Chinese APT group Mustang Panda is deploying a previously unseen malware backdoor dubbed MQsTTang as part of a spear-phishing campaign targeting governmental organizations, specifically in Ukraine and Taiwan, security firm Eset says. The malware is currently being spread as RAR files, it adds.
Eset researchers discovered the first in-the-wild bootkit malware, BlackLotus, bypassing security and booting up on fully up-to-date Windows 11 systems. Researchers found the Unified Extensible Firmware Interface bootkit in 2022, being sold on hacking forums for $5,000.
In the latest weekly update, four ISMG editors share highlights of ISMG's upcoming Engage Toronto event and discuss how the U.S. Supreme Court may undercut the identity theft statute and how - despite tough economic times - vendor Wiz boosted its valuation by $4 billion in 16 months.
Threat actors actively targeting multinational clients of data center outsourcers and help desk providers in China and Singapore are posting stolen credentials for sale on data leak sites, and cybersecurity firm Resecurity says these actions could be part of a nation-state cyberespionage campaign.
The Biden administration, in its new national cybersecurity strategy, is doubling down on its efforts to combat ransomware, in part by designating it as a national security problem. Experts say this puts more "instruments of national power" - including military options - at the president's disposal.
Cybersecurity will take its place alongside chemical contaminant removal as an element the U.S. Environmental Protection Agency says public water systems must mitigate. "Cyberattacks that are targeting water systems are real and a significant threat," said an EPA official.
Zscaler has axed nearly 180 workers after more deliberation from new customers around large purchasing decisions led to reduced billings growth. The company revealed plans to cut its 5,900-person staff by roughly 3% - or about 177 positions - as it adapts to a more challenging business environment.
Hewlett Packard Enterprise will soon offer clients single-vendor SASE after agreeing to buy a security service edge startup founded by a Symantec security researcher. HPE will combine the cloud, web and data security technology acquired from Axis Security with its SD-WAN tool from Silver Peak.
A Georgia man who is the chief operating officer of a network security firm can't escape criminal charges related to a 2018 cyberattack against a local medical center. Vikas Singla faces 18 charges of illegal hacking, including 15 charges for disrupting a Lexmark printer network.
A new federal strategy to make commercial manufacturers liable for insecure software requires an attainable safe harbor policy and could be a disincentive for software manufacturers in sharing important vulnerability information with the U.S. government, according to industry observers.
Retired Air Force Gen. Gregory Touhill, the very first U.S. federal CISO back in the Obama administration, says he's encouraged by the new U.S. National Cybersecurity Strategy. His top takeaway: the shift of cybersecurity responsibility from consumers to manufacturers of vulnerable products.
Online counseling provider BetterHelp is set to come under two decades of privacy monitoring by the U.S. Federal Trade Commission after settling allegations that it violated users' privacy by sharing identifying information with social media platforms including Facebook.
Tom Kellermann has never tempered his criticism of U.S. cybersecurity policies. But he is openly enthusiastic about the National Cybersecurity Strategy unveiled March 2. "I was blown away," Kellermann says about the Biden administration's new five-pillar policy. "Seriously, this is a true strategy."
In this week's roundup: an incident affecting News Corp and ransomware at Dish Network, Washington's Pierce Transit and the U.S. Marshals Service. Also: a DDoS attack on Danish hospitals from a threat actor that isn't what it claims and a bit of good news about a ransomware decryptor.
High street retailer WH Smith reports that it suffered a hack attack that led to the exposure of current and former employees' personal data, but no exposure of customer data or website disruption. It's the latest big British business in recent months to suffer a data breach or ransomware attack.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.eu, you agree to our use of cookies.