A newly identified financially motivated threat group, dubbed "FIN11," is deploying Clop ransomware and exfiltrating data from its targets for extortion efforts, according to researchers at FireEye Mandiant.
Yes, a CISO must be technologist and a business risk leader. But more than ever, a CISO also must be a bit of a counselor, says Mark Eggleston, chief information security and privacy officer of Health Partners Plans, who puts mental health support atop his own list of key responsibilities.
Cybercrime wouldn't exist as we know it today without there being a multitude of technologies and services that criminals have been able to turn to their advantage, and cryptocurrency is one of the prime examples, especially when it comes to ransomware, darknet markets and money laundering.
An unsecured Amazon Web Services database belonging to India's Dr Lal Path Labs, which offers diagnostic testing, exposed approximately 50 GB of patient data, including notes related to the results of COVID-19 tests, according to a security researcher.
Ransomware attacks remain the top cyber-enabled threat seen by law enforcement. But phishing, business email compromises and other types of fraud - many now using a COVID-19 theme - also loom large, Europol warns in its latest Internet Organized Crime Threat Assessment.
The Xplora 4 kids smartwatch was shipped with a backdoor that could be activated remotely by an encrypted SMS to take secret screenshots. The manufacturer says the code was mistakenly left in the firmware, and it has issued a patch to remove it.
Stop me if you think that you've heard this one before: The U.S., U.K. and some allied governments are continuing to pretend that criminals will get a free pass - and police won't be able to crack cases - so long as individuals and businesses have access to products and services that use strong encryption.
Critical steps when implementing a privileged access management program include auditing of activities performed by administrators and continuous monitoring of user activity, says Sujit Christy, group CISO at John Keells Holdings, a conglomerate based in Sri Lanka.
The Office of the Comptroller of the Currency has fined Morgan Stanley $60 million for the investment bank's failure to properly oversee the decommissioning of several data centers, putting customer data at risk of exposure.
Microsoft collaborated with cybersecurity companies and government agencies to take down the million-device Trickbot botnet in an effort to help protect the Nov. 3 U.S. election and stop the global spread of ransomware and other malware.
Two types of autopilot systems can be tricked into reacting after seeing split-second images, according to new research into autonomous vehicles. Although this could pose a risk, deep-learning software could keep the systems from being tricked.
Plaintiffs in the patent infringement case Centripetal Networks v. Cisco Networks won the day thanks to clear testimony and using Cisco's own technical documents in unaltered form. By contrast, the judge slammed Cisco for offering disagreeing witnesses and attempting to focus on old, irrelevant technology.
CISA is warning that sophisticated hacking groups are chaining together vulnerabilities, such as the recent Zerologon bug and other flaws, to target state and local government networks. In some cases, attackers gained access to election support systems.
Steve Jobs once said: "Marketing is about values." But how well is the cybersecurity solutions message being received amid the convergence of pandemic and economic strains? We brought an outspoken group of CMOs and CISOs together to discuss the topic.