Since at least 2016, hacked websites have targeted zero-day flaws in current versions of Apple iOS to surreptitiously implant data-stealing and location-tracking malware, says Google's Project Zero team. Apple patched the latest vulnerabilities in February.
An emerging cyber espionage group that apparently started its work in South Africa last year is now focusing on targeting critical control systems for oil and gas companies in the Middle East, according to researchers at two cybersecurity firms.
Applying a "zero trust" model is fast becoming essential for organizations as the mobile workforce uses a variety of devices to access applications and services running in-house and with external providers, says Duo Security's Jaret Osborne.
Mike Krygier of the New York City Cyber Command outlines threats to connected cities and critical infrastructure, including ransomware, and what steps can be taken to mitigate risks
Security practitioners often overlook the risks of third-party resources, says Ryan Davis of Veracode, who outlines the biggest potential pitfalls and describes effective risk management techniques.
The latest edition of the ISMG Security Report offers an analysis of how French cyber police disrupted a cryptomining malware gang. Also featured: Apple's botched patching of a jailbreaking vulnerability; an industry veteran's insights on battling payment card fraud.
Artificial intelligence and machine learning must be judiciously used, such as when monitoring internet of things devices, says David De Roure, professor of e-research at the University of Oxford, who offers insights on IoT risk management.
A new variant of the TrickBot banking Trojan is enabling attackers to conduct SIM swapping schemes against Verizon Wireless, Sprint and T-Mobile customers in the U.S., potentially paving the way for account takeover fraud, according to a report from Dell's SecureWorks division.
In a series of recent attacks attributed to the umbrella criminal group known as Magecart, malicious JavaScript code was injected into over 80 e-commerce websites to steal credit card and other customer data, according to a new report from the security firm Arxan, which highlights the sites' vulnerabilities.
A federal grand jury indictment of Seattle software engineer Paige A. Thompson charges her with stealing 100 million records from Capital One, stealing data from at least 29 other organizations, as well as using hacked cloud computing servers to mine for cryptocurrency.
When it comes to rethinking how enterprises structure their cybersecurity teams, Deborah Kish of Fasoo says that teamwork and better coordination among stakeholders are essential.
The United States' June cyberattack against Iran wiped out a critical database used by the nation's paramilitary arm to plan attacks against oil tankers and at least temporarily degraded Iran's ability to covertly target Persian Gulf shipping traffic, the New York Times reports.
Security firm Imperva is notifying some of its Cloud Web Application Firewall customers about a "security incident" that exposed certain data, CEO Chris Hylen reports in a blog post. What risks does the exposure create?
French police say they've disrupted the operations of the Retadup malware gang by subverting attackers' command-and-control infrastructure to delete the malicious code from 850,000 infected PCs and servers worldwide. The move came after police received a tip and technical assistance from security firm Avast.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.