Kaiji, a newly discovered botnet, is compromising Linux servers and IoT devices using brute-force methods that target the SSH protocol, according to the security firm Intezer. The botnet has the capability to launch DDoS attacks.
Forget "whitelists" and "blacklists" in cybersecurity. So recommends Britain's National Cyber Security Center, in a bid to move beyond the racial connotations inherent to the terminology. Henceforth, NCSC - part of intelligence agency GCHQ - will use the terms "allow list" and "deny list." Will others follow?
"Digital transformation" was an overused marketing buzz phrase until the global crisis came along and - over the course of a single weekend - changed permanently how we live and work.
Enterprises are emerging from firefighting mode now and beginning to strategize about what comes next. What will be the balance of...
The Department of Health and Human Services has yet to implement dozens of "high priority" recommendations, including several related to enhancing its cybersecurity and reducing the risk of fraud, according to a new report from the GAO, which made the recommendations.
The average ransom paid by victims to ransomware attackers reached $111,605 in the first quarter of this year, up 33% from the previous quarter, reports ransomware incident response firm Coveware, which sees the Sodinokibi, Ryuk and Phobos malware families continuing to dominate.
Many attackers continue to camp out in networks for months, conducting reconnaissance and stealing sensitive data before unleashing ransomware. Experts say many recent efforts trace to gangs wielding the RobbinHood, Valet Loader, NetWalker, PonyFinal, Maze and Sodinokibi strains of crypto-locking malware.
Before COVID-19, the privacy discussion this year was mainly about the California Consumer Privacy Act. Now it's about healthcare data sharing, contact tracing and monitoring remote workers. Omer Tene of the IAPP discusses the pandemic's influence on global privacy concerns.
Because it's inevitable that some attackers will get around defenses, Kettering Health Network added an extra layer of endpoint security to help mitigate the risks posed by ransomware and other cyberthreats, says Michael Berry, director of information security. He describes what's unusual about the approach.
Apple is now preparing final patches for two zero-day vulnerabilities that a security firm says have been exploited by certain attackers to seize control of iPhone and iPad email apps, giving them access to users' messages.
Many governments are pursuing contact-tracing apps to combat COVID-19, but such projects risk subjecting populations to invasive, long-term surveillance - as well as insufficient adoption - unless they take an open, transparent and as decentralized approach, says cybersecurity expert Alan Woodward.
The U.S. Small Business Administration says a flaw in an online application portal may have exposed the personal data - including Social Security numbers - of approximately 8,000 loan applicants seeking help coping with the economic impact of the COVID-19 pandemic, according to news reports.
As COVID-19 spread in the spring of 2020, organizations around the world have scrambled to enable a remote workforce, acting in "firefighting" mode and laser-focused on business continuity. But as the new normal settles in, digital transformation is rising as a critical - if altered - priority, and security teams need...
Three recently disclosed health data security incidents - including the discovery of a large email hack that happened nearly a year ago - serve as reminders of the ongoing incident response challenges facing healthcare organizations. And these difficulties are likely to worsen during the COVID-19 crisis.
Federal government agencies face unique cybersecurity risks, and as a result they often place tight restrictions on mobile devices in the workplace. But perhaps it's time to loosen these restrictions because they are negatively impacting missions, recruitment and retention.
There are consequences of cutting back or...