A Russian intelligence hacking campaign actively targeted European diplomats and think tanks as part of an espionage operation that lasted nearly six months. One characteristic of APT29 is how it blends in malicious traffic with legitimate traffic in order to evade detection.
ISMG's Healthcare Security Summit 2023, held in New York City on July 18, brought together leaders from the cybersecurity and healthcare industries to engage in a dynamic exchange of ideas and address pressing challenges faced by the healthcare community.
The number of organizations and individuals affected by the Clop ransomware group's data-stealing attack on MOVEit servers continues to rise. So far, at least 545 organizations have been affected and data from 38 million individuals has been stolen.
The Biden administration on Monday released a national strategy addressing cyber workforce shortages and calling long-standing vacancies a national security imperative. The White House says the U.S. needs more cyber professionals and should augment cyber literacy in jobs throughout the economy.
Threat actors who recently attacked a dozen Norwegian ministries by exploiting a zero-day vulnerability in Ivanti's endpoint management software appeared to have another zero-day flaw that tied to the overall attack exploit chain, Ivanti confirmed on Friday.
Government-backed North Korean hackers are posting convincing U.S. military job recruitment documents to lure Korean-speaking victims into downloading malware staged from legitimate but compromised South Korean websites, according to security researchers.
The highly active, North Korea-linked Lazarus Group is targeting unpatched Microsoft Internet Information Services servers to escalate privileges and distribute malware. Researchers spotted the group using watering hole techniques to fool victims in South Korea.
The latest generation of ransomware and phishing attacks is being designed to evade existing network security controls such as gateways and firewalls, said Menlo Security CEO Amir Ben-Efraim. Threat actors have taken the time to codify, register and customize URLs to impersonate a bank's help desk.
A security researcher recently found a database exposed to the internet containing sensitive information on independent school students and faculty including financial data, salary, professional details, health information and child abuse reports. The security lapse affected nearly 700,000 records.
Adversaries use artificial intelligence to obtain explosives, advance sextortion schemes and propagate malware through malicious websites that appear legitimate. Intelligence officials grapple with emboldened criminals who use AI for nefarious purposes and nation-state actors such as China.
U.S. and Australian cybersecurity agencies are warning developers to guard against access flaws, saying that failure to institute authentication checks can lead to large data breaches. Broken access controls are on OWASP's 2021 list of the top 10 most critical security risks.
In the latest weekly update, ISMG editors discuss the surging number of MOVEit breach victims and the state of ransomware innovation, why the federal government warned healthcare firms about the use of web trackers, and how the DOJ is expanding its "whole of government" approach to fight ransomware.
Watch a special presentation in which Gary Phipps, CyberGRX VP of Strategy and Business Transformation, shares insights from his recent research on the vast potential of Artificial Intelligence (AI) in transforming Third-Party Risk Management (TPRM) decisions.
A Russian court sentenced cybersecurity firm Group 1B co-founder Ilya Sachkov on Wednesday to 14 years in prison in a case that state-run media says stems from delivering classified material to foreign intelligence. Group 1B defended its former CEO, calling the trial a "pretext" for prison.
SMB cybersecurity platform Coro purchased an early-stage Israeli startup to bring network connectivity to its SASE offering for midmarket organizations. Coro said its buy of Jerusalem-based Privatise will give Coro clients a secure way to connect, manage and filter out malicious content.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.