A misconfigured Microsoft Azure Blob cloud storage server used by Maruti Suzuki, an automobile manufacturer in India, exposed investors' personal and financial data online, according to a security researcher.
The U.S. Cybersecurity and Infrastructure Security Agency and the FBI have issued an alert providing details on the activities of a North Korean hacking group dubbed Kimsuky. The group, which has primarily focused on South Korean targets, has also conducted espionage campaigns in the U.S. and Japan.
Even if a company has no operations in the U.S., it should follow the compliance guidance offered by the U.S. Department of Justice in June, says Benjamin Haley, partner at Covington & Burling LLP, an international law firm.
A new online platform called VulnerableThings.com is aiming to become the go-to place for reporting and viewing reports on software flaws in IoT devices. The IoT Security Foundation and Oxford Information Labs say the platform could help vendors comply with new IoT regulations and standards.
Implementation of 3D Secure 2.0, a protocol designed to be an additional security layer for online credit and debit card transactions, by banks and merchants alike can play a critical role in reducing "authorized payment fraud," two security experts say.
A greatly enhanced variant of the powerful Mirai botnet is already infecting IoT devices even though it's operating in a test environment, according to researchers at cybersecurity firm Avira Protection Lab.
Security researchers at Imperva have uncovered a botnet that attacks vulnerabilities in websites' underlying content management systems and then uses these compromised servers to mine for cryptocurrency or send spam to more victims.
"Cybercrime is an evolution, not a revolution," says Europol's Philipp Amann, who oversees the EU law enforcement intelligence agency's annual study of the latest cyber-enabled crime trends. Ransomware, social engineering and the criminal abuse of cryptocurrency and encryption are some of the top threats.
The Treasury Department has issued sanctions against a Russian research institute that U.S. officials now claim helped deploy Triton, destructive malware designed to damage industrial control systems. The announcement follows other economic penalties levied against Iran in the same week.
The European Union has issued sanctions against two Russian nationals alleged to have hacked Germany's lower house of parliament, or Bundestag, in 2015. EU officials say both men work for the Russian military intelligence unit GRU.
U.S. intelligence officials say a Russia-backed hacking group has compromised some state and local government computer systems since at least September and exfiltrated data. So far, however, the attackers do not appear to have attempted to otherwise interfere with or disrupt those networks.
Researchers have uncovered a fresh phishing campaign that mimics the automated messages of the popular business communication platform Microsoft Teams in an attempt to harvest users' Office 365 login credentials.
The operators behind the LockBit ransomware strain use automation tools and techniques that help the malware quickly spread through a compromised network and also assist in picking specific targets, according to Sophos.