The SolarWinds supply chain attackers manipulated OAuth app certificates to maintain persistence and access privileged resources, including email, according to researchers at Proofpoint.
As digital payments have skyrocketed as a result of the surge in e-commerce during the pandemic, more organizations have provided feedback on enhancing EMVCo's specifications to help fight fraud, two executives with the global technical body say.
The Accellion File Transfer Appliance data breach continues to cause anguish. The energy company Shell has disclosed that it has been affected. Meanwhile, some customers of a Michigan-based bank have been informed that personally identifiable data has been exposed via the FTA breach.
To help prevent and defend against emerging cyberthreats, CISOs must develop a multi-line defense strategy and invest in threat-hunting capabilities and orchestration, a panel of cybersecurity experts advises.
Recent research highlights the growth in risky remote work behaviors. Dr. Margaret Cunningham of Forcepoint X-Lab discusses the implications of this increase in insider threats and shares risk mitigation strategies.
Attackers are exploiting a critical remote code vulnerability in F5 Networks' BIG-IP server network traffic security management platform, for which the company released patches on March 10. The vulnerability is considered highly critical.
There has been a spike in web shells being detected as ransomware gangs and other attackers increasingly target vulnerable on-premises Microsoft Exchange servers following publication of proof-of-concept attack code for ProxyLogon, which is one of four zero-day flaws patched by Microsoft in early March.
If recent attacks have taught anything, it’s that defenses are insufficient, and no entity can stand alone against the forces of nation-state adversaries. It’s time for enhanced data sharing under the umbrella of collective defense, says Brett Williams, co-founder of IronNet Cybersecurity.
Four editors at Information Security Media Group - Tom Field, Anna Delaney, Mathew Schwartz and Tony Morbin - review this week’s most important cybersecurity developments, from nation-state threats and supply chain risk, to combating ransomware and adopting a zero trust strategy.
A Swiss national who recently highlighted flaws in Verkada surveillance cameras has been charged with criminal hacking by a U.S. federal grand jury and accused of illegally accessing and leaking data from numerous organizations, apparently including Intel, Nissan and the U.S. National Reconnaissance Office.
A Russian national who conspired to extort millions from electric car manufacturer Tesla by trying to plant malware in the company's network has pleaded guilty to a single federal conspiracy charge, according to the U.S. Justice Department. The FBI thwarted the plot before it could be carried out.
This edition of the ISMG Security Report features an analysis of the Microsoft Exchange on-premises server hacks – from who might have leaked the vulnerability exploits to how ransomware gangs are taking advantage of the flaws. Also featured: Tackling the cybercrime business model; assessing "zero trust."
Don’t call it a product, and don’t try to create a standard around it - "zero trust" is a strategy, says John Kindervag, the former Forrester analyst who created it. As he steps into his new role at ON2IT Cybersecurity, his goal is to help make zero trust easy to implement.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.