In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including the importance of incident repose planning; the worldwide impact of the LOg4j flaw, which may lead to 2022 being the year of the SBOM; and the increasingly blurred line between conventional...
Mozilla has released its latest Firefox browser version 96 with a host of new features and improvements for both desktop and mobile browsing. Mozilla has also fixed 18 security vulnerabilities, including 9 high-severity issues and 9 other medium- or low-severity flaws.
Russian authorities have arrested 14 individuals suspected of being part of the notorious REvil, aka Sodinokibi, ransomware operation. Russia's Federal Security Agency, the FSB, said it used intelligence provided by the U.S. to help identify the suspects.
Multiple government sites in Ukraine, as well as Swedish, U.K. and U.S. embassy websites, have been defaced with warnings to "be afraid and expect the worst." The defacements occurred after a week of "intensive" but unresolved talks between NATO and Russia, which continues to mass troops on Ukraine's border.
A new Lazarus-linked APT threat known as BlueNoroff has emerged and is actively targeting cryptocurrency startups in a campaign called "SnatchCrypto." Research by Kaspersky found that more than 15 venture businesses and their employees have fallen victim to the nation-state threat actors.
Cybersecurity threats are democratic: Any target is good. Defenses, alas, are not - they vary depending on the size of an enterprise and especially the size of its budget. Sebastian Jakubowski and Rich Lilly of Netrix want to change this dynamic and introduce a new "democratization of security."
In the wake of the explosive Apache Log4j vulnerabilities, the White House hosted tech leaders and federal agencies in a summit to discuss ways to improve open-source software security. The meeting was hosted by Deputy National Security Adviser for Cyber and Emergency Technology Anne Neuberger.
Maryland officials confirm that a December cyberattack on the state's health department, which is still disrupting some services, involved ransomware - but that no ransom was paid. Also, lawsuits have been filed against a Florida specialty pharmacy in the wake of a November cyber incident.
Police in Ukraine have arrested five individuals on suspicion of using ransomware to extort more than 50 companies across the United States and Europe, as well as to provide an IP-changing service to international hackers to help them distribute malware, steal sensitive data and disrupt sites.
As staff increasingly connect to networks using internet of things devices, researchers have found a new way of detecting malware on IoT devices. The method leverages electromagnetic field emanations and can detect stealthy malware on the devices even in the presence of obfuscation techniques.
Proofpoint, which was acquired by private equity firm Thoma Bravo in 2021, has merged with Dathena, a New York-based AI data protection platform. Dathena's platform will address the need in Proofpoint's cloud management platform for safeguards against breaches and data exposure.
Amid a surge in cryptocurrency investment - particularly across DeFi - blockchain experts warn that lax security was a main factor in $1.3 billion in cryptoassets being lost to hacks, exploits and scams in 2021. The losses, according to CertiK, rose from $500 million in 2020.
Microsoft released its first rollout of 2022 patches that covers 96 new CVEs, plus 24 CVEs patched by Microsoft Edge (Chromium-based) earlier this month and two other CVEs fixed previously in open-source projects. This makes a January total of 122 CVEs. Nine are rated critical in severity.
Healthcare and public health sector entities must heed the warnings this week by federal authorities of Russian state-sponsored cyberthreats to critical infrastructure organizations, some experts say. Why are the stakes so high?
Cisco Talos researchers have discovered a heap-based buffer overflow vulnerability in the Chitubox Anycubic plug-in. The vulnerability - which scores a 7.8 in criticality - triggers if the user opens a specially crafted .gf file. There is no official fix available.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.
