Threat modeling can help give organizations the extra insights needed to secure their on-premises and cloud environments at a time when attackers are using increasingly sophisticated methods to gain entry to networks and maintain persistence. Experts offer tips on making the right moves.
Security researchers at AT&T Alien Labs say they've discovered a cluster of Linux ELF executables, identified as modifications of the open-source PRISM backdoor, that attackers have been using in several campaigns for more than three years.
The artificial intelligence systems used by image recognition tools, such as those that certain connected cars use to identify street signs, can be tricked to make an incorrect identification by a low-cost but effective attack using a camera, a projector and a PC, according to Purdue University researchers.
Google has removed eight fake cryptomining apps from its Play Store, but researchers at security firm Trend Micro have flagged 120 other apps on users' phones purporting to also be cryptomining. Users paid for services the eight apps never delivered.
At least 38 million records have been leaked by hundreds of online portals that were unwittingly misconfigured by organizations using Power Apps, a Microsoft service to quickly spin up web apps. Microsoft has now changed default settings for Power Apps to prevent inadvertent data exposures.
Microsoft security researchers say the operators of the well-established Mozi IoT botnet have upgraded the malware, enabling it to achieve persistence on network gateways manufactured by Netgear, Huawei and ZTE.
The U.S. and Singapore have announced three agreements to expand their collaborative efforts - including shoring up information sharing, research and training - to address global cybersecurity issues.
Security firm Cloudflare says it detected and mitigated a 17.2 million request-per-second distributed denial-of-service attack, almost three times larger than any previously reported HTTP DDoS attack.
As ransomware-as-a-service operations continue to compete for affiliates, the operators behind LockBit have unveiled a new version of their crypto-locking malware boasting fresh features, some borrowed from rivals. Separately, a relatively unsophisticated newcomer called Hive has debuted.
In the latest weekly update, four editors at Information Security Media Group discuss important cybersecurity issues, including the evolution of fraud trends and the challenges in implementing the "zero trust" framework in the OT environment.
The World Bank has launched a cybersecurity fund for low- and middle-income nations to support public sector efforts to conduct cybersecurity maturity assessments, offer technical assistance and support training and staff development.
A hacker stole $97 million in cryptoassets from the Japan-based cryptocurrency exchange Liquid. The attack came just days after a hacker stole $612 million from the crypto platform Poly Network.
A Nigeria-based ransomware gang is conducting a campaign that dangles a $1 million bribe - or a portion of any ransom collected - to employees of targeted organizations if they will install DemonWare ransomware on their corporate network.
Researchers at the security firm Cisco Talos have spotted an ongoing campaign using an updated variant of the "Neurevt" Trojan to target customers of financial institutions in Mexico.
The Brazilian government has confirmed that its National Treasury fell victim to a ransomware attack on Aug. 13. The scope of the incident remains unclear, although officials say it did not damage structural systems.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.