Researchers at Check Point developed a one-click attack against Amazon's popular voice-controlled assistant Alexa that could reveal a user's voice history or personal information. Amazon has fixed the web application security flaws but says Check Point's demo video is misleading.
The IcedID banking Trojan has been updated with additional evasion techniques, including a password-protected attachment, keyword obfuscation and a DLL file that acts as a second-stage downloader, according to Juniper Threat Labs.
President Donald Trump has signed a new executive order that requires TikTok owner ByteDance to divest its U.S. operations within 90 days. In the new order, Trump cites national security concerns in demanding the Chinese company sell its American assets.
A bipartisan group of federal lawmakers has proposed providing $28 billion to state and local governments to bolster their cybersecurity and IT infrastructures.
An alert from U.S. National Security Agency and the FBI warns of a recently discovered Russian-deployed malware variant called Drovorub that's designed to target Linux systems, creating a backdoor into targeted networks to exfiltrate data.
A new study from Sophos describes how the Dharma ransomware-as-a-service model offers low-skilled hackers the ability to profit from attacks on unprotected small businesses.
China could collect the personal data on Americans through the social media apps TikTok and WeChat for intelligence-gathering purposes, a senior Justice Department official says in explaining why the White House wants to ban these apps.
Ariel Weintraub joined MassMutual last fall to focus on putting data science to work to help improve the insurance company's security operations and identity and access management programs. What are the early use cases and lessons learned?
Hackers with suspected ties to North Korea's government are conducting a cyber espionage campaign that's circulating "job opportunity" spear-phishing emails targeting employees of defense contractors, according to the security firm ClearSky.
The U.S. Justice Department has seized more than $2 million worth of cryptocurrency from terrorist groups who solicited donations via social media and waged fraud campaigns.
Why has the tally of major health data breaches - and the number of individuals affected - spiked in recent weeks? Here's an analysis of the latest trends.
The National Institute of Standards and Technology has released the final version of its "zero trust" architecture guidelines that provide a road map for using the architecture in security programs.
Since 2018, an advanced persistent threat group dubbed RedCurl, which has served as a team of for-hire hackers specializing in corporate espionage, has hit at least 14 targets in Canada, Russia, the U.K. and beyond, says cybersecurity firm Group-IB.
The SANS Institute, which is known for its cybersecurity training courses, is now planning to turn its own data breach into a teachable moment for its membership.
To help mitigate the risks posed by business email compromise scams that target privileged users, enterprises need to create a detailed enterprise risk management plan that spells out procedures to secure accounts, says Espen Otterstad, CISO at Norwegian telematics company ABAX AS.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.