UNITED STATES

Welcome! Here are the latest Insider stories.

More Insider Sign Out

News

Election security > Backlit hand drops a vote in a ballot box with US flag + binary code overlay

Late-game election security: What to watch and watch out for

Despite disruption of the Trickbot botnet network, last-minute leaks of stolen documents and post-election undermining of trust in the election system remain big concerns.

Ransomware > A masked criminal ransoms data for payment.

Financial crime group FIN11 pivots to ransomware and stolen data extortion

FIN11, believed to be Russia-based, follows a trend of cybercriminal groups expanding their operations beyond financial crime.

One lock in a series is unlocked / weakness / vulnerability

Half of all virtual appliances have outdated software and serious vulnerabilities

New study shows that even security vendors can use outdated and vulnerable virtual appliances. Top advice: Make sure your vulnerability management processes include virtual appliances.

A man casts the shadow of an ominous hooded figure against a circuit-based wall.

Elusive hacker-for-hire group Bahamut linked to historical attack campaigns

The Bahamut group targets high-value victims and takes meticulous care with its own operational security.

Facebook / network connections / privacy / security / breach / wide-eyed fear

How SilentFade group steals millions from Facebook ad spend accounts

SilentFade steals credentials and ad spend account information and sells the information to other bad actors. The group returned with improved malware after Facebook's initial mitigation efforts.

Law enforcement coordination > A team of investigators collaborates. [detectives / FBI agents]

New FBI strategy seeks to disrupt threat actors, help defenders through better coordination

The FBI sharpens its focus on collaboration among US and foreign government agencies and the private sector. It will acting as a central hub to deal with cybersecurity threats.

Remote worker > A man works from home with his dog

CIOs say security must adapt to permanent work-from-home

Both private- and public-sector CIOs see many more employees permanently working remotely, and say security needs to adapt to new threats and how they communicate.

Insider threats > Employees suspiciously peering over cubicle walls

Preventing insider threats: What to watch (and watch out) for

Understanding human behaviors that precede malicious actions from an insider is the best way to avoid data loss or disruption, experts say.

bucket with holes breach security vulnerability

SAP ASE leaves sensitive credentials in installation logs

Two vulnerabilities in SAP ASE's Cockpit component leaves some sensitive information available to anyone on the network and other data susceptible to brute-force attacks.

CSO > Searching for vulnerabilities > Magnifying lens in a virtual interface idnetifies weakness

Zerologon explained: Why you should patch this critical Windows Server flaw now

Attackers have learned how to exploit the Zerologon vulnerability in Windows Server, potentially gaining domain admin control.

Ransomware

Ransomware attacks growing in number, severity: Why experts believe it will get worse

Law enforcement and federal experts discuss recent ransomware trends and challenges of fighting the attacks.

Election security > Backlit hand drops a vote in a ballot box with US flag + binary code overlay

Election security status: Some progress on ballot integrity, but not on Russian interference

With the election less than two months away, government and election officials say voting itself is more secure, but Russian disinformation remains largely unaddressed.

A virtual checkmark in digital system / standards / quality control / certification / certificates

CMMC bakes security into DoD’s supply chain, has value for all businesses

The Cybersecurity Maturity Model Certification provides a means for the DoD to certify the security capabilities of its contractors, but it's a good way to assess the cybersecurity maturity for all companies.

vulnerable breach cyberattack hacker

Evilnum group targets FinTech firms with new Python-based RAT

The attack hides in Windows systems by impersonating several legitimate programs.

Security threat > One endpoint on a network has been compromised.

APT-style mercenary groups challenge the threat models of many organizations

APT-for-hire services will broaden the scope of who is vulnerable to that type of attack. Small- and medium-sized companies in particular need to rethink their threat models.

cloud security expert casb binary cloud computing cloud security by metamorworks getty

With cloud's security benefits comes systemic risks, report finds

A new report from the Carnegie Endowment for International Peace seeks to give law and policy makers a better understanding of cloud security risks.

trojan horse malware virus binary by v graphix getty

After a decade, Qbot Trojan malware gains new, dangerous tricks

New Qbot abilities include inserting malware in legitimate email threads to spread malware.

Load More

Popular Resources

Analyst Report
Sponsored

Securing Enterprise Endpoints from the Threat Landscape
eBook
Sponsored

Practical Quantum Computing
Video/Webcast
Sponsored

Rising to the Challenge: Digital Innovation in the “Next New Normal"
Video/Webcast
Sponsored

Zero Trust & the ID-Based Cybersecurity Perimeter
White Paper

Building Resilient Manufacturing Operations Through Asset Management and IoT

See All

Most Popular

BrandPosts

Sponsored by Cisco

The Emergence of the Hybrid Workspace and How to Secure It
Sponsored by Fortinet

Leveraging Training as a Solution to the Cybersecurity Skills Gap
Sponsored by Tanium

Your People are Being Hacked: How to Defend Against Social Engineering During