A source code flaw in the Google Play store platform could enable attackers to perform remote code execution for credential theft on several prominent apps, a new report by security firm Check Point Research finds.
The hacker-for-hire group DeathStalker, known for conducting espionage campaigns against small and medium-sized businesses, has started using a new malware strain called PowerPepper, according to a report from the security firm Kaspersky.
The top Republican and Democrat on the U.S. Senate Intelligence Committee have issued a warning about the national security threats posed by the Chinese government. The statement follows an opinion article published by DNI Director John Ratcliffe that called out China's cyber and other capabilities.
Electronic health records potentially can be exposed in many ways. For example, in one recent incident, information on thousands of patients was apparently left exposed on an unsecured cloud server. And in another, critical security vulnerabilities in an open-source EHR system put patients' data at risk.
No doubt, cloud services providers such as Microsoft Azure have been big beneficiaries of 2020's accelerated digital transformation. But in the rush to enjoy cloud efficiencies, enterprise don't need to compromise on market-leading security expertise and tools, says Daniel Schrader of Fortinet.
Hackers exfiltrated voters' personally identifiable information from online voter registration servers in Alaska in September, and the information likely was used for voter intimidation and propaganda purposes, state officials say.
A defense policy bill that Congress plans to vote on later this month now includes a provision that would restore the position of national cyber director at the White House, says Rep. Jim Langevin, D-R.I.
This edition of the ISMG Security Report features an analysis of a serious Apple iOS "zero-click exploit" that could have allowed hackers to remotely gain complete control of a device. Also featured: a discussion of identity proofing challenges and a review of New Zealand's updated Privacy Act.
DDoS, bad bots and automated attacks - these are the common strikes against organizations that support ecommerce. How can they fend off these attacks without impacting normal human traffic? Edward Roberts of Imperva shares strategies and solutions.
Trickbot malware has been updated with a bootkit module, nicknamed Trickboot, which can search for UEFI/BIOS firmware vulnerabilities, according to a report from the security firms Eclypsium and Advanced Intelligence. These flaws, if exploited, can give an attacker the ability to brick a device.
CISA, citing a new report by IBM, is warning organizations involved in COVID-19 vaccine production and distribution of a global phishing campaign targeting the cold storage and transport supply chain. Many vaccines in development must be kept at low temperatures before being administered.