A Russian group that was behind the massive SolarWinds supply chain attack has returned with a fresh phishing campaign, according to Microsoft. This new campaign compromised a marketing firm used by the U.S. Agency for International Development - USAID - to send malicious messages to thousands.
Advanced persistent threat groups are continuing to exploit unpatched flaws in Fortinet products, the FBI warns in a flash alert. For example, an APT group apparently recently exploited a Fortigate appliance to access a web server hosting the domain for a U.S. municipal government, the bureau says.
Network intrusion displaced phishing as the leading hack-attack tactic last year, while ransomware continued to surge as the pandemic complicated incident response efforts, says BakerHostetler's Craig A. Hoffman, who describes trends from the 1,250 incidents his firm helped manage.
In a session at RSA Conference 2021, three cybersecurity experts said top priorities among the U.S. Cyberspace Solarium Commission's recommendations that have not yet been carried out are adopting a federal data breach notification law and improving public-private partnerships.
What are the top cybercrime trends and threats coming up, and what should organizations be doing now to best prepare? Trend Micro's Rik Ferguson describes threats that are likely to emerge and intensify by 2030 and what security steps all organizations should be taking now.
A new WastedLocker malware variant, dubbed WastedLoader, is exploiting two vulnerabilities in Internet Explorer to insert malicious advertisements into legitimate websites, the security firm Bitdefender reports.
In the wake of recent attacks on supply chains and critical infrastructure, Adrian Mayers says it's time for cybersecurity to be seen as an issue of national defense, and that cybersecurity leaders throughout the private and public sectors must embrace their role to protect national interests.
Investigators at industrial cybersecurity specialist Dragos say an employee of the water treatment plant in Oldsmar, Florida, where a cyberattack was thwarted, had visited an infected website the same day, but that apparently played no role in the security incident.
The DarkSide ransomware gang apparently collected over $90 million in ransom payments from about 47 victims, including Colonial Pipeline Co., since the gang began operating in August 2020, according to the blockchain analytics firm Elliptic, which says it analyzed bitcoin wallet activity.
In the past six months alone, we've seen the SolarWinds attack, the Microsoft Exchange Server exploits and the Colonial Pipeline ransomware strike. The threats are more imminent than ever. But Philip Reitinger of the Global Cyber Alliance believes strongly: We created this mess, and we can fix it.
As a retired Air Force general and the former federal CISO of the United States, Gregory Touhill is well-versed in critical infrastructure protection and resiliency. Now, as the new director of CMU SEI's CERT division, he has the opportunity to help foster new levels of education and collaboration.
He's been a police officer, a Secret Service agent, a CIO and a CISO. And it all comes together. Don Cox, currently a chief technology evangelist at CIBR, discusses his career path and how his police background assists him in leading cybersecurity organizations.
FBI agent Elvis Chan dedicated four years to election security, and he doesn’t hesitate to say: The 2020 presidential election was "the most secure election of my career." He explains why, and what lessons learned we can apply to future elections.