MuddyWater, an advanced persistent threat group that has targeted organizations in the Middle East, has changed some of its tactics to better avoid detection as it continues to plant backdoors within targeted networks, according to new research from Cisco Talos.
Salesforce says it has nearly recovered from a botched database update that wiped out user permissions within its Pardot marketing management product on Friday. The error allowed Salesforce users access to previously restricted profiles.
The lack of secure coding is a pervasive and serious threat to national security, according to a new paper from the Institute for Critical Infrastructure Technology. In an interview, Rob Roy, co-author of the report, outlines what steps should be taken to encourage or enforce secure coding practices.
Multiple flaws - all serious, exploitable and some already being actively exploited - came to light last week. Big names - including Cisco, Facebook, Intel and Microsoft - build the software and hardware at risk. And fixes for some of the flaws are not yet available. Is this cybersecurity's new normal?
The majority of aircraft accidents occur during landing. And during bad weather or low-visibility, pilots are trained to entirely trust their instruments. But researchers say they can spoof wireless signals to a critical landing system, which could cause planes to miss runways.
Newly discovered microarchitectural data sampling flaws in Intel processors - collectively dubbed "ZombieLoad" - could be exploited to steal private data from PCs and servers, including shared cloud environments. Intel, Microsoft, Apple and others have begun to ship patches designed to help mitigate the problems.
ScarCruft, a Korean-speaking APT group that has been targeting organizations mainly in Southeast Asia over the past three years, is developing new malware that targets Bluetooth-enabled devices, according to Kaspersky Lab.
Facebook is warning users of its WhatsApp messaging app to update immediately to fix a flaw that is being used to remotely install Pegasus surveillance software from Israel's NSO Group. WhatsApp says a "select number" of targets were hit by the attacks, which it has blamed on "an advanced cyber actor."
Researchers report finding a vexing vulnerability in Cisco routers that could invisibly undermine device integrity and allow attackers to take full control of a router, if combined with a second exploit. Unfortunately, hardware design flaws could complicate Cisco's efforts to safeguard users.
Over the past two years, the number of ransomware attacks against state and local government agencies has increased. But at the same time, these victims are paying less to attackers. A new analysis by threat intelligence firm Recorded Future asks: Why the discrepancy?
Serving as a "virtual CISO" offers advantages as well as challenges, says Doug Copley, who's a CISO contractor for several healthcare sector entities. He shares insights on this unusual job opportunity.
Attackers exploiting a buffer overflow in WhatsApp's signaling software to automatically infect devices with malware - without users even having to answer their phone - and then alter call logs to hide attack traces is "a bit of a nightmare scenario," says cybersecurity expert Alan Woodward.
The indictment of two Chinese men for a 2014 cyberattack on health insurer Anthem that compromised information on nearly 80 million individuals contains extensive details about the incident that security professionals can use to help with their breach prevention strategies.