Attacks/Breaches

A gradual transition to a world beyond passwords predisposes zero-trust projects to success.

The convergence and integration of OT and IT has resulted in a growing number of cyber-risks for critical infrastructure. Here are some of the ways attackers are targeting operational technology systems.

The new variants, improved for stealth and persistence, share code with other malware samples attributed to the C-23 APT.

The company seeks to hold Israeli firm NSO Group liable for the targeting of Apple users and requests a permanent injunction to ban its use of Apple products and services.

Attackers typically target consumers with malicious text messages containing obfuscated links, but experts say businesses are threatened as well.

The latest episode of Tech Talk outlines how organizations can interrupt malicious activity before files get encrypted.

The ancient Chinese military strategist Sun Tzu would agree: The best defense is to avoid an attack in the first place.

Each security step, no matter how small, can have great impact in detecting and deterring cyber theft.

The incident, which affected 1.2 million users, raises concerns about domain impersonation attacks and other malicious activities.

It engenders a false sense of superiority that spurs complacency among risk managers and executives, who in turn may underinvest in security teams, rely too much on automation, or both.

There is currently no specific time frame during which banks must report to federal regulators that a security incident had occurred. A new notification rules changes that to 36 hours.

Zero trust isn't a silver bullet, but if implemented well it can help create a much more robust security defense.

Among other things, the pair pretended to be Proud Boys volunteers and sent in a fake video and emails to Republican lawmakers purporting to show Democratic Party attempts to subvert the 2020 presidential elections.

Security defenders can run these queries against Certificate Transparency logs to identify misconfigured SSL certificates before they can be used by adversaries to map out attacks.

Attackers also are deploying ProxyShell and abusing the vulnerabilities in stealthier manner, researchers say.