Food delivery firm DoorDash says its customers and employees have been impacted by the phishing attack on its third-party service provider. DoorDash says it experienced "unusual and suspicious activity" on its third-party vendor's computer network that was a victim of a phishing campaign.
Preparedness is the best way to avoid having a cyberattack turn into a full breach. Organizations often realize after the breach the full impact on the organization and the systems as a whole. An effective incident response plan could better prepare your business continuity and put you in control.
This guide is...
It’s a considerable challenge to defend organizations against rapidly evolving, increasingly complex cyberthreats. Attackers are continuously adapting and evolving behaviour-wise and are also leveraging new vulnerabilities and everyday IT infrastructure to evade detection and stay one step ahead of security...
Ransomware karma: The notorious LockBit 3.0 ransomware gang's site has been disrupted via a days-long distributed-denial-of-service attack, with administrator LockBitSupp reporting that it appears to be retribution for the gang leaking files stolen from a recent victim: security firm Entrust.
Cybercriminals are getting faster and smarter, while IT and security operations grow more cumbersome. On top of a dramatic increase in data usage and the complexity of IT environments, cybercriminals are becoming more efficient with their tactics.
Organizations need scalable automation and orchestration...
Researchers uncovered a spear-phishing campaign targeting automotive and chemical manufacturers across the Spanish-speaking nations of Mexico and Spain. The latest campaign began in June 2022, uses Grandoreiro banking Trojan and impersonates Mexican government officials, Zscaler ThreatLabz reports.
As the Russia-Ukraine war continues, Ukrainian government cybersecurity official Victor Zhora says that the country's computer emergency response team has tracked more than 1,600 online attacks and that defensively, "wipers continue to be the biggest challenge."
Infoblox has invested in shifting left in the cybersecurity kill chain with on-premises, cloud and hybrid versions of its BloxOne Threat Defense tools, which help security practitioners find and identify threats earlier and mitigate risks, says President and CEO Jesper Andersen.
Research by Dun & Bradstreet says business identity fraud jumped 254% in 2020. Tools can help prevent this fraud but may create greater friction, say Andrew La Marca, senior director at Dun & Bradstreet, and Ralph Gagliardi, agent in charge, High Tech Crimes Unit, Colorado Bureau of Investigation.
The Cl0p ransomware group has been attempting to extort Thames Water, a public utility in England. Just one problem: the group attacked an entirely different water provider. Through ineptitude or outright lying, this isn't the first time that a ransomware group has claimed the wrong victim.
In the latest weekly update, four ISMG editors discuss the breach of customer engagement platform Twilio, a cyberattack on the U.K.'s NHS that has reignited concerns about supply chain security in the healthcare sector, and the U.S. Treasury clamping down on shady cryptocurrency mixers.
Cyber insurance can defray costs associated with data breaches and ransomware attacks. But Kelly Butler of the advisory firm Marsh & McLennan Companies says insurers are tightening their requirements for policies due to rising costs associated with increasingly severe incidents.
Cisco says it fell victim to a successful hack attack and data breach in May. While an attacker wielding Yanluowang ransomware claimed to have exfiltrated data and crypto-locked systems, Cisco says nothing sensitive was stolen and no systems were infected by ransomware.
ISMG caught up with 11 security executives in Las Vegas on Tuesday to discuss everything from open-source intelligence and Web3 security to training new security analysts and responding to directory attacks. Here's a look at some of the most interesting things we heard from industry leaders.