After a hiatus, TA505 - a sophisticated APT group that has targeted financial companies and retailers in several countries, including the U.S. - has returned with a campaign that uses HTML redirectors to deliver malicious Excel documents, according to Microsoft and other security researchers.
A Federal Communications Commission investigation found that one or more U.S. wireless carriers violated federal law by selling consumer location data to third parties, according to a letter FCC Chairman Ajit Pai sent to congressional lawmakers.
Iowa prosecutors have dropped all charges against two penetration testers who were contracted to test the electronic and physical security of three judicial facilities, only to be arrested for trespassing. The case highlights how a lack of communication before penetration tests can have serious consequences.
Police in the United Kingdom have arrested six suspects as part of a money laundering investigation tied to the February 2019 theft of $14 million from one of Malta's largest banks. Officials say malware-wielding attackers moved money to accounts in the U.S., U.K., Czech Republic and Hong Kong.
A federal judge has ruled that an insurer providing a "business owner's insurance policy" to a company that sustained a ransomware attack and was forced to replace most of its IT infrastructure must pay for the damages the security incident caused.
Anti-virus giant Avast is shuttering Jumpshot, its data collecting side business that has been funneling detailed internet browsing activity from the company's security products and browser extensions to marketers, after a probe by PCMag and Motherboard found the company was failing to fully anonymize data.
As the wait continues for federal regulators to issue final rules for health IT interoperability and information blocking prevention, some industry stakeholders are raising serious concerns about the privacy of patient data accessed and shared using application programming interfaces and mobile consumer apps.
Will Britain's Huawei decision serve as a blueprint for other nations' 5G infrastructure rollouts? High-risk vendors, including Huawei, won't be allowed anywhere near that nation's most sensitive networks, British officials say. But the risks go beyond the threat of espionage.
Conferencing service provider Zoom has fixed a vulnerability that - under certain conditions - could have allowed an uninvited third party to guess a meeting ID and join a conference call. The exploitation of the flaw revolves around guessing IDs for meetings that aren't password-protected.
The U.S. Department of the Interior this week announced that it has temporarily grounded all drone operations, except for emergencies, citing concerns over national security and cybersecurity. The agency is joining the U.S. Army and Navy in raising concerns about unmanned aircraft made in China.
The United Nations did not reveal hacks last year that compromised dozens of servers and domains and may have exposed sensitive data, including information related to human rights abuses, according to The New Humanitarian news agency.