Chinese hackers are exploiting known vulnerabilities in a Citrix networking appliance and virtual private network. The products, Citrix ADC and Gateway, are popular in the healthcare sector. Left unpatched, attackers may execute ransomware attacks or steal intellectual property.
Assets kept behind air-gapped networks should be inaccessible, but researchers from Pentera describe how hackers use the DNS protocol as a command-and-control channel. To be truly safe, companies should isolate the DNS server used for air-gapped networks and filter traffic for anomalies.
Microsoft Office's use of Internet Explorer to render HTML is the gift that keeps giving for North Korean hackers. Security researchers at Google say they spotted a Pyongyang threat actor using a now-patched JavaScript engine flaw via a malicious Office document.
Russian actors may be more willing this winter to use digital tools to coerce and influence Europe away from its support of Ukraine, computing giant Microsoft warns. The Kremlin has at its disposal ransomware and active digital disinformation operations.
Windows systems in Russia are being stalked by a new Trojan that purports to be ransomware but is really designed to wipe PCs and leave them unrecoverable, security researchers say. Dubbed CryWiper, it's one of a number of wipers - mostly targeting Ukraine - seen in the wild this year.
From the invasion of Ukraine to the conviction of a former Uber CISO and the Musk takeover of Twitter, it's been a watershed year for cybersecurity concerns. Veteran CISO David Pollino reflects on 2022 and looks ahead to the challenges - and opportunities - that await in 2023.
Thousands of Rackspace customers continue to face hosted Microsoft Exchange Server outages after the managed services giant took the offering offline after being affected by an unspecified security incident Thursday. Rackspace urges affected customers to at least temporarily move to Microsoft 365.
Based on known ransomware attacks against the healthcare sector, here's good news: The volume of attacks seems to have declined, says Allan Liska, a principal intelligence analyst at Recorded Future. Unfortunately, most such attacks not only trigger downtime but include the theft of patient data.
A multitude of state privacy laws taking effect in 2023 has forced organizations to revamp their compliance programs to incorporate the disparate requirements, says Lisa Sotto. Companies across every industry face a threat environment that's more active and malicious than ever before.
In the latest weekly update, Information Security Media Group Editors discuss current cybersecurity and privacy issues, including advice on strengthening off-hours defenses during the holiday season, emerging cybercrime trends in 2022, and Palo Alto's first big M&A since early 2021.
While the cybercrime story for 2022 has yet to be fully written, cryptocurrency theft will no doubt have a starring role. Buoyed by the collective pilfering of billions of dollars' worth of cryptocurrency this year, what's to stop attackers from doubling down in 2023?
Pro-Kremlin KillNet hackers took down the website of the European Parliament on Wednesday in a DDoS attack that came just hours after the legislative body declared Russia a terrorist state. The website was still down late in the day as part of a string of hacktivist attacks against allied nations.
The U.S. government seized seven fake cryptocurrency domains used in a confidence scam based on long-term emotional manipulation of victims that netted criminals more than $10 million. Perpetrators scammed five victims by spoofing the website of the Singapore International Monetary Exchange.
A large-scale cyberespionage campaign by notorious China-based advanced persistent threat actor Mustang Panda is targeting government, academic and other sectors globally. Its main targets include Asia-Pacific organizations in Myanmar, Australia, the Philippines, Japan and Taiwan.
Despite the strategic priorities laid out by the Biden administration and initial indicators provided by the Department of Defense, it's unclear how the next national defense strategy will prioritize threats and define the primary role of the U.S. military. Chris Dougherty discusses cyberwarfare.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.