Microsoft issued patches for its on-premises Exchange Server software, addressing four new critical vulnerabilities discovered by the National Security Agency. A zero-day vulnerability in Desktop Window Manager was also disclosed and patched.
Initial access brokers continue to ply their trade, selling immediate access to hacked sites to make it easier for gangs to steal data and crypto-lock systems. But researchers say an overabundant supply of access credentials appears to be driving down the prices being commanded on cybercrime forums and markets.
Brokerage account takeover, supply chain attacks, destructive attacks and those that seek to manipulate time or time stamps are among the latest threats uncovered in the new Modern Bank Heists report authored by Tom Kellermann at VMware Carbon Black.
Criminals love to amass and sell vast quantities of user data, but not all data leaks necessarily pose a risk to users. Even so, the ease with which would-be attackers can amass user data is a reminder to organizations to lock down inappropriate access as much as possible.
Microsoft Corp. on Monday announced it will acquire cloud-based speech technology and artificial intelligence vendor Nuance Communications in an all-cash transaction valued at $19.7 billion. The deal is expected to close by the end of this year.
Facebook has been attempting to dismiss the appearance of a massive trove of user data by claiming it wasn't hacked, but scraped. No matter how the theft is characterized, 533 million users have just learned that their nonpublic profile details were stolen and sold to fraudsters.
The increasing reliance on collaboration tools such as Slack and Discord to support those working remotely during the COVID-19 pandemic has opened up new ways for fraudsters and cybercriminals to bypass security tools and deliver malware, Cisco Talos reports.
Loving your pet and creating tough-to-crack passwords should remain two distinctly separate activities. Unfortunately, Britain's National Cyber Security Center reports that more than 1 in 6 Brits admit to using the name of a pet as their password. And the problem is global.
The new world of "work from anywhere" is all about connecting users to applications. “It’s just different,” says iBoss CEO Paul Martini. Yet, many enterprises still approach this new dynamic with the wrong security mindset. Martini outlines what they’re missing.
Crisis communications: If your organization suffers a ransomware outbreak - despite its best cybersecurity efforts - is it ready to respond quickly and transparently? Experts have lauded the Scottish Environment Protection Agency for its response, saying it's a model for other victims to emulate.
Attackers are targeting unpatched SAP applications, and the exploits could lead to the hijacking of the vulnerable systems, data theft and ransomware attacks, SAP and Onapsis Research Labs report. They note that patches for most of the flaws have been available for several years.
Today's cryptocurrencies are based on cryptographic standards that eventually could be broken via quantum computing, says Gideon Samid of BitMint, which has developed a virtual currency based instead on the concept of "quantum randomness."
To deliver a secure infrastructure-as-code service, development teams must adopt a "shift left" strategy that brings all the applications and security under one umbrella to provide faster and continuous delivery of the fully automated code, according to Ori Bendet and Igor Markov of Checkmarx.
When a breached organization such as Ubiquiti says it is "not currently aware of evidence" that attackers stole customer data, it too often means: "We don't know, because we failed to have in place the robust logging and monitoring capabilities that might have provided us all with real answers."
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.