The U.S. Senate on Tuesday unanimously passed federal IoT security legislation that will require the government to only procure devices that meet minimum cybersecurity requirements. The bill now moves to President Donald Trump's desk.
Japanese computer game company Capcom acknowledged this week that a November security incident was a Ragnar Locker ransomware attack that resulted in about 350,000 customer and company records, including sales and shareholder data, potentially being compromised.
Medical device maker Becton Dickinson and federal authorities have issued alerts concerning an authentication weakness that, if exploited, could result in a denial-of-service attack on certain models of the BD Alaris PC Unit drug infusion and monitoring system.
NOYB, a privacy group run by Austrian Max Schrems, has filed complaints against Apple with Spanish and German data protection regulators alleging the company's Identifier for Advertisers breaks EU privacy laws by allowing Apple and all apps on the iPhone to track a user without consent.
IoT devices are like sausages: They're full of components of varying quality, and it's invariably disturbing to think about their origins. New guidance helps address how to reduce the risk of potentially vulnerable components in connected devices.
Distributed denial-of-service attacks have not garnered much attention this year. But analysts say such attacks could surge, and they have the potential to be just as damaging as ransomware and other types of cyberthreats.
A recently uncovered point-of-sale malware called "ModPipe" is targeting Oracle software used by thousands of restaurants and other businesses in the hospitality industry, according to researchers at ESET. This backdoor can then steal sensitive data, such as cardholder names.
Darkside is the latest ransomware operation to announce an affiliate program in which a ransomware operator maintains crypto-locking malware and a ransom payment infrastructure while crowdsourced and vetted affiliates find and infect targets. When a victim pays, the operator and affiliate share the loot.
Check Point Research has uncovered a large and likely profitable business model that involves hackers attacking and gaining control of certain VoIP services, which enables them to make phone calls through a company's compromised system.
The National Guard has been recruited to help a healthcare system recover from a recent ransomware attack, while some other healthcare entities have temporarily shut down their email systems in the wake of urgent federal cyber alerts. How warranted are these drastic measures?
The operators behind a botnet dubbed "Gitpaste-12" are abusing legitimate services such as GitHub and Pastebin to help hide the malware's malicious infrastructure, according to Juniper Threat Labs. This botnet mainly targets Linux apps and IoT devices and can mine cryptocurrency.
Apple issued an update for iOS and iPadOS on Thursday that fixes three zero-day flaws found by Google's Project Zero bug-hunting team and a range of other security-related flaws. Google says the bugs are being exploited by attackers but haven't been used in election-related cyber activity.
Victims of crypto-locking malware who pay a ransom to their attackers are paying, on average, more than ever before. But investigators warn that when victims pay for a guarantee that all data stolen during an attack will get deleted, criminals often fail to honor their promises.
In the latest health data breach enforcement action by a state, New Jersey regulators have slapped a supermarket cooperative with a large settlement for improper disposal of customer pharmacy information.
The U.K. NCSC responded to over 700 cyber incidents over a 12-month period, 200 of which were related to the COVID-19 pandemic, according to the cyber agency's annual report. NCSC also notes that's it's preparing to step-up its response to cyber incidents involving the NHS and vaccine development.