Security researchers say API flaws could have exposed the private data of millions of Peloton fitness equipment online service users for months before they were recently patched.
The websites of about 200 public and private entities in Belgium were knocked fully or partially offline Tuesday by a distributed denial-of-service attack against the publicly funded internet service provider Belnet.
The average amount of time that online attackers camp out in a victim's network - or "dwell time" - has been declining, FireEye's Mandiant incident response group reports. But the surge in ransomware accounts for some attacks coming to light more quickly because those attackers announce their presence.
The NSA is offering operational technology security guidance for the Defense Department as well as third-party military contractors and others in the wake of the SolarWinds supply chain attack. The agency notes that attackers could use IT exploits to pivot to OT systems.
The FBI has shared 4.3 million email addresses stolen by the Emotet malware with the Have I Been Pwned breach notification site. The entry of those addresses into the site increases the chance that those infected with Emotet can take remediation actions, such as changing passwords.
A Russian botnet group called Prometei is exploiting unpatched Microsoft Exchange Server vulnerabilities to mine cryptocurrency across the world, a new report by security firm Cybereason finds.
The U.S. Cybersecurity and Infrastructure Security Agency, Ivanti and FireEye report that federal agencies and other entities have been compromised by two attack groups, with one possibly acting on behalf of the Chinese government. The groups are exploiting vulnerabilities in Ivanti's Pulse Connect Secure.
The University of Hertfordshire has sustained a cyber incident that severely affected students' online classes and an assignment submission portal. The university, however, notes the incident did not lead to data theft.
The NBA's Houston Rockets reported on Wednesday that the organization was recently hit with a ransomware attack for which the Babuk cyber gang has taken responsibility. Babuk ransomware is known to be buggy and cannot always be decrypted - even with the proper key.
Four editors at Information Security Media Group discuss important cybersecurity issues, including Facebook’s latest data leak and how adversaries continue to innovate and evolve.
Chad Wolf, the former acting secretary for the Department of Homeland Security, has confirmed the accuracy of an earlier news report saying that the SolarWinds supply chain attackers gained access to his unclassified DHS email accounts, which included calendar details.
Brokerage account takeover, supply chain attacks, destructive attacks and those that seek to manipulate time or time stamps are among the latest threats uncovered in the new Modern Bank Heists report authored by Tom Kellermann at VMware Carbon Black.
Criminals love to amass and sell vast quantities of user data, but not all data leaks necessarily pose a risk to users. Even so, the ease with which would-be attackers can amass user data is a reminder to organizations to lock down inappropriate access as much as possible.
Facebook has been attempting to dismiss the appearance of a massive trove of user data by claiming it wasn't hacked, but scraped. No matter how the theft is characterized, 533 million users have just learned that their nonpublic profile details were stolen and sold to fraudsters.
President Joe Biden is asking Congress to boost CISA's budget by $110 million to help enable the agency to address a range of cybersecurity issues following several high-profile incidents in the past six months.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.eu, you agree to our use of cookies.
