A record fine and two new compromises kick off the autumn compromise season.
Deloitte estimates cybercrime costs to reach $6 trillion annually -- but companies still lag in preparedness.
The social network will crack down on those spreading disinformation in an effort to keep people away from the polls.
Evidence shows that three of the most destructive incidents seen in modern cyber-history are the work of one APT.
A survey of ICS security posture found outdated firewalls, improper segmentation password mistakes and more.
The official update from Microsoft only limits the vulnerability, according to 0Patch.
Gym customer data, including contact information, birth dates and height/weight data, opens the door to convincing follow-on social-engineering attacks.
Meanwhile, the LokiPWS (a.k.a. Lokibot) malware family distribution is surging.
GPlayed may be the new face of malware -- flexible and adaptable, with a Swiss Army knife-like toolbox that can be used to target pretty much anyone.
This is the second local privilege-escalation zero-day this APT group has exploited.
A brand-new approach to harvesting credentials hinges on users' lack of cloud savvy.
This year's Virus Bulletin conference featured top-tier research from some of the world's best threat intelligence experts.
Google was caught not disclosing a potential data breach -- leaving questions as to whether a lack of transparency is the new normal.
Most of the attacks originated in China.
A spyware attack on a Saudi dissident living in Canada made headlines this week, but Citizen Lab warns that simpler attacks are the real epidemic.
The business of fake likes and followers turns out to be a sprawling enterprise -- likely tied back to IoT botnet activity.
Russian-speaking Turla has also racked up more victims in its latest APT campaign.
This code-signing issue represents a new attack vector, according to the researcher.
Supply-chain attacks are on the rise, but machine learning provides the edge that the security industry needs to keep up.
Attractive to both white-hats and cybercriminals, AI's role in security has yet to find an equilibrium between the two sides.
Businesses are increasingly adopting artificial intelligence, but all too often these platforms don't feature security-by-design.
The relationship between the malware and the APT group remains somewhat murky.
The free online office suite software is used by more than 30 million people and is a ripe target for criminals.
Password-sharing persists, but at least multifactor authentication usage is up.
The Gazorp online builder makes it easy to start stealing passwords, credit-card information, cryptocurrency wallet data and more.
Android, Debian and Ubuntu users are still at risk.
More than 20 percent of GitHub repositories containing an attack tool or an exploit proof of concept (PoC) are written in Python.
Researchers said the vulnerability "is very easy to exploit."
Malicious apps can trivially thwart Mojave 10.14's new privacy protections.
A recent cryptomining campaign shows criminal ingenuity.
Chrome users are now automatically signed into the browser if they're signed into any other Google service, such as Gmail.
Cisco has patched vulnerability in its video surveillance manager software that could give an unauthenticated, remote attacker the ability to execute arbitrary commands on targeted systems.
Many different threat actors are using this crypting service/tool for their operations, possibly buying it from the developer itself.
Microsoft said that it's working on a fix for a zero-day flaw in its JET Database Engine.
The threat actor's Android-focused cyber-arms package, dubbed Black Rose Lucy, is limited in reach for now, but clearly has global ambitions.
The incident, hard on the heels of the British Airways breach, shows that Magecart is quickly evolving and shows no signs of slowing down.
Outdated security practices made it simple to access other people's receipts for everything from traffic tickets to paying bail.
The attack bypasses BIOS mitigations for cold-boot compromise on models from Apple, Dell, Lenovo and all others made in the last 10 years.
The rules would apply to all hosting service providers offering services in the E.U., regardless of size, even if they’re not based there.
The Iran-linked APT appears to be in a state of continuous tool development, analogous to the DevOps efforts seen in the legitimate software world.
The second-most popular delivery method is CVE-2017-11882, a patched Microsoft vulnerability that allows the attacker to perform arbitrary code-execution.
The development fits a trend that sees threat actors turning to well-known, commodity malware, overcoming its easy detection with ever-better obfuscation methods.
Osiris’ fundamental makeup positions it in the fore of malware trends, despite being based on old source code that’s been knocking around for years.