Bandai Namco Entertainment Inc., the developer of the game series Dark Souls, announced on Twitter that it has deactivated several severs to investigate "an issue with online services." According to discussions on Reddit, a user discovered an RCE vulnerability that can be exploited in the games.
The U.S. Department of Homeland Security is reportedly warning that the U.S. could witness a retaliatory cyberattack at the hands of Russia if it decides to respond to the latter's potential invasion of Ukraine, where 100,000 or more troops have been amassed for weeks.
The U.S. Federal Bureau of Investigation has issued a warning to consumers about cybercriminals targeting people through maliciously crafted quick response - or QR - codes that direct them to links where their credentials and financial information are siphoned off.
Microsoft researchers tracking Apache Log4j exploits last week discovered a previously undisclosed vulnerability in SolarWinds' Serv-U software. SolarWinds subsequently responded, investigated and fixed the flaw. Some observers described the new vulnerability as "surprising" and "disturbing."
Vision benefits provider EyeMed has agreed to pay $600,000 and implement a long list of data security improvements as part of a settlement with the New York attorney general's office following a 2020 email breach that affected 2.1 million individuals, including nearly 99,000 New Yorkers.
Has the notorious REvil, aka Sodinokibi, ransomware operation rebooted as "Ransom Cartel"? Security experts say the new group has technical and other crossovers with REvil. But whether the new group is a spinoff of REvil, bought the tools, or is simply copying how they work, remains unclear.
Twitter has said it is firing Peiter "Mudge" Zatko, the network security expert it hired in November 2020 as head of security. The security team changes - the CISO is also set to depart - follow "an assessment of how the organization was being led," according to a corporate memo shared with The New York Times.
FS-ISAC is piloting a new program called the Critical Providers Program that is aimed to heighten the conversation between leaders of security firms and their third-party partners. The program leverages the Connect platform, and Akamai Technologies plays a key role.
The Federal Reserve has published its long-awaited discussion paper on a central bank digital currency. In it, the Fed points to the innovative qualities of digital currencies, but stresses potential risks to the nation's financial system, including heightened cyberthreats and privacy concerns.
Cyberattacks remain a critical security concern - and a top patient safety hazard - for the healthcare and public health sector in 2022, federal authorities and other experts warned this week. Will recent takedowns of ransomware criminal gang members by law enforcement agencies help?
The European Union has initiated plans to build its own high-performance and secure DNS resolution infrastructure to reduce reliance on a few public DNS resolvers operated by non-EU entities. The service, named DNS4EU, is to be made available to all EU citizens and organizations.
Since Jan. 1, security researchers have identified six vulnerabilities affecting hundreds of thousands of WordPress websites. Cybersecurity experts say that the ubiquity of the content management platform makes it a prime target for attackers, and they offer holistic security solutions.
In the latest weekly update, four ISMG editors discuss the state of cyber insurance today and why its future is uncertain; applying a security-by-design reliability model to analyze vulnerabilities; and how Russia takes down members of the REvil ransomware group as cyber aggressions in Ukraine rise.
Although flaws in Apache Log4j software that need remediating remain widespread in organizations, "some of them are aware of the issue, some of them aren't aware of the issue, and likely this issue is going to be persisting with us for many, many years," says Jeff Macko, an offensive security expert at Kroll.
When it comes to cyber intrusions launched by one nation-state against another, where's the red line? While blame has yet to be cast for a wiper malware attack against Ukrainian government systems, researchers say the infections tie to network intrusions that began last summer.