Malware developers increasingly are relying on "exotic" programming languages - such as Go, Rust, DLang and Nim - to create malicious code that can avoid detection by security tools and add a layer of obfuscation to an attack, according to a report released Monday by BlackBerry.
Good news on the ransomware front: The average ransom paid by a victim dropped by 38% from Q1 to Q2, reaching $136,576, reports ransomware incident response firm Coveware. In addition, fewer victims are paying a ransom simply for a promise from attackers to delete stolen data.
With corporate America beginning to ask employees to come back to their offices in the fall, cybersecurity teams have the huge task of ensuring that the work environment is safe. This is particularly true of IoT devices, as many have been left unprotected for months.
U.S. Customs and Border Protection has not always protected its Mobile Passport Control applications, making travelers' personally identifiable information vulnerable to exploitation, according to a new report from the Department of Homeland Security's Office of the Inspector General.
This edition of the ISMG Security Report features an analysis of ongoing investigations into the use of NSO Group's Pegasus spyware to spy on dissidents, journalists, political rivals, business leaders and even heads of state - and discussion of whether the commercial spyware business model should be banned.
As ransomware continues to pummel organizations, if they do get hit, then from an incident response standpoint, what are the essential steps they should take to smooth their recovery? Veteran ransomware-battler Fabian Wosar, CTO of Emsisoft, shares essential steps and guidance for recovery.
A patch is forthcoming for a privilege escalation vulnerability in the Windows operating system that can allow hackers to gain a foothold. Meanwhile, Linux OS users also need to adopt system upgrades to fix a flaw, and Oracle and Juniper have announced product patches.
A U.K. citizen was arrested in Spain Wednesday at the request of the U.S. Justice Department for his alleged role in a July 2020 hack of Twitter and additional incidents involving TikTok and Snapchat. This is the third arrest in the Twitter case so far.
New guidance from the National Institute of Standards and Technology spells out security measures for "critical software" used by federal agencies and minimum standards for testing its source code. The best practices could be a model for the private sector as well.
Cybereason, Rapid7 and Microsoft announced acquisitions this week designed to boost their security capabilities. Meanwhile, DevOps security firm Sysdig made a move to add infrastructure-as-code security to its portfolio.
The Biden administration formally accused China's Ministry of State Security of conducting a series of attacks against vulnerable Microsoft Exchange servers earlier this year that affected thousands of organizations. This group is also accused of carrying out ransomware and other cyber operations.
A leak of 50,000 telephone numbers and email addresses led to the "Pegasus Project," a global media consortium's research effort that discovered how Pegasus spyware developed by NSO Group is being used in the wild.
A new exposé tracking how spyware has been used to target journalists and human rights advocates suggests attackers have been exploiting zero-day flaws in Apple applications and devices. Apple says the flaws, while serious, likely pose no risk to the vast majority of its users.
A greater level of cooperation is needed between the DOD and DHS to ensure that U.S. critical infrastructure is protected against various cyberthreats, according to an inspector general's report. The SolarWinds attack showed the need for more coordination between the two departments.
Cyberattackers used spyware from the Israeli firm Candiru to target at least 100 human rights defenders, dissidents, journalists and others across 10 countries, according to researchers at the University of Toronto’s Citizen Lab, which tracks illegal hacking and surveillance.