB.
After a nearly two-month hiatus, the Emotet botnet recently sprung back to life with a fresh spamming and phishing campaign designed to spread other malware as secondary payloads, according to security researchers. The botnet has also been revamped to better avoid network defenses.
The FBI, Europol and other law enforcement agencies shut down a virtual private network Tuesday that was providing a "bulletproof hosting service" that allowed cybercriminals to conduct illegal operations, including ransomware attacks, while remaining hidden from police.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.