Mitsubishi Electric says hackers exploited a zero-day vulnerability in its anti-virus software, prior to the vendor patching the flaw, and potentially stole trade secrets and employee data. The Japanese multinational firm announced the breach more than six months after detecting it in June 2019.
Microsoft says it's prepping a patch to fix a memory corruption flaw in multiple versions of Internet Explorer that is being exploited by in-the-wild attackers, and it's issued mitigation guidance. Security firm Qihoo 360 says the zero-day flaw has been exploited by the DarkHotel APT gang.
Law enforcement agencies in five countries have shut down WeLeakInfo.com, which allegedly provided cybercriminals with access to over 12 billion personal records culled from 10,000 data breaches.
Proof-of-concept code has been released to exploit a severe Citrix vulnerability present in tens of thousands of enterprises. Citrix says it's developing permanent patches but that enterprises should use its mitigation guidance. In the meantime, attackers are hunting for vulnerable machines.
Corporate network security breaches, which can prove costly to remediate and expose a company to lawsuits, are frequently the result of vulnerabilities that could have been fixed for a relatively low cost. A a brute force penetration test is a critical first step in finding those vulnerabilities.
Hackers have been increasingly probing the North American power grid for weaknesses, but the industry - driven in part by regulators - is increasingly able to identify and repel attackers, industrial cybersecurity experts say.
Is it possible that a nation-state actor such as Iran could create a cybersecurity incident that compromises the U.S. power grid? Bernie Cowens, most recently CISO at the nation's largest electric utility, says that's unlikely because the power grid is more cybersecure than you might think.
U.K. authorities are reviewing an August outage at the London Stock Exchange that delayed the opening of trading to determine if a cyberattack was involved, according to the Wall Street Journal.
Following the U.S. killing of Iran's Maj. Gen. Qasem Soleimani last week, security experts have warned of possible retaliatory cyber strikes. Tom Kellermann of VMware believes those attacks are imminent. "The period of mourning is over, and I think the holy war in American cyberspace is yet to begin."
While run-of-the-mill ransomware attacks continue, some crypto-locking malware gangs are bringing more advanced hacking skills to bear against targets, seeking the maximum possible payout, says cybersecurity expert Jake Williams of Rendition Infosec, who dubs the trend "ransomware 2.0."
Security experts speaking on the ending "locknote" panel at this year's Black Hat Europe highlighted trends from the conference, including the rise of fuzzing, simplification via the cloud, increasing vendor transparency as well as the industry too often still failing to focus on the basics.
A new malware campaign suspected of being tied to Iran has been targeting companies in the energy and industrial sectors in the Middle East, according to a report from IBM X-Force.
Several e-commerce sites were targeted with a card skimming campaign that used the Salesforce-owned Heroku cloud platform to host skimmer infrastructure and stolen credit card data, according to a new report from the security firm Malwarebytes.
Attacks tied to Shade ransomware continue to surge as part of an overall resurgence in ransomware, security researchers warn. Other malware trends include stealthy ways to sneak malicious code onto systems - including JavaScript and zipped attachments - as well as the continuing use of exploit kits.
With all of the tools deployed for
endpoint detection and response,
enterprises today are often overwhelmed
by threat intelligence, says J.J. Thompson
of Sophos. To alleviate "analysis
paralysis," Sophos has launched its
Managed Threat Response service.
Download this eBook to learn more about:
The evolution of...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.eu, you agree to our use of cookies.
