The Senate Intelligence Committee's hearing about the supply chain attack that affected SolarWinds and dozens of other companies and federal agencies answered some questions about what went wrong but also raised four key issues.
The cybersecurity agencies of five countries have issued a joint advisory warning that hackers are exploiting vulnerabilities in the Accellion File Transfer Appliance to steal data and execute ransomware. Australia's Transport for New South Wales and Canada's Bombardier are the latest victims to be revealed.
The Python Software Foundation is issuing updates for Python 3.9.2 and 3.8.8 to address critical security vulnerabilities, including a remote code execution vulnerability that can be exploited to shut down systems.
A newly-discovered phishing campaign posts harvested credentials using the Telegram messaging app's application programming interface to bypass secure email gateways, report researchers at the Cofense Phishing Defense Center.
SonicWall was recently attacked via a zero-day flaw in one of its own products. Curiously, SonicWall hasn't said much about the extent and damage of the breach since its announcement. But there are strong indications it may have been targeted by an extortion attempt.
As online activity increases and digital footprints expand, so too does the overall application attack surface. The recent shifts in consumer behaviours have greatly accelerated business digital transformation and compounded the associated application fraud and abuse.
In response, security, fraud and marketing...
Autonomous vehicle manufacturers are advised to adopt security-by-design models to mitigate cybersecurity risks, as artificial intelligence is susceptible to evasion and poisoning attacks, says a new ENISA report.
The "Cuba" ransomware gang has hit Seattle-based Automatic Funds Transfer Services, which processes data from California's Department of Motor Vehicles as well as many cities in Washington. Victim organizations say AFTS is investigating the incident and that an unknown amount of individuals' data was exposed.
In an update on the investigation into the SolarWinds supply chain attack, Deputy National Security Adviser Anne Neuberger said the Biden administration is preparing "executive action" to address security shortcomings that have come to light.
In 2020, a cybercrime operation known as ShinyHunters breached nearly 50 organizations, security researchers say. And this year, it shows no signs of slowing down - it's already hacked e-commerce site Bonobo and dating site MeetMindful.
In the last two years, 51% of financial services institutions (FSIs) have experienced a data breach, and the severity and volume of cyberattacks continue to increase. A global survey of 469 cybersecurity professionals shows that FSIs can dramatically reduce the
risk of being breached by improving end-toend...
The severity and volume of cyber attacks is increasing. However, most organizations are not comparably enhancing their abilities to prevent hackers from exploiting attack vectors. In fact, it’s taking longer to detect and longer to patch critical vulnerabilities than last year. The cost and
consequences of this...
In our 22-criterion evaluation of GRC platform providers, we identified the 12 most significant ones — Enablon; Galvanize; IBM; LogicManager; MetricStream; NAVEX Global; Riskonnect; RSA, a Dell Technologies Company; SAI Global; SAP; ServiceNow; and Workiva — and researched, analyzed, and scored them. This report...
A remote code vulnerability in the Android version of the file-sharing app SHAREit could allow hackers to tamper with the app's permissions, enabling them to steal sensitive data, reports security firm Trend Micro.