Virtual private network provider NordVPN says an error by its Finish data center provider allowed an attacker to gain control of a server, but it says its broader service was not hacked. One security expert, however, says the attacker would have had "God mode" on one VPN node.
Turla, an advanced persistent threat group with apparent ties to Russia, seized attack infrastructure and tools used by OilRig, an Iranian APT group, U.K. and U.S. intelligence agencies have jointly reported. They say Turla used the co-opted infrastructure to conduct its own reconnaissance and attacks.
A British judge has denied WikiLeaks founder Julian Assange's request to delay a five-day hearing, slated to begin Feb. 25, on whether he should be extradited to the United States to face espionage charges.
What is the risk of having too many cybersecurity tools? Compromised visibility because of "tool sprawl," say Brian Murphy and Seth Goldhammer of ReliaQuest. Enterprises are now awakening to this challenge and attempting to overcome it.
ESET researchers have uncovered a new cybercriminal scheme that uses a trojanized version of the Tor browser for stealing bitcoins from darknet users. So far, the scam has netted about $40,000 in virtual currency, the security firm says.
Sodinokibi/REvil appears to be making millions since it seized the ransomware-as-a-service mantle from GandCrab earlier this year. Security firm McAfee says up to 40 percent of every victim's ransom payment - average: $4,000 - gets remitted to the Sodinokibi actor, with "affiliates" keeping the rest.
The latest edition of the ISMG Security Report discusses the shutdown of DeepDotWeb. Plus, dealing with breach fatigue and the Pitney Bowes ransomware attack.
The prices for specific types of cybercriminal tools on darknet sites continue to rise, according to a recent analysis by security firm Flashpoint. Payment card and passport data remain the most sought-after commodities on these forums, research shows.
Scammers are using the notorious Phorpiex botnet as part of an ongoing "sextortion" scheme, according to Check Point researchers. At one point, the botnet was sending out over 30,000 spam emails an hour and the attackers made about $110,000 in five months, researchers say.
Eighteen technology companies have formed the Open Cybersecurity Alliance to foster the development of open source tools to improve interoperability and data sharing between cybersecurity applications. But some observers say getting all players to agree on a common platform will be challenging.
At least 550 fraudulent domains have been aimed at users who accidentally mistype the URL for a political candidate or election-related group, warn researchers at Digital Shadows. While many of these "typosquatting" domains appear to be relatively harmless, some could be more nefarious.
Organizations are accepting that the network perimeter no longer serves as the "ultimate defense" and thus adapting zero-trust principles, including least privilege, based on the understanding that they may already have been compromised, says Darran Rolls of SailPoint.
Robotic process automation aims to use machine learning to create bots that automate high-volume, repeatable tasks. But as organizations tap RPA, they must ensure they take steps to maintain data security, says Deloitte's Ashish Sharma.
Data breaches involving phishing and related email compromises persist as a top challenge for healthcare providers. So, what are some of the top trends emerging from these incidents?
Ransomware is once again the most common illicit profit-making tool in online attackers' arsenal, police warn. Security firm Emsisoft says the most-seen strains in recent months include STOP, Dharma .cezar, Phobos, GlobeImposter 2.0 and Sodinokibi. Less widely seen Ryuk also continues to generate big profits.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.