Because 2020 wasn't already exciting enough, now we have to worry about being hunted by adversaries wielding FireEye's penetration testing tools, thanks to the company having suffered a big, bad breach. Here's a list of targeted flaws that every organization should ensure they've patched.
Government leaders are increasingly calling on cybersecurity researchers to better inform policymakers and are urging businesses to pay more attention to their in-house security teams, according to presenters at this week's Black Hat Europe virtual conference.
A hacking group behind an Android spyware variant has recently added fresh capabilities that include the ability to snoop on private chats on Skype, Instagram and WhatsApp, according to ReversingLabs. This APT group, believed to be tied to Iran, has recently been sanctioned by the U.S. Treasury Department.
A JavaScript card skimmer group dubbed "FakeSecurity" recently deployed the Raccoon information stealer malware in order to target e-commerce sites to steal payment card details from victims, according to security firm Group-IB.
President Donald Trump on Friday signed into law the Internet of Things Cybersecurity Improvement Act of 2020, the first U.S. federal law addressing IoT security. The act requires federal agencies to only procure devices that meet minimum cybersecurity standards.
Hackers with possible links to Iran appear to have breached an unprotected human-machine interface system at an Israeli water reservoir that connected directly to the internet. The system appeared to lack security protocols, according to researchers with Otorio.
The U.S. National Security Agency is warning that Russian state-sponsored threat actors are attempting to exploit a known vulnerability in several VMware products, according to an alert. Federal agencies are urged to apply fixes as soon as possible.
As the time for distribution of COVID-19 vaccines comes closer, law enforcement agencies across the world are warning of organized crime threats, including schemes to sell counterfeit vaccines on the dark web, as well as physical and virtual attacks targeting supply chain companies.
Ransomware innovation seems to know no bounds, as crime gangs seek new ways to make crypto-locking malware ever more profitable. Beyond data-leak sites and affiliate programs, gangs have also been using call centers to cold-call victims, tell them they've been hit by ransomware and request payment.
E-commerce has skyrocketed in 2020, but so have transaction disputes. Ryan Battles of EY explains the cause, the impact, as well as how merchants can reduce incidents of this so-called "friendly" fraud.
Dutch HR firm Randstad and the public transportation agency of Vancouver, Canada, are continuing to recover from ransomware attacks. Both incidents appear to have involved Egregor ransomware, with Randstad reporting that data was exfiltrated and is now being leaked by attackers to try and force payment.
A source code flaw in the Google Play store platform could enable attackers to perform remote code execution for credential theft on several prominent apps, a new report by security firm Check Point Research finds.
The hacker-for-hire group DeathStalker, known for conducting espionage campaigns against small and medium-sized businesses, has started using a new malware strain called PowerPepper, according to a report from the security firm Kaspersky.
Hackers exfiltrated voters' personally identifiable information from online voter registration servers in Alaska in September, and the information likely was used for voter intimidation and propaganda purposes, state officials say.
A hacking group recently deployed cryptocurrency miners within targeted victims' networks to distract security teams from their cyberespionage campaigns, Microsoft reports.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.