Security experts are urging organizations to patch a newly revealed serious flaw in Microsoft SharePoint as quickly as possible because proof-of-concept exploit code is already available. The U.K.'s National Cyber Security Center warns that hackers frequently target fresh SharePoint flaws.
Ransomware attacks remain the top cyber-enabled threat seen by law enforcement. But phishing, business email compromises and other types of fraud - many now using a COVID-19 theme - also loom large, Europol warns in its latest Internet Organized Crime Threat Assessment.
U.S. federal agencies operate some of the world's largest and most complex digital networks, but many of them rely on older, legacy technology for critical operations. Add to this the fact that the federal government is highly targeted by nationstate adversaries and traditional criminals alike, and the need for...
Prior to COVID-19, Kumar Ramachandran of Palo Alto Networks declared 2020 the "year of the early majority" for SD-WAN adoption. How has the pandemic only amped up the need for better bandwidth, visibility and centralized management - all at a lower cost? Ramachandran explains.
Russian criminals operating online who want to stay out of jail need only to follow a few simple rules, the primary one being: Never target Russians. So it's surprising that security researchers have uncovered a new ransomware-wielding gang of Russian speakers that includes Russian victims on its hit list.
Ransomware continues to pose a "significant" threat, and email remains one of the top attack vectors being used by both criminals and nation-states, Australia's Cyber Security Center warns in its latest "Cyber Threat Report," which urges organizations to improve their defenses.
In a court filing, online voting startup Voatz argues that most security research should be limited to those who have clear permission to probe systems and software for vulnerabilities. The amicus brief is part of a U.S. Supreme Court case that could redefine a federal computer law.
The need for enhanced business agility and secure remote access to support digital transformation has led to the adoption of the security access service edge, or SASE, model, says Rajpreet Kaur, senior principal analyst at Gartner.
State election committees and IT leaders need to protect the integrity of the voting process by preventing unauthorized access to the election systems. CrowdStrike's advisory services provide the best practice frameworks needed to assess and enhance cyber maturity levels across the voting process, leveraging deep...
In terms of election cybersecurity, is the U.S. better off in 2020 than it was in 2016? Christopher Krebs, Director of the Cybersecurity and Infrastructure Security Agency, answers this question and more in an exclusive keynote that tackles:
The state of election security
Myths and realities about foreign...
Britain's U-turn on Huawei, announcing that it will now ban the manufacturer's gear from its 5G networks, highlights this as yet unresolved problem: Years of underinvestment and policy failures have left Britain and its allies with no inexpensive, trusted alternative.
Federal agencies will add a layer of security to their websites that use the top-level domain .gov. All the sites eventually will use the HSTS protocol, which ensures that a user's connection to a website is encrypted and can protect against man-in-the middle attacks and cookie hijacking.
The attack sounds ripped from an episode of TV show "24": Hackers have infiltrated a government network, and they're days away from unleashing ransomware. Unfortunately for Florence, a city in Alabama, no one saved the day, and officials are sending $300,000 in bitcoins to attackers for a decryption key.
Europe is targeting financial and economic crime, including fraud and money laundering, via the new European Financial and Economic Crime Center, hosted by the EU's law enforcement intelligence agency Europol. Officials say the launch of such a center during the COVID-19 pandemic is no accident.
Surveillance researchers at Citizen Lab have tied thousands of "Dark Basin" corporate espionage phishing attacks to a small Indian cybersecurity firm called BellTroX InfoTech Services. It's led by Sumit Gupta, who was indicted by the U.S. in 2015 for criminal hacking on behalf of private investigators.