The Senate Intelligence Committee Tuesday released its fifth and final report on Russia's attempts to influence the 2016 election, providing more details on how Russian hackers resided on Democratic National Commitee servers for months and citing shortcomings in the FBI's investigation.
State and local governments are better equipped to ensure election security than they were four years ago, says Christopher Krebs, director of CISA, who calls on election officials to serve as "risk managers." His comments came at ISMG's Cybersecurity Virtual Summit.
The emerging cloud-delivered service model known as security access service edge, or SASE, is designed to help simplify security for remote access, says Sean Duca of Palo Alto Networks, who explains how the model works.
Copycats using well-known threat actor names, such as Fancy Bear and Armada Collective, are launching extortion campaigns tied to distributed denial-of-service attacks against financial institutions, according to Akamai's Security Intelligence Research Team.
Ransomware gangs continue to see bigger payoffs from their ransom-paying victims, driven by "big-game hunting," data exfiltration and smaller players seeking larger returns, according to ransomware incident response firm Coveware.
The Canadian government is investigating two credential-stuffing incidents that affected some of the country's most essential services, including taxation, healthcare, welfare benefits and immigration.
The IcedID banking Trojan has been updated with additional evasion techniques, including a password-protected attachment, keyword obfuscation and a DLL file that acts as a second-stage downloader, according to Juniper Threat Labs.
An alert from U.S. National Security Agency and the FBI warns of a recently discovered Russian-deployed malware variant called Drovorub that's designed to target Linux systems, creating a backdoor into targeted networks to exfiltrate data.
Ariel Weintraub joined MassMutual last fall to focus on putting data science to work to help improve the insurance company's security operations and identity and access management programs. What are the early use cases and lessons learned?
Who watches the penetration-testing testers? Questions are circulating over how some organizations train their employees for the CREST pen-testing certification after some leaked internal documents appeared to contain material from past tests.
Since 2018, an advanced persistent threat group dubbed RedCurl, which has served as a team of for-hire hackers specializing in corporate espionage, has hit at least 14 targets in Canada, Russia, the U.K. and beyond, says cybersecurity firm Group-IB.
Two critical, zero-day vulnerabilities affecting Internet Explorer and multiple versions of the Windows operating system are being exploited in the wild, Microsoft and the U.S. Cybersecurity and Infrastructure Security Agency warn, urging prompt patching.