Malware developers increasingly are relying on "exotic" programming languages - such as Go, Rust, DLang and Nim - to create malicious code that can avoid detection by security tools and add a layer of obfuscation to an attack, according to a report released Monday by BlackBerry.
A recently discovered ransomware-as-a-service gang dubbed AvosLocker is recruiting affiliates and partners, including "pentesters" and "access brokers," on darknet forums, according to the security firm Malwarebytes.
U.S. Customs and Border Protection has not always protected its Mobile Passport Control applications, making travelers' personally identifiable information vulnerable to exploitation, according to a new report from the Department of Homeland Security's Office of the Inspector General.
This edition of the ISMG Security Report features an analysis of ongoing investigations into the use of NSO Group's Pegasus spyware to spy on dissidents, journalists, political rivals, business leaders and even heads of state - and discussion of whether the commercial spyware business model should be banned.
Cyber attacks on critical infrastructure are on the rise. A recent survey found that 9 out of 10 OT organizations experienced at least one intrusion in the past year.
Read the solution brief to learn:
Why operational technology endpoints are vulnerable
How FortiEDR addresses challenges of OT environments
With traditional endpoint security solutions, it’s not a matter of if a security breach happens, but when. These EDR solutions not only lack the ability to keep pace with modern threats, but come with hidden costs that drain budgets and slow operations.
As much as public cloud use is growing, both in total volume and in diversification of services, it is not a one-way trend. To meet evolving business needs, organizations are moving applications and workloads back and forth between cloud and on-premises environments.
A patch is forthcoming for a privilege escalation vulnerability in the Windows operating system that can allow hackers to gain a foothold. Meanwhile, Linux OS users also need to adopt system upgrades to fix a flaw, and Oracle and Juniper have announced product patches.
APT 31, a China-linked hacking group, is targeting French organizations by exploiting home and office routers in an espionage campaign, warns CERT-FR, the French government's computer emergency readiness team that's part of the National Cybersecurity Agency of France, or ANSSI.
The older vision of vulnerability management of addressing vulnerabilities in silos is too inefficient and expensive for today’s enterprise. IT and security groups of today must monitor a much larger attack surface. Infrastructures and applications can change on a daily, even hourly basis. As cybercriminals are...
Verizon’s 2019 Data Breach Investigations Report found that technology sector is particularly susceptible to both internal (56%) and external (44%) threats; with financial motives (67%) and industrial espionage (29%) being the major drivers. The technology industry is also particularly vulnerable to DDoS attacks....
New guidance from the National Institute of Standards and Technology spells out security measures for "critical software" used by federal agencies and minimum standards for testing its source code. The best practices could be a model for the private sector as well.
Cybereason, Rapid7 and Microsoft announced acquisitions this week designed to boost their security capabilities. Meanwhile, DevOps security firm Sysdig made a move to add infrastructure-as-code security to its portfolio.