News Analyses

Ransomware  >  A masked criminal ransoms data for payment.
Russian hammer and sickle / binary code

Election security  >  Backlit hand drops a vote in a ballot box with US flag + binary code overlay

Late-game election security: What to watch and watch out for

Despite disruption of the Trickbot botnet network, last-minute leaks of stolen documents and post-election undermining of trust in the election system remain big concerns.

Ransomware  >  A masked criminal ransoms data for payment.

Financial crime group FIN11 pivots to ransomware and stolen data extortion

FIN11, believed to be Russia-based, follows a trend of cybercriminal groups expanding their operations beyond financial crime.

One lock in a series is unlocked / weakness / vulnerability

Half of all virtual appliances have outdated software and serious vulnerabilities

New study shows that even security vendors can use outdated and vulnerable virtual appliances. Top advice: Make sure your vulnerability management processes include virtual appliances.

A man casts the shadow of an ominous hooded figure against a circuit-based wall.

Elusive hacker-for-hire group Bahamut linked to historical attack campaigns

The Bahamut group targets high-value victims and takes meticulous care with its own operational security.

Facebook / network connections / privacy / security / breach / wide-eyed fear

How SilentFade group steals millions from Facebook ad spend accounts

SilentFade steals credentials and ad spend account information and sells the information to other bad actors. The group returned with improved malware after Facebook's initial mitigation efforts.

Law enforcement coordination  >  A team of investigators collaborates. [detectives / FBI agents]

New FBI strategy seeks to disrupt threat actors, help defenders through better coordination

The FBI sharpens its focus on collaboration among US and foreign government agencies and the private sector. It will acting as a central hub to deal with cybersecurity threats.

Remote worker  >  A man works from home with his dog

CIOs say security must adapt to permanent work-from-home

Both private- and public-sector CIOs see many more employees permanently working remotely, and say security needs to adapt to new threats and how they communicate.

Insider threats  >  Employees suspiciously peering over cubicle walls

Preventing insider threats: What to watch (and watch out) for

Understanding human behaviors that precede malicious actions from an insider is the best way to avoid data loss or disruption, experts say.

bucket with holes breach security vulnerability

SAP ASE leaves sensitive credentials in installation logs

Two vulnerabilities in SAP ASE's Cockpit component leaves some sensitive information available to anyone on the network and other data susceptible to brute-force attacks.

CSO  >  Searching for vulnerabilities  >  Magnifying lens in a virtual interface idnetifies weakness

Zerologon explained: Why you should patch this critical Windows Server flaw now

Attackers have learned how to exploit the Zerologon vulnerability in Windows Server, potentially gaining domain admin control.

Ransomware

Ransomware attacks growing in number, severity: Why experts believe it will get worse

Law enforcement and federal experts discuss recent ransomware trends and challenges of fighting the attacks.

Election security  >  Backlit hand drops a vote in a ballot box with US flag + binary code overlay

Election security status: Some progress on ballot integrity, but not on Russian interference

With the election less than two months away, government and election officials say voting itself is more secure, but Russian disinformation remains largely unaddressed.

A virtual checkmark in digital system / standards / quality control / certification / certificates

CMMC bakes security into DoD’s supply chain, has value for all businesses

The Cybersecurity Maturity Model Certification provides a means for the DoD to certify the security capabilities of its contractors, but it's a good way to assess the cybersecurity maturity for all companies.

vulnerable breach cyberattack hacker

Evilnum group targets FinTech firms with new Python-based RAT

The attack hides in Windows systems by impersonating several legitimate programs.

Security threat   >   One endpoint on a network has been compromised.

APT-style mercenary groups challenge the threat models of many organizations

APT-for-hire services will broaden the scope of who is vulnerable to that type of attack. Small- and medium-sized companies in particular need to rethink their threat models.

cloud security expert casb binary cloud computing cloud security by metamorworks getty

With cloud's security benefits comes systemic risks, report finds

A new report from the Carnegie Endowment for International Peace seeks to give law and policy makers a better understanding of cloud security risks.

trojan horse malware virus binary by v graphix getty

After a decade, Qbot Trojan malware gains new, dangerous tricks

New Qbot abilities include inserting malware in legitimate email threads to spread malware.

Official vote-by-mail ballot.

Security in the spotlight as the US heads into elections

A new report and tabletop exercise show how the upcoming US elections could be disrupted at the local government level without hacking the election itself.

Load More