The FBI is warning the U.S. higher education sector about compromised sensitive credentials and network access information advertised for sale across various public and Dark Web forums. The agency states that this access to credentials could potentially lead to a cyberattack.
Police in Nigeria this week arrested a 37-year-old man who's been charged with masterminding "a criminal syndicate tied to massive business email compromise and phishing campaigns," Interpol reports. But with known BEC losses last year exceeding $2.4 billion, will the arrest have a noticeable impact?
Since at least the middle of last year, online attackers have been increasingly targeting the financial services sector.
So warns John Fokker, principal engineer and head of cyber investigations for the Advanced Threat Research group at cybersecurity firm Trellix. He says Trellix's latest threat assessment found a...
A former IT consultant has been charged with allegedly hacking into a computer server of a healthcare company client that had months earlier denied him employment with the organization. Experts say the case spotlights insider threats that must not be underestimated.
Ransomware gang Black Basta, which came to prominence in April, has claimed responsibility on its leak site for a ransomware attack on AGCO. An AGCO spokesperson confirmed to ISMG that employee data was exfiltrated during an attack but did not comment on Black Basta's claims of responsibility.
Indian passenger airline SpiceJet says an attempt at a ransomware attack was made against its IT infrastructure on Tuesday night. The airline says the attack was "contained," and it has resumed regular operations. Passengers continued to complain about takeoff delays until noon local time.
DevOps is a movement that enables collaboration throughout the entire software delivery lifecycle by uniting two teams: development and operations. The benefits of DevOps can extend to security by embracing modern secure DevOps practices.
The security team’s way forward is to unify with DevOps in its four key...
Die DevOps-Bewegungen vereinigt Entwicklung und Operations - und zwar über den gesamten Prozess der Softwareentwicklung hinweg. Durch moderne DevSecOps-Praktiken lassen sich die Vorteile von DevOps auch auf das Thema Security übertragen.
Für mehr Sicherheit ist die Verschmelzung mit DevOps in folgenden Bereichen...
Die Regeln für den Schutz von Anwendungen und APIs haben sich geändert. Doch viele Unternehmen nutzen noch immer stark veraltete Sicherheitstools.
Laden Sie unser eBook herunter und entdecken Sie die neuen Regeln für die Web-App- und API-Sicherheit.
Erfahren Sie mehr zu folgenden Themen:
Warum Tools die...
When it comes to protecting applications and APIs, the rules have changed. Many organizations still use security tools designed for an earlier era.
Download our eBook to discover the new rules for web app and API security and why:
Tools must fight intent, not specific threats
There is no security without...
Microsoft has observed a 254% increase in activity over the past six months from a Linux Trojan called XorDdos. First discovered in 2014, XorDdos was named after its denial-of-service-related activities on Linux endpoints and servers and its usage of XOR-based encryption for its communications.
In the latest update, four ISMG editors discuss the alarming, bizarre case of a cardiologist in Venezuela charged with developing malware and recruiting affiliates, recent ransomware and data leak incidents in healthcare and how the economy is causing mature cybersecurity startups to slow hiring.
When Colonial Pipeline suffered an outage in May 2021 as a result of an attack by the DarkSide crime syndicate, numerous governments changed their approach to ransomware and began treating it as a national security threat, says Rapid7's Jen Ellis. She details what needs to happen next.
The Russian-language criminal syndicate behind the notorious Conti ransomware has retired that brand name, after having already launched multiple spinoffs to make future operations more difficult to track or disrupt, threat intelligence firm Advanced Intelligence reports.
The new Expel Quarterly Threat Report provides data on what we’re seeing,
detection opportunities, and resilience recs to help protect your organization.
We’ll dive into the trends in this report, based on incidents the Expel security
operations center (SOC) team identified through investigations into...