Ifigeneia Lella, cybersecurity officer at ENISA describes findings from the agency's Threat Landscape 2021 report, which assesses the motives, capabilities, targeting and evolution of four different types of threat actors: state-sponsored, cybercrime actors, hacker-for-hire actors and hacktivists.
Since Emotet malware returned last month, it's been dropping the Cobalt Strike penetration-testing tool directly onto infected endpoints shortly after infection, researchers say. The move could be a bid to more rapidly identify high-value systems for targeting with ransomware, some experts warn.
Once, in another role, Rent-A-Center CISO Jason Fruge was asked by senior management to develop a "security scorecard," but he resisted. What were his objections, and how did he address them? Fruge explains in this exclusive leadership discussion.
In 2021, the supply of cybersecurity professionals increased across the globe, with the exception of the Asia-Pacific region and some parts of Europe, says (ISC)² CEO Clar Rosso. She discusses factors behind the workforce gap and how a diverse team can improve resolution of cybersecurity problems.
A botnet operation called Glupteba has been disrupted by Google's Threat Analysis Group. The botnet targeted more than 1 million Microsoft Windows users in the U.S, India, Brazil and Southeast Asia. Also, Google has filed a lawsuit against two Russians alleged to be the botnet's operators.
Congressional negotiators have scrapped a provision in the must-pass defense spending bill that would have required owners and operators of critical infrastructure to report cybersecurity incidents and ransom payments made to criminal gangs.
Critical thinking, systems thinking and design thinking are important elements missing in cybersecurity education today. In this interview, Dan Faughnan, ex- Canadian Security Intelligence Service, discusses how thinking about cyber as part of a broader threat spectrum relates to national security.
Canadian police have arrested Matthew Philbert on suspicion of being tied to multiple ransomware and malware attacks that amassed domestic victims. Separately, a U.S. indictment charges Philbert with perpetrating an attack against the state of Alaska that breached personal and medical information.
Steve King, director of cybersecurity advisory services for ISMG's CyberTheory, has just been appointed a member of the Forbes Technology Council. He discusses the role, his passion for Zero Trust and new initiatives to expect from CyberTheory in 2022.
Most federal executive branch agencies in the U.S. now have vulnerability disclosure policies. John Jackson and Jackson Henry of the security research group Sakura Samurai say those policies ensure they don't get into legal trouble for helping improve cybersecurity.
An electric cooperative serving two western Colorado counties says a cyberattack first detected Nov. 7 has disabled billing systems and wiped out 20 to 25 years' worth of historic data, leaving the utility operating under limited functionality, according to the company and local reports.
A U.S. federal court in Virginia has paved the way for Microsoft to disrupt the activities of China-based hacking group Nickel. Microsoft will target websites that the threat actor uses to gather intelligence from government agencies, think tanks and human rights organizations.
A security flaw in Kafdrop, an open-source user interface and management interface for distributed event-streaming platform Apache Kafka, has exposed data of "major global players ... in healthcare, insurance, media and IoT," a report by cybersecurity company Spectral says.
Nearly $200 million has reportedly been stolen from the cryptocurrency exchange BitMart, one of the top centralized crypto exchanges by volume, according to China-based blockchain analytics firm PeckShield, which tracked the heist beginning Saturday.
A new Microsoft Teams feature makes it possible for employees to communicate with people outside the organization and vice versa through Teams. Security researchers believe the new update potentially opens up avenues for threat actors to target organizations through phishing attacks.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.