Has the notorious REvil, aka Sodinokibi, ransomware operation rebooted as "Ransom Cartel"? Security experts say the new group has technical and other crossovers with REvil. But whether the new group is a spinoff of REvil, bought the tools, or is simply copying how they work, remains unclear.
When it comes to cyber intrusions launched by one nation-state against another, where's the red line? While blame has yet to be cast for a wiper malware attack against Ukrainian government systems, researchers say the infections tie to network intrusions that began last summer.
New developments have emerged in the case of the Israel Police allegedly using the flagship spyware of NSO Group, Pegasus, on its own citizens, with reported targets including critics of former Prime Minister Benjamin Netanyahu, among others. Following a bombshell local report, high-ranking Israeli officials have...
Among the simplest things that vendors can do to help improve the cybersecurity of their products is providing better transparency, especially regarding the third-party components contained in their technology, says Rob Suárez, CISO of medical device maker Becton Dickinson.
JPMorgan Chase will earmark $12 billion for technological updates - including cloud migration, upgrading legacy architecture, data strategy, and emerging technologies. About half of this budget will go toward security modernization, while the other half will be invested into digital innovation.
Endpoint detection and response software news: The entity formerly known as McAfee Enterprise and FireEye Products has a new name: Trellix. Think of a "security trellis to businesses across the globe, giving them support they need to keep them safe," says CEO Bryan Palma. Will customers and prospects buy in?
India's Personal Data Protection - or PDP - Bill is "a useful framework that requires organizations to analyze the sensitivity of data that they collect and process and use this analysis to adopt a customized cybersecurity plan," says Keshav Dhakad, general counsel and group head of corporate, external and legal...
To fight threats, security practitioners need to develop a proactive, offensive risk quantification strategy to establish cyber resilience, says Shaik J. Ahmed, vice president of risk, governance and information security at Mashreq Bank.
In the midst of a global pandemic, the federal breach tally shows that a record number of major health data breaches were reported in the U.S. in 2021, and the overwhelming majority of them involved hacking/IT incidents. Will those trends continue in 2022?
"We came up with a structured, documented approach to respond to mitigating the Log4j vulnerability using the EDR scanning tools along with a code validation, containerization, and sandboxing of our applications and networks," says Ian Keller, security director at Ericsson.
The latest edition of the ISMG Security Report features an analysis of how attackers are distributing Night Sky crypto-locking malware to exploit Log4j vulnerabilities, lessons learned from Log4j and a security flaw that affects some Tesla-built vehicles.
Maryland officials confirm that a December cyberattack on the state's health department, which is still disrupting some services, involved ransomware - but that no ransom was paid. Also, lawsuits have been filed against a Florida specialty pharmacy in the wake of a November cyber incident.
As staff increasingly connect to networks using internet of things devices, researchers have found a new way of detecting malware on IoT devices. The method leverages electromagnetic field emanations and can detect stealthy malware on the devices even in the presence of obfuscation techniques.
Cisco Talos researchers have discovered a heap-based buffer overflow vulnerability in the Chitubox Anycubic plug-in. The vulnerability - which scores a 7.8 in criticality - triggers if the user opens a specially crafted .gf file. There is no official fix available.