Archive

From January 25 to 28, 2019, multiple organizations, including Discover Financial Services, Verity Medical Foundation, Verity Health Systems and Allen Chern LLP, have made routine filings in accordance with California state law, reporting cybersecurity incidents that may or may not

Digital transformation is exposing organizations to greater IT complexity and cyber-risk, according to new global research from Thales eSecurity. The security vendor polled 1200 execs with responsibility for IT and data security in nine countries around the world to compile

According to the ENISA Threat Landscape Report 2018, 2018 has brought significant changes in the techniques, tactics, and procedures associated with cybercrime organizations and nation-state actors. I’m proud to present you the ENISA Threat Landscape Report 2018, the annual report

Facebook has been “secretly” paying $20 a month to some users ages 13 to 35 to install and use a VPN app that requires installing a root certificate and thereby handing over every bit of data from their smartphones –

Despite Apache Struts releasing multiple updates to its software in the nearly two years since the Equifax breach, Sonatype published research which found that between July and December 2018, two-thirds of the Fortune 100 companies downloaded the same vulnerable version

At most enterprise organizations, cybersecurity infrastructure grew organically over time. The security team implemented each security control in response to a particular threat – antivirus software appeared on desktops, gateways were added to the network, sandboxes were deployed to detect

A joint operation conducted by law enforcement agencies in the United States and Europe allowed seizing the xDedic marketplace. Law enforcement agencies in the US and Europe announced the seizure of the popular xDedic marketplace, an underground market offering for

After being abandoned by its creator, WordPress plugin Total Donations is reportedly being compromised by attackers who are leveraging a zero-day exploit, according to Wordfence. Researchers confirmed that malicious actors are able to gain administrative access to affected WordPress sites

Europol has detailed how law enforcers across the globe are tracking down customers of notorious DDoS-as-a-service site webstresser.org. The site was taken down in April 2018 as part of Operation Power OFF, but that gave police a trove of information

Automation is enabling cybersecurity teams to work faster and smarter. By delegating tiresome, time-consuming tasks to machines, automation allows companies to extend their security efforts. For insurance giant Aflac, applying automation to its threat intelligence program keeps it up-to-date on

The corporate world was rocked by a number of high-profile data breaches and ransomware attacks in 2018. Juniper Research estimated that the quantity of data stolen by cybercriminals could rise by as much as 175 percent over the next five

A flaw in Apple’s FaceTime app allows users to spy on each other, which has resulted in a Twitter-storm of tweets encouraging iPhone users to disable FaceTime while Apple works on a fix. Infosecurity contacted Apple, but the company has

A file-hosting service registered within the last week is being used to spread information-stealing malware in another FormBook campaign, currently attacking retail and hospitality businesses both within and outside of the US, according to Deep Instinct. Though FormBook has been

A new variant of the password-stealing Ursnif bank Trojan has been found in the wild delivering fileless infections while remaining undetected, according to Cisco Talos Intelligence. In a blog post, researchers wrote that the banking Trojan employs “fileless persistence which

Ninety-five percent of the time when I watch videos about cybersecurity, hacking, privacy, or surveillance, they are videos from security conferences. In fact, some of the best out there are TED talks. While most of the great ones were made

Experts from Alias Robotics released a free, open-source tool dubbed Aztarna that could be used to find vulnerable robots. A group of experts working a startup focused on robot cybersecurity has released a free, open-source framework dubbed Aztarna that could