A Swiss national who recently highlighted flaws in Verkada surveillance cameras has been charged with criminal hacking by a U.S. federal grand jury and accused of illegally accessing and leaking data from numerous organizations, apparently including Intel, Nissan and the U.S. National Reconnaissance Office.
Hackers used Trojanized Xcode projects to install backdoors on developers' devices as part of a supply chain attack, according to security firm Sentinel Labs. Xcode is Apple's integrated development environment for macOS.
This edition of the ISMG Security Report features an analysis of the Microsoft Exchange on-premises server hacks – from who might have leaked the vulnerability exploits to how ransomware gangs are taking advantage of the flaws. Also featured: Tackling the cybercrime business model; assessing "zero trust."
Organizations should go beyond one-time passwords to include other layers of authentication as they strive to mitigate the risk of synthetic ID fraud, says Amy Walraven, president of Turnkey Risk Solutions, a Newark, Delaware-based risk management company.
Email security vendor Mimecast, which was targeted by the SolarWinds supply chain hack in January, reports in a Tuesday update that the hackers used the "Sunburst" backdoor as an initial attack vector to steal some source code. But Mimecast says it "found no evidence of any modifications" to that code.
U.S. intelligence agency reports conclude that Russia and Iran tried to interfere in the 2020 presidential election via disinformation campaigns, but found "no indication that any foreign actor attempted to alter any technical aspect of the voting process," including voting results.
“Passwordless” has become the holy grail for user authentication. But there are different interpretations of what passwordless is – and is not. Tom “TJ” Jermoluk, CEO of Beyond Identity, addresses some of the myths,the realities and how passwordless is deployed today.
As the Biden administration makes final preparations to respond to the attacks against SolarWinds, it's been confronted by a second major cyberthreat: the hacking of Microsoft Exchange servers throughout the U.S. The response to this incident, however, will likely be much different.
U.S. authorities have extended the crackdown on the Sky ECC cryptophone service by charging the CEO of parent company Sky Global and its alleged main distributor - both Canadians - with running an "illicit secret communications network" for criminals and hiding profits via shell companies and cryptocurrency.
It has been an open question as to how a half-dozen hacking groups began exploiting Exchange servers in an automated fashion in the days leading up to Microsoft's patches. But there are strong signs that the exploit code leaked, and the question now is: Who leaked it?
The latest edition of the ISMG Security Report features cybercrime deterrence lessons learned from the disruption of the Emotet botnet operation. Also featured: An update on attacks tied to Microsoft Exchange flaw exploits; a discussion of the need to update business continuity plans.
Tales of poorly secured internet-connected cameras come along regularly. But the latest installment seems especially egregious because it involves Verkada, a widely used "surveillance camera as a service" startup, and led to remote hackers being able to spy on customers via their own cameras.
Watch this episode of the "On The Road to DevSecOps" series to learn from a group of DevOps experts on why AppSec Awareness and Training matters and how to give your developers secure coding education that works.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.