Microsoft says Internet-exposed Linux and Internet of Things (IoT) devices are being hijacked in brute-force attacks as part of a recently observed cryptojacking campaign.
SACRAMENTO, California The country's largest public pension fund says the personal information of about 769,000 retired California employees and other beneficiaries — including Social Security numbers — was among data stolen by Russian cybercriminals in the breach of a popular file-transfer application.
Suspected Chinese APT groups exploited a 17-year-old Microsoft Office vulnerability in May to launch malware attacks against foreign government officials who attended a G7 summit in Hiroshima, Japan.
The Internet Systems Consortium (ISC) has released patches to address security vulnerabilities affecting multiple versions of BIND 9, a widely used open-source software package that provides internet domain name system services.
Security researchers have found a simple way to deliver malware to an organization with Microsoft Teams, despite restrictions in the application for files from external sources.
Researchers from Cyble Research and Intelligence Labs (CRIL) discovered a trojanized Super Mario Bros game installer for Windows that was used to deliver multiple malware, including an XMR miner, SupremeBot mining client, and the Open-source Umbral stealer.
Swing VPN is a legitimate VPN app developed for Android and iOS systems by Limestone Software Solutions. However, according to researcher Lecromee, the Android version of this app is a DDoS botnet and allegedly harbours malicious intent as it can carry out distributed denial of service attacks (DDOS attacks).
Some organizations have bought into the idea that workloads in the cloud are inherently more secure than those on premises. This idea is reinforced by the concept that the cloud service provider (CSP) assumes responsibility for security. However, while a secure cloud workload is possible, one should not automatically assume this as there are important steps to ensure its security.
The survey of over 400 cybersecurity decision makers and practitioners across the US and UK identified nearly one-third have concerns around a lack of security skills and lack of security training budget, and over one-quarter are worried about low security team headcount and low overall security budget.
