Stay informed on the latest cybersecurity threats and news to better protect your data, networks, applications, and devices. Our coverage includes emerging vulnerabilities, evolving attack techniques, and the latest security breaches to help you understand and mitigate risks.
On Friday, a version of the WannaCry ransomware hit tens of thousands of computers in 74 countries worldwide in a matter of hours, according to Kaspersky researchers. “It’s important to note that our visibility may be limited and incomplete and the range of targets and victims is likely much, much higher,” the researchers noted. MalwareTech…
The Hajime malware family, which was first uncovered [PDF] by Rapidity Networks researchers last fall, is increasingly competing with the Mirai botnet to infect Internet of Things (IoT) devices. “Unlike Mirai, which uses hardcoded addresses for its command and control (C&C) server, Hajime is built on a peer-to-peer network,” Symantec senior threat researcher Waylon…
Can your company afford to lose $4 million? According to Ponemon Institute’s 2016 Cost of a Data Breach Study, that’s the consolidated cost of the average data breach. Even the smallest companies have to pay up after a cyberattack, and every compromised record containing sensitive or personal information costs a company about $158. That adds…
Attackers often create new accounts in order to commit fraud, but how long does it take from the time the account is created until fraud is attempted? That’s one of the many questions about fraud that a new report from fraud detection firm Datavisor aims to help answer. The Inaugural DataVisor Online Fraud report is…
Since 2010 when it first began its bug bounty program, Google has been one of the most transparent companies when it comes to revealing how much it will pay security researchers for a given vulnerability. The Google Vulnerability Reward Program (VRP) has also consistently increased the amounts it pays out to researchers for different classes…
Ransomware is a huge and growing problem for businesses, and organizations of all sizes need to devote considerable resources to preventing infections or recovering their data if they fall victim to a ransomware attack. It’s a problem that shows no signs of going away. That’s because ransomware is easy to produce, difficult to defend against,…
A recent Nuix survey of 70 hackers at DEFCON 2016 found that 84 percent of respondents use social engineering as part of their attack strategy, and 50 percent change their attack methodologies with every target. When asked why they change attack methodologies, 56 percent said they do so to learn new techniques. Just 5 percent…
By Ryan O’Leary, WhiteHat Security If your company develops web applications, I hope you aren’t the nervous sort when I tell you that your website is most likely being targeted for hacking as you read this. If you’re a security manager, it really shouldn’t come as a surprise, though. Web apps are the most exploited…
Validating the integrity and authenticity of code in Microsoft applications is important given their near-ubiquity in the enterprise. One mechanism for doing so is a digitally signed file that is supposed to help Windows operating systems run validated code from known good developers. One problem: The mechanism can potentially be bypassed and an attacker can…
LAS VEGAS. Guests in hotels around the world make use of magnetic stripe-based key cards to gain access to their rooms. According to Weston Hecker, senior security engineer and pentester at Rapid7, all of those cards pose a security risk as there are weaknesses that could enable an attacker to modify cards for malicious purposes.…