"Hundreds" of special education students' psych records have turned up on the Dark Web. School records like these are covered by FERPA, not HIPAA, so parents have little recourse.
The number of people who have made the weaponized software available for sharing via torrent suggests that many unsuspecting victims may have downloaded the XMRig coin miner.
Through its Cybersecurity Assurance Program, UL Solutions is helping the automotive industry advance cybersecurity management systems for connected vehicle technologies.
A previously unidentified threat group uses open source malware and phishing to conduct cyber-espionage on shipping and medical labs associated with COVID-19 treatments and vaccines.
A novel threat group, utilizing new malware, is out in the wild. But the who, what, where, and why are yet to be determined, and there's evidence of a false-flag operation.
Eliminate passwords in user authentication workflow with Vault Vision's passkey features like facial recognition, fingerprint and pin verification on all modern devices.
(ISC)2 members and cybersecurity professionals worldwide are encouraged to share their expertise, best practices and experiences with their peers and career hopefuls.
Sharing attestations on software supply chain data that are formed into a policy will give us a framework to interpret risk and develop compliance directives.
A combined team of UL Solutions safety science experts will address automotive cybersecurity, functional safety, automated driving and software development processes to help customers bring safer, more secure innovations to market.
Open source software dependencies are affecting the software security of different industries in different ways, with mature industries becoming more selective in their open source usage.
It's a banner year for attacks coming through traditional email as well as newer collaboration technologies, such as Slack and Microsoft Teams. What's next?
Google's Android and Chrome Vulnerability Reward Programs (VRPs) in particular saw hundreds of valid reports and payouts for security vulnerabilities discovered by ethical hackers.
Organizations are urged to update to the latest versions of FortiNAC to patch a flaw that allows unauthenticated attackers to write arbitrary files on the system.
With the fresh capital, Scrut aims to focus on simplifying risk management and infosec compliance for cloud-native SaaS, Fintech, and Healthtech companies
Making the option available only to paid subscribers — while also claiming SMS authentication is broken — doesn't make sense, some say. Is it a cash grab?
Nation-state adversaries, new reporting regulations, and a fast-paced threat landscape mean that financial services and technology firms need to bolster their security posture.
Some employees' personal data was leaked, but the company responded swiftly to a socially engineered incident that gained access to legitimate employee login credentials.
An Israeli university is being blackmailed by hackers. However, they aren't just after money but are looking to send a political message — and maybe something more.
By implementing tools that enable internal users to do their jobs efficiently and securely, companies reduce insider threat risk by building insider trust.
New research shows that 57 vulnerabilities that threat actors are currently using in ransomware attacks enable everything from initial access to data theft.
Established network security players are responding to the shift to cloud-native applications, which have exposed more vulnerabilities in open source software supply chains.
The primary victims so far have been employees of telcos in the Middle East, who were hit with custom backdoors via the cloud, in a likely precursor to a broader attack.
BEC gangs Midnight Hedgehog and Mandarin Capybara show how online marketing and translation tools are making it easy for these threat groups to scale internationally.
Weeks after an exploit was first announced in a popular cloud-based file transfer service, could some organizations still be vulnerable? The answer is yes.
It's a classic attacker move: Use security protections against those who deploy them. But organizations can still defuse and prevent these encrypted attacks.
Login
FreshRSS