IoT devices and applications often use a range of components, including third-party libraries and open source code. Steve Springett, who created Dependency-Track, explains how to reduce risk and keep third-party code up to date.
With digital transformation come new applications and efficiencies in the cloud. But governance, visibility and access challenges also emerge. Ron Bennetan of Imperva shares strategies for improving data governance and security in the cloud.
Driven by the profits to be achieved via ransomware, most botnet operators have dropped banking Trojans in favor of supporting and running crypto-locking malware attacks, according to security experts who spoke Wednesday at cybersecurity firm Group-IB's CyberCrimeCon 2020 virtual conference.
The FBI has sent out a private industry alert warning about an increase in attacks using Ragnar Locker ransomware. The operators behind this crypto-locking malware have recently targeted companies that include EDP, Campari and Capcom, researchers note.
The U.K. National Cyber Security Center is warning that nation-state hackers and cybercriminals are exploiting a remote vulnerability in MobileIron's mobile device management tool to target organizations in the country.
Google removed two Android apps made by Baidu, a Chinese company, from its Google Play store after security researchers found they were collecting and possibly leaking data that could have been used to track individuals.
The gang operating Trickbot is continuing its activities despite recent takedown efforts, rolling out two updates that make the malware more difficult to kill, according to the security firm Bitdefender.
Ransomware continues to pummel many types of organizations, recently including South Korea's E-Land retail group, French newspaper Paris-Normandie and a Georgia county school system. A ransomware hit against hosting giant Managed.com has resulted in ongoing site outages for numerous others.
U.K. Prime Minister Boris Johnson announced Thursday the creation of a National Cyber Force designed to strengthen Britain's cybersecurity posture and give the country new defensive and offensive capabilities. Some security experts, however, are raising concerns about recruiting enough qualified staff members.
"Has anyone witnessed any examples of criminals abusing artificial intelligence?" That's a question security firms have been raising. A new report has identified likely ways in which such attacks might occur and offers examples of threats already emerging
The Chinese hacking group "Cicada" is exploiting the critical Zerologon vulnerability in Windows Server as part of a cyberespionage campaign that's mainly targeting Japanese companies' locations around the world, according to the security firm Symantec.