OptinMonster, a WordPress plug-in used in more than 1 million websites for sales campaign creation, was vulnerable to high-severity bugs, according to Wordfence researchers. An updated version of the plug-in has patched the flaws.
As the global pandemic enters its second year, IT and infosec teams continue to face challenges on all sides. On top of “ordinary” cybersecurity issues, they’re dealing with an explosion of pandemic-themed phishing scams and a surge in ransomware attacks. How well prepared are users?
Four ISMG editors discuss important cybersecurity issues, including law enforcement authorities' disruption of ransomware gang REvil's operations, how to collaborate as an industry to fight the surge in ransomware attacks hitting businesses, and increasing diversity and inclusion in the workplace.
Microsoft launched a four-year campaign on Thursday with community colleges in the U.S. aimed at recruiting hundreds of thousands of people into the field of cybersecurity. The goal is to fill an expected shortfall of 250,000 workers in cybersecurity, which Microsoft says means rising risk.
The National Rifle Association has reportedly fallen victim to a ransomware attack at the hands of a Russian cybercriminal gang known as Grief. The group has reportedly posted 13 files to its website after claiming to have hacked the gun rights advocacy group.
North Korean advanced persistent threat group Lazarus - aka Hidden Cobra - is developing supply chain attack capabilities using its multiplatform malware framework, MATA, for cyberespionage goals, according to researchers from Kaspersky.
CISA announced that Washington Secretary of State Kim Wyman will be the agency's senior election security lead. She will become a top security official within the Biden administration, inheriting a role that has garnered public attention following interference in 2016 and fraud claims in 2020.
As vice president of Red Team Services at CyberArk, Shay Nahari has an up-close view of an enterprise's soft defenses. He sees adversaries attack workforce users and compromise credentials. The lines between identity and privilege are colliding. More than ever, Nahari says, context matters.
Singapore healthcare firm Fullerton Health confirms that a data breach in the server of its vendor partner Agape Connecting People was responsible for the leak of 400,000 user accounts. The incident marks the fourth major data breach incident involving third-party vendors in Singapore this year.
Telecom company Voipfone has come under a severe "extortion-based" DDoS attack from foreign entities, according to a tweet by the U.K.-based company. The attack is likely a continuation of the one observed on Thursday, although the company stated that all its systems remained operational.
The U.S. Department of State will create a Bureau of Cyberspace and Digital Policy, led by a Senate-confirmed ambassador-at-large, to advance its cybersecurity diplomacy efforts, according to Secretary of State Antony Blinken. The move is a response to a challenging global threat landscape.
Where is cryptocurrency being adopted most broadly? Where are scams emerging, and where is there growing grassroots support? These are among the questions answered by the Chainalysis 2021 Global Cryptocurrency Adoption report. Researcher Kimberly Grauer shares findings and analysis.
Will the notorious ransomware operation known as REvil, aka Sodinokibi, reboot yet again after someone apparently messed with its infrastructure? Experts suggest that the operation's brand is burned, and administrators will launch a new group. Many affiliates, meanwhile, already work with multiple groups.
As the workplace quickly evolves, people are working from everywhere and accessing data from anywhere. Suddenly CISOs must manage not just external threats, but countless risks from within which always prove more elusive and harder to detect or prevent than traditional external ones. While the most common insider...
International law enforcement officials on Tuesday announced that some 150 suspects have been arrested globally for buying or selling illegal goods, following a 10-month sting operation, code name "Operation DarkHunTOR," targeting the dark web.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing cuinfosecurity.com, you agree to our use of cookies.