Online sports retailer Sports Warehouse has agreed overhaul its security program and pay a $300,000 fine to New York State after hackers stole 20 years' worth of payment card data and customer information the company was storing in plaintext on its e-commerce server.
State-aligned hackers are increasingly targeting small and medium-sized businesses worldwide, as SMBs are more likely to be under-protected against cybersecurity threats such as phishing campaigns, according to a new report by cybersecurity firm Proofpoint.
Researchers have identified two legitimate-looking malicious npm packages that concealed an open-source info stealer for two months before being detected and removed. Developers downloaded the TurkoRat malware about 1,200 times from open-source repositories.
Data443 has bought Cyren's threat intelligence, URL categorization and email security technology out of bankruptcy for up to $3.5 million. Buying Cyren's anti-spam, virus outbreak detection, IP reputation, URL filtering and Threat InDepth data feeds will boost Data443's existing product portfolio.
How many fires are you putting out before your first cup of coffee? How many before lunch? Why is it that security professionals seemingly can’t start their mission until 3pm? Prioritizing which parts of your business need to be fixed first is daunting and your day is likely preempted by account lockouts, breaches...
Threat intelligence is an important component of OT security because it maps the techniques and tactics of threat actors to what they are likely to attack, and it collaborates across teams to cover potential vulnerabilities, according to CISOs Susan Koski and Sapan Talwar.
As ransomware actors get innovative and attacks keep growing at a brisk pace, threat intelligence and incident response plans are now more vital for businesses. But responding calmly in all that chaos is equally important and should be done the right way, said Palo Alto Networks' Wendi Whitmore.
Mass exploitation campaigns are the latest of many criminal innovations in 2023. Based on tracing ransom payments, they weren't very profitable. But ransomware actors do love their zero-days, said Allan Liska, principal intelligence analyst at Recorded Future.
A top challenge businesses face is the lack of knowledge about what digital assets they have, making it difficult to protect them, respond to attacks, and collect evidence. External threat intelligence and attack surface management are colliding as companies look to respond effectively to threats.
According to this year’s SANS Threat Hunting Survey, threat hunting resourcing is an “ever-growing staffing nightmare.” 73% of this year’s respondents claimed that their biggest challenge is finding skilled staff. This is a 7% increase over 2022, and a whopping 43% increase over 2021.
This talent drought...
The intelligence community long refrained from adopting open-source technology, but its value has become evident with the rise of cloud computing and machine learning. Practitioners also are shifting toward open-source intelligence to augment the information obtained through human intelligence.
It's getting harder to distinguish between normal and unusual threat activity, with more sophisticated attacks exacerbated by hybrid work and, soon, AI attacks. Defenders need correlated rather than isolated telemetry to get more signal and less noise, say Jeetu Patel and Tom Gillis of Cisco.
Cybersecurity is forever a growing concern for organisations of all sizes. The challenges include a spike in threats, the evolving technology landscape that increases the threat surface, the impact of regulation, too many isolated point products, and a lack of skills and budget for adequate defence.
Mandiant's 14th edition of M-Trends has been released, offering a comprehensive and insightful examination of the constantly evolving cyber threat landscape. Drawing upon Mandiant's extensive experience in incident response investigations and threat intelligence analysis, the report delves into high-impact attacks and...
New resources released Monday from a high-profile federal advisory group provide insights into the state of healthcare sector preparedness and best practices for dealing with evolving cyberthreats, according to Erik Decker, CISO of Intermountain Healthcare and co-chair of the task force.