A botnet operation called Glupteba has been disrupted by Google's Threat Analysis Group. The botnet targeted more than 1 million Microsoft Windows users in the U.S, India, Brazil and Southeast Asia. Also, Google has filed a lawsuit against two Russians alleged to be the botnet's operators.
Congressional negotiators have scrapped a provision in the must-pass defense spending bill that would have required owners and operators of critical infrastructure to report cybersecurity incidents and ransom payments made to criminal gangs.
Ensuring compliance with the data protection framework is one of the big challenges for enterprises in South Africa, says Varsha Sewlal, the executive officer for legal, policy, research and information technology analysis and the deputy information officer with the Information Regulator South Africa. She discusses...
Two separate, massive cyber incidents recently occurred. One has disrupted services at 200 Nordic Choice Hotels in Europe, and the other - a cyberattack on a major supplier - has caused around 300 SPAR stores to temporarily close in the UK.
Critical thinking, systems thinking and design thinking are important elements missing in cybersecurity education today. In this interview, Dan Faughnan, ex- Canadian Security Intelligence Service, discusses how thinking about cyber as part of a broader threat spectrum relates to national security.
Canadian police have arrested Matthew Philbert on suspicion of being tied to multiple ransomware and malware attacks that amassed domestic victims. Separately, a U.S. indictment charges Philbert with perpetrating an attack against the state of Alaska that breached personal and medical information.
Steve King, director of cybersecurity advisory services for ISMG's CyberTheory, has just been appointed a member of the Forbes Technology Council. He discusses the role, his passion for Zero Trust and new initiatives to expect from CyberTheory in 2022.
Most federal executive branch agencies in the U.S. now have vulnerability disclosure policies. John Jackson and Jackson Henry of the security research group Sakura Samurai say those policies ensure they don't get into legal trouble for helping improve cybersecurity.
While the Maryland Department of Health's public website is operational again after a weekend network security incident, certain systems continue to be offline. Officials are asking employees not to use state-issued computers as state authorities and law enforcement agencies investigate.
"Security should not be treated as a tick mark activity for compliance purposes," says CISO Sumeet Khokhani. He discusses how security requires understanding of the nature of business processes and how a risk-based, practical approach can help organizations focus on what matters most.
It's no surprise that as some ransomware-wielding criminals have been hitting healthcare, pipelines and other sectors that provide critical services, governments have been recasting the risk posed by ransomware not just as a business threat but as an urgent national security concern.
A security flaw in Kafdrop, an open-source user interface and management interface for distributed event-streaming platform Apache Kafka, has exposed data of "major global players ... in healthcare, insurance, media and IoT," a report by cybersecurity company Spectral says.
A new Microsoft Teams feature makes it possible for employees to communicate with people outside the organization and vice versa through Teams. Security researchers believe the new update potentially opens up avenues for threat actors to target organizations through phishing attacks.
Casey Ellis, founder and CTO of Bugcrowd, shares insights from the company's annual report, Inside the Mind of a Hacker 2021, which reveals that 8 out of 10 ethical hackers recently identified a vulnerability they had never seen before.
A medical biller in Florida and an emergency medical technician in New York have each pleaded guilty in two separate federal cases involving the criminal misuse of patient information. One case involved healthcare fraud and identity theft, and the other criminal HIPAA violations.