Microsoft's security team says the company's Office 365 suite of products did not serve as an initial entry point for the hackers who waged the SolarWinds supply chain attack. And SolarWinds' CEO says that no Office 365 vulnerability has been identified that would have opened the door to the attack.
Researchers at the security firm Netlab have identified a previously undocumented botnet dubbed "Matryosh" that is targeting vulnerable Android devices to help build its network so it can conduct distributed denial-of-service attacks.
The decline in the total number of U.S. data breaches in 2020 isn't all good news; it reflects that hackers are changing their tactics, says James Lee of the Identity Theft Resource Center, who offers an analysis of the center's new data breach report.
French security vendor Stormshield has launched an investigation after an internal review found that hackers accessed the source code of the company's network security product. The company is a supplier of cybersecurity technology to the French government.
The Fonix ransomware gang has closed down its operations and has released a decryptor key, according to Malwarebytes and Kaspersky. But security researchers warn the gang, like others, might re-emerge with new tactics.
Maze was one of the most notorious and successful ransomware operations of recent years until its apparent "retirement" and handover to Egregor in November 2020. Some rivals have suggested both groups have ties to the Russian government. But is that just sour grapes, or even simply an attempted scam?
The operators behind the Trickbot malware are deploying a new reconnaissance tool dubbed "Masrv" to exfiltrate additional data from targeted networks, according to a Kryptos Logic report. Other researchers have noticed increases in the botnet's activity over the last month.
The sentencing this week of a medical researcher who pleaded guilty in a federal case involving conspiracy to steal trade secrets from a children’s hospital and sell them to China spotlights the growing risks to medical intellectual property posed by insiders.
In the era of “Verify, then trust,” identity proofing becomes the key challenge for enterprises to meet. Matt Johnson of TransUnion dives into the myths and realities behind such topics as biometrics, authentication and national ID programs.
Security researchers at Armorblox uncovered an unusual invoice-themed phishing campaign designed to extract victims' Microsoft Office 365 login credentials, alternate email addresses and phone numbers.
SonicWall has confirmed that a zero-day vulnerability is affecting its Secure Mobile Access, or SMA, gateway product line, and the company is developing a patch to address the issue. Researchers say they have found exploits for the vulnerability circulating in the wild.
Alejandro Mayorkas, the newly confirmed secretary of the Department of Homeland Security, says his initial priorities include reviewing all available intelligence on the SolarWinds supply chain hack and scrutinizing the government's cybersecurity programs.
The National Counterintelligence and Security Center is calling attention to China's ongoing efforts to collect DNA data sets and other sensitive health data of Americans through hacking and other methods. It warns the data could be used to support surveillance or extortion efforts.
Embedded software vendor Wind River Systems is investigating a security incident within its internal network, according to a notification filed with California authorities. The data that may have been exposed includes Social Security numbers and passport details.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.