London's Metropolitan Police Service is investigating a serious data breach that may have exposed names, ranks and photographs for potentially all 47,000 personnel, after someone gained "unauthorized access to the IT system" of one of its suppliers.
APIs have become increasingly popular as they are used to connect different systems, services and applications. But this makes them an attractive target for cybercriminals who want to exploits flaws and access sensitive data. Here are five critical reasons you need to conduct API security testing.
APIs are susceptible to various security threats and vulnerabilities, but by adopting robust API runtime protection strategies, organizations can mitigate risks and ensure the ongoing availability, integrity and confidentiality of their APIs. Here are five reasons to provide APU runtime protection.
Ransomware and data exfiltration attacks continue to stick victims with serious bills to cover cleanup, legal and other resulting costs - to the tune of $10.8 million and counting for cloud computing giant Rackspace, for one. Rackspace was hit by the Play ransomware group last year.
Venture-backed cloud security firm Wiz swallowing up publicly traded endpoint security firm SentinelOne would be one of the most unorthodox and surprising acquisitions the cybersecurity industry has ever seen. But despite the major financial hurdles, the potential technology synergies are obvious.
A backdoor Trojan known as SmokeLoader is deploying a customized Wi-Fi scanning executable to triangulate the location of infected Windows devices. The malware, dubbed "Whiffy Recon," uses nearby Wi-Fi access points as a data point for Google's geolocation API.
Researchers spotted North Korean state hackers deploying a more compact remote access Trojan through a flaw in IT service management software in a campaign affecting European and U.S. critical infrastructure. Cisco Talos said the Lazarus Group in May started to deploy a Trojan it named QuiteRAT.
In the latest weekly update, ISMG editors discuss the shifting dynamics of cyber insurance, why APAC is approaching privacy regulations around emerging technologies, and how U.S. authorities charged the co-founders of cryptocurrency mixer Tornado Cash with money laundering.
Chinese state hackers are targeting Taiwanese organizations, likely for espionage, in a difficult-to-detect campaign that relies on Windows utilities. Microsoft dubbed the threat actor Flax Typhoon in a Thursday blog post and said the hackers seek persistence, lateral movement and credential access.
A new healthcare-focused research agency is seeking proposals for innovative cybersecurity technologies that can apply a national security approach to protecting this highly targeted civilian industry. Today's off-the-shelf software is falling short, the agency said.
Third-party targeting by attackers has intensified due to the interconnectedness of the business world, enabling adversaries to exploit intermediaries for access. With the surge in cloud adoption, visibility in the cloud is paramount, advised Levi Gundert, chief security officer at Recorded Future.
While a significant number of attacks are not yet AI-driven, there's a noticeable shift in the creation of generative malware and lures for business email compromise, warned Ashan Willy, CEO at Proofpoint. LLMs are being used to create enticing lures in foreign languages to target broader audiences.
Malicious actors often devise ingenuous ways to infiltrate networks. Michael Sikorski, CTO and vice president of engineering of Unit 42 at Palo Alto Networks, shed light on an unconventional tactic deployed by Russian hackers: the Trojanization of legitimate advertisements.
Hackers are using a tool set that first appeared in 2020 and apparently was developed by Turkish speakers to deploy Scarab ransomware, said Eset researchers. They dubbed the threat actors behind it CosmicBeetle and assess with "high confidence" that they exploit the 2020 vulnerability ZeroLogon.
This week, a ransomware gang claimed responsibility for attacks on a multistate U.S. hospital chain, a cyberattack disrupted expat voting in Ecuador, Africa cracked down on cybercrime, Latitude Financial said its hacking incident cost AU$76 million, and new malware targeted macOS users.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.