Author: Jai Vijayan Contributing Writer

A lack of contextual information and concerns over application disruption among contributing factors.

A new report suggests that top management at most companies still don’t get security.

The SEC has sent out letters to some investment firms and publicly listed companies seeking information, Reuters says.

Tactic continues recent trend by attackers to use trusted cloud services to send and host malicious content.

Six previously “under-attacked” vertical industries saw a surge in data breaches last year due to COVID-19 related disruptions and other factors, new data shows.

Growing list of similar actions in recent months may finally be scaring some operators into quitting, but threat is far from over, security experts say.

Growing list of similar actions in recent months may finally be scaring some operators into quitting, but threat is far from over, security experts say.

Three weeks after company disclosed two critical vulnerabilities in the workload management utility, many organizations have not patched the technology yet, security vendor says.

But volume of malware, botnet, and other exploit activity declined because of the Emotet botnet takedown.

A new analysis of iOS and Android apps released to Apple’s and Google’s app stores over the past five years found many to be deliberately breaking HTTPS protections.

“Prometheus” is the latest example of how the ransomware-as-a-service model is letting new gangs scale up operations quickly.

The cybersecurity landscape continues to spawn new companies and attract new investments. Here is just a sampling of what the industry has to offer.

Many organizations remain unprepared to detect, respond, and contain a breach, a new survey shows.

Eradicating ‘privileged intruders’ from the network in the aftermath of an attack poses major challenges, experts say.

Organizations should apply principles of least privilege to mitigate threats, security researcher says.

Ten years of passive DNS data shows classic TLDs such as .com and .net dominate newer TLDs in popularity and use, new report says.

Hardware maker has issued an update to fix multiple critical privilege escalation vulnerabilities that have gone undetected since 2009.

UNC2447 observed targeting now-patched vulnerability in SonicWall VPN.

Ironically, EDR’s success has spawned demand for technology that extends beyond it.

Several gigabytes of sensitive data stolen from one restricted network, with organizations in more than 12 countries impacted, Kaspersky says.

LazyScript bears similarities to some Middle Eastern groups but appears to be a distinct operation of its own, Malwarebytes says.

The tactic makes it much harder for defenders to take down botnets via sinkholing and other standard techniques, Akamai says.

FireEye Mandiant says it discovered data stolen via flaw in Accellion FTA had landed on a Dark Web site associated with a known Russia-based threat group.

In a nearly 200-page document, company offers a detailed overview of Secure Enclave and multiple other security controls in Apple silicon-based Macs and other platforms.

FBI, CISA, and Treasury Department also release details about North Korean malware used in cryptocurrency thefts since 2018.

The third stage, when threat actors rush to use stolen usernames and password pairs in credential-stuffing attacks, is the most damaging for organizations, F5 says.

Consumer banks, exchanges, payment firms, and card issuing companies around the globe were among those hit.

Expect increase in ransomware and ‘triple extortion’ attacks, Cyber Threat Intelligence League says.

Two months after the news first broke, many questions remain about the sophisticated cyber-espionage campaign.

Flaw leaves millions of IT, OT, and IoT devices vulnerable to attack.

A new investigation of two known threat groups show cyber actors are spying on mobile devices and PCs belonging to targeted users around the world.