A new Princeton University research paper finds that five major U.S. prepaid wireless carriers are leaving their customers open to SIM swapping attacks. The main culprit is weak account authentication procedures that attackers can easily exploit.
Five years ago, cybersecurity executive Dave Merkel called upon enterprises to shed their "peacetime" mindsets and adopt a "wartime" stance against persistent cybercriminals and nation-state actors. How have they risen to that challenge?
The British government continues to delay deciding whether it will ban Chinese networking gear from its national 5G rollout, as the Trump administration demands. But with future trade deals on the line as the U.K. navigates its "Brexit" from the EU, Britain cannot afford to anger either Beijing or Washington.
The NSA took the unusual step Tuesday of announcing what it calls a "severe" vulnerability in Microsoft's Windows 10 operating systems ahead of Microsoft's Patch Tuesday security update. The flaw could allow attackers to execute man-in-the-middle attacks or decrypt confidential data within applications.
Hackers with ties to the Russian government have targeted Ukrainian natural gas firm Burisma with phishing attacks designed to steal credentials, according to researchers at Area 1 Security. The company is at the center of the impeachment of President Donald Trump.
U.S. Attorney General William Barr is ratcheting up the pressure on Apple to unlock two iPhones belonging to a Saudi national who carried out a deadly shooting in December. The attorney general is labeling the shooting as an act of terrorism and says Apple is hampering a counterterrorism investigation.
Microsoft this week issues the final, free security updates for its Windows 7 operating system, as well as Windows Server 2008 and 2008 R2. But with one-third of all PCs continuing to run Windows 7, experts are urging organizations to immediately move to a more modern operating system.
A baby photo and video-sharing app called Peekaboo Moments is exposing sensitive logs through an exposed Elasticsearch database, a researcher has found. The data includes baby photos and videos, birthdates, location data and device information.
In light of recent ransomware and other cyberattacks against vendors serving numerous healthcare organizations, it's critical to develop and deploy comprehensive vendor risk management programs, says John Farley of Arthur J. Gallagher & Co., a provider of cyber insurance.
Officials at the Albany International Airport paid a ransom to cybercriminals after the facility's systems were hit with Sodiniokibi ransomware strain, according to local media reports. It's the same crypto-locking malware that has crippled currency exchange firm Telenex since the start of the year.
A flaw in a Broadcom chip built into many cable modems means hundreds of millions of the devices are vulnerable to a buffer overflow exploit, dubbed Cable Haunt, that attackers can use to take full control of a modem, researchers say. Only some ISPs have begun pushing firmware updates to fix the flaw.
Proof-of-concept code has been released to exploit a severe Citrix vulnerability present in tens of thousands of enterprises. Citrix says it's developing permanent patches but that enterprises should use its mitigation guidance. In the meantime, attackers are hunting for vulnerable machines.
After a data breach, if individuals' stolen information is offered for sale on the dark web, that potentially bolsters class action lawsuits filed by plaintiffs against the breached organization, says technology attorney Steven Teppler of the law firm Mandelbaum Salsburg P.C.
Corporate network security breaches, which can prove costly to remediate and expose a company to lawsuits, are frequently the result of vulnerabilities that could have been fixed for a relatively low cost. A a brute force penetration test is a critical first step in finding those vulnerabilities.
In a bizarre "whistleblower" case, federal prosecutors have charged a Georgia man in connection with an alleged "intricate scheme" involving falsely reporting that a Savannah hospital worker committed criminal HIPAA violations.