Attackers are targeting unpatched SAP applications, and the exploits could lead to the hijacking of the vulnerable systems, data theft and ransomware attacks, SAP and Onapsis Research Labs report. They note that patches for most of the flaws have been available for several years.
The key to reducing AppSec risk is pretty simple. It all starts with AppSec visibility and everyone looking at the same data. AppSec visibility data provides the necessary insights to assess risk and drive accountability, to make the right business and operational decisions, and of course to prioritize remediation...
A bipartisan group of senators has sent a letter to Google, Twitter, Verizon, AT&T and online advertising firms and networks raising national security concerns about the selling of citizens' personal data, which could end up in the hands of foreign governments.
A Russian-speaking cybercriminal recently sold on a darknet forum thousands of stolen payment and gift cards that researchers at Gemini Advisory believe were taken from the now-defunct online gift card exchange Cardpool.com.
Cybersecurity weaknesses persist throughout the U.S. Department of Energy's unclassified networks, including those of the National Nuclear Security Administration, according to an inspector general audit.
How much does it cost to recover from a ransomware attack? For the Scottish Environment Protection Agency, which was hit by the Conti ransomware-wielding gang on Christmas Eve, reported cleanup costs have reached $1.1 million. SEPA is still restoring systems and has refused to pay any ransom.
Malicious cryptomining is once again the top form of attack. Cryptomining remains hot because of its relative ease to monetize criminal activities. Cryptomining also has a relatively small footprint that can be easier to hide, and comes with a misconception that this type of attack is somehow less dangerous than...
Capital One is warning additional customers that their Social Security numbers may have been exposed in a massive 2019 breach. Meanwhile, a suspect in the breach is slated to go to trial in October.
As healthcare sector organizations continue to fall victim to phishing incidents, the number of individuals affected by health data breaches involving compromised email accounts continues to rise.
A security researcher found more than 500 million Facebook records being offered for free on the darknet, exposing basic user information, including any phone numbers associated with the accounts. Facebook says this is “old data” previously reported as exposed.
CISA and the FBI warn in a new alert that unidentified nation-state actors are scanning for three vulnerabilities in Fortinet's operating system, FortiOS, to potentially target government agencies and companies for cyberespionage.
Many governments are exploring Central Bank Digital Currencies to reduce costs and expand digital inclusion. Karen Hsu of AppDome discusses the opportunities and challenges for minting digital money.
New York state officials are warning insurance and financial firms that fraudsters continue to probe for security weaknesses in websites offering instant quotes, as a way to target consumers' data. Attackers are now using credential stuffing techniques and targeting unprotected data in transition.
A Kansas man faces federal charges for allegedly accessing the network of a local water treatment facility and tampering with the systems that control the cleaning and disinfecting procedures, according to the Justice Department. The charges follow a similar security incident at a Florida facility.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.
