Reacting to reports claiming hackers may have used JetBrains' TeamCity tool as an initial infection vector during the attack against SolarWinds, JetBrains CEO Maxim Shafirov says the company has not been contacted by investigators. But he says customer misconfiguration of TeamCity could have enabled a hack.
A recently uncovered remote access Trojan, dubbed ElectroRAT, has been stealing cryptocurrency from digital wallets over the past year, according to researchers at Intezer Labs. The malware, written in Golang, can target Windows, Linux and macOS platforms.
As investigators probe the SolarWinds hack, they're finding that the supply chain campaign appears to have deeply compromised more than the 50 organizations originally suspected. Meanwhile, the federal agencies overseeing the investigation now officially believe a Russian-linked hacking group is responsible.
The SolarWinds breach is a case study in how attackers can subvert a widely used piece of software to turn it to their advantage, says Lou Manousos, CEO of RiskIQ. The attack surface management expert details lessons all organizations must learn in the wake of this "unprecedented" attack.
An evolving workplace, greater reliance on IoT and the cloud, and already we have seen the new face of supply chain attacks. This is the backdrop for 2021, and Imperva's Brian Anderson offers insights into the cyber-attack outlook.
Government leaders are increasingly calling on cybersecurity researchers to better inform policymakers and are urging businesses to pay more attention to their in-house security teams, according to presenters at this week's Black Hat Europe virtual conference.
A hacking group behind an Android spyware variant has recently added fresh capabilities that include the ability to snoop on private chats on Skype, Instagram and WhatsApp, according to ReversingLabs. This APT group, believed to be tied to Iran, has recently been sanctioned by the U.S. Treasury Department.
This edition of the ISMG Security Report features an analysis of a serious Apple iOS "zero-click exploit" that could have allowed hackers to remotely gain complete control of a device. Also featured: a discussion of identity proofing challenges and a review of New Zealand's updated Privacy Act.
Single Sign-On (SSO) solutions are instrumental in controlling employee access to applications and systems. With SSO, companies leverage a central identity provider to manage user authentication and grant access to resources through a single set of login credentials. This enables organizations to improve security...
Warning to workers: Your productivity tools may also be tracking your workplace productivity, and your bosses may not even know it. But as more workplace surveillance capabilities appear, legal experts warn that organizations must ensure their tools do not violate employees' privacy rights.
IoT devices and applications often use a range of components, including third-party libraries and open source code. Steve Springett, who created Dependency-Track, explains how to reduce risk and keep third-party code up to date.
With digital transformation come new applications and efficiencies in the cloud. But governance, visibility and access challenges also emerge. Ron Bennetan of Imperva shares strategies for improving data governance and security in the cloud.
Google removed two Android apps made by Baidu, a Chinese company, from its Google Play store after security researchers found they were collecting and possibly leaking data that could have been used to track individuals.
To be the first to bring a ground-breaking treatment or vaccine to market, pharmaceutical organizations need employees to stay productive no matter where they are or what device they're using. But this greater connectivity is exposing your critically important intellectual property (IP) to countless mobile risks. It's...
2020 was a year of challenges for businesses of all varieties. Organisations that hadn't yet begun their digital transformation were left with no option but to adapt and adapt quickly, while others felt the urgency to accelerate the shift to digital and move to the cloud for more flexibility. Adding to that mounting...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.