A vulnerability in Polygon, a framework used to build Ethereum-compatible blockchain networks, has been fixed. The bug, discovered by white hat hackers at bug bounty platform Immunefi, would have put 9,276,584,332 MATIC, worth nearly $23 billion, at risk.
A ransomware attack disrupted the operations of Norway-based media company Amedia, which publishes more than 70 newspapers for 2 million readers. The Tuesday attack on the company's computer systems forced it to shut the presses, says Amedia's executive vice president of technology, Pål Nedregotten.
ONUS, one of Vietnam's largest cryptocurrency platforms, has reportedly fallen victim to a ransomware attack that has been traced to Apache's remote code execution vulnerability, Log4j, via third-party payment software. CrowdStrike has also detected Chinese APT activity around the logging flaw.
LastPass says none of its users accounts have been compromised, although multiple users of the password manager reported receiving email warnings that are normally sent to users who log in from different devices and locations, causing them to think their master passwords had been compromised.
Seven vulnerabilities - including one rated critical and five high-severity - in Schneider Electric's EVlink products have been patched, according to security researcher Tony Nasr. Exploitation of the vulnerabilities would allow attackers to manipulate configurations and settings.
In the U.S., three states now have disparate data privacy laws - and more are coming. Meanwhile, China has enacted a new law that has global enterprises scrambling. How will these and other actions shape privacy discussions in 2022? Noted attorney Lisa Sotto shares insights.
Another Log4j patch has been released by the Apache Software Foundation, the nonprofit supporting Apache's open-source software projects. Its Log4j version 2.17.1 fixes a newly disclosed remote code execution vulnerability tracked as CVE-2021-44832.
U.S. President Joe Biden on Monday signed into law the National Defense Authorization Act for fiscal year 2022, which contains $768 billion in defense spending - 5% more than 2021 - and several cybersecurity provisions, including expansion of the Cybersecurity and Infrastructure Security Agency.
On the cusp of 2022, John Kindervag - the father of the Zero Trust security model - reflects on how the Zero Trust dialogue has evolved in 2021 and makes his New Year's predictions. Will the president's executive order be an accelerator or an anchor? Which myths are ripe to be busted?
A Republican senator will soon introduce a bill that, for the first time, attempts to regulate the cryptocurrency space. The bill would reportedly add investor protections, rein in stablecoins and create a self-regulatory organization under the jurisdiction of the SEC and CFTC.
SentinelLabs researchers say the new ransomware group Rook used the Babuk APT group's leaked source code to attack financial institutions in Kazakhstan. They warn that Rook is the first of many new ransomware groups that could deploy targeted attacks with Babuk's code.
The Apache Software Foundation has released a new Apache HTTP Server update, version 2.4.52, to mitigate risks posed by two flaws. One of the vulnerabilities is critical, but there has been no evidence it is being exploited in the wild.
Microsoft's Azure App Service had a security flaw, which researchers call "NotLegit," that kept your Local Git repository publicly accessible, according to a security blog from Wiz.io. The source code of customer applications written in Java, Node, PHP, Python and Ruby was exposed for four years.
As ransomware attacks continue to pose a significant threat to enterprises and individuals, "We will keep banging the message that basic cyber hygiene makes a big difference to lots of people," says Andy Bates of the Global Cyber Alliance. He also discusses the alliance's top priorities for 2022.
Threat actors have attempted to steal two-factor authentication codes from users of Australian cryptocurrency exchange CoinSpot, researchers say. The codes would help attackers perform "potentially unauthorized withdrawals from individual accounts," say analysts at Cofense Phishing Defense Center.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.