A Russia-linked hacking group is shifting its online infrastructure likely in response to public disclosures about its activity. Its ability to adapt to public reporting suggests it will persist with "operations for the foreseeable future" and continue to evolve its tactics, Recorded Future warned.
A Russian espionage group attacked multiple organizations to steal credentials using Microsoft Teams chats that appear to originate from technical support. Microsoft on Wednesday attributed the campaign to a threat actor originating in the Russian Foreign Intelligence Service.
Ten Eleven Ventures' Alex Doll sees privacy and device management as the hottest areas for security startups and cloud companies as "coming from behind." Advancements in privacy-enhanced technologies have allowed for searchable encryption, meaning that entire databases can be locked down.
Ilya "Dutch" Lichtenstein, 35, confessed in U.S. federal court to hacking billions of dollars from virtual currency exchange Bitfinex and laundering stolen funds with his 33-year-old wife, Heather Morgan. Lichtenstein pleaded guilty to conspiracy to commit money laundering.
New CEO Scott Harrell wants Infoblox to evolve from classic networking DNS management to bringing networking and security together in ways that optimize protection and efficiency. DNS serves as a building block for security since it is universal across large client devices and small mobile phones.
This week, pharma company Evotec downgraded its earnings after an April hack, Iranians pretended to be Israelis on LinkedIn, researchers jailbroke AI chatbots, a Ninja Forms WordPress plug-in flaw that can aid in data theft was discovered, and a DDoS attack in Kenya disrupted government services.
A contractor that provides claims processing and other services says several of its community health plan customers - including 1.7 million members of the Oregon Health Plan - are victims of the zero-day MOVEit vulnerability, which has affected more than 500 organizations worldwide.
TikTok will know within a month the outcome of an Irish investigation into whether the short-form video app violated the privacy of underage users. The investigation stalled after other European national privacy enforcers raised objections to the Irish Data Protection Commission's draft decision.
ISMG's roundup of digital assets-related cybersecurity incidents includes Kenya, France and Germany's probe into WorldCoin; July security incidents; Curve Finance and LeetSwap theft; the crypto amendment in the NDAA; and India's lack of crypto regulation.
A finalist in RSA Conference's prestigious Innovation Sandbox contest completed its first major funding round to extend its capabilities from code security to pipeline security. Endor Labs got $70 million to move beyond protecting open-source software and get into locking down the CI/CD pipeline.
Shadow APIs are up 900%, and API business logic abuse attacks have come to the forefront and are demanding both discovery and defensive measures from cybersecurity organizations, said James Sherlow, director of solution engineering in EMEA at Cequence Security.
A hacking campaign that exploited Ivanti mobile device manager to target the Norwegian government began in April or possibly earlier, say cybersecurity agencies from the U.S. and Norway. Mobile device management systems are "attractive targets for threat actors," the alert warns.
Public details have been scant so far from two medical care providers about recent major hacks that compromised the personal information of an unconfirmed number of patients. But that hasn't stopped the push by class action attorneys, who are already filing lawsuits.
Tenable CEO Amit Yoran once again accused Microsoft of irresponsible security practices, this time for letting a critical Azure vulnerability stay unpatched for four months. Tenable told Microsoft about a flaw in an Azure service that would allow an unauthenticated attacker to access sensitive data.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.