A survey of 300 U.S. defense contractors find many still fail to meet baseline cybersecurity standards or utilize modern technologies for monitoring threats. Experts told SC Media the findings underscore how much work the Pentagon and industry have to protect the valuable intellectual property and unclassified data that underpins U.S. military superiority.
The Irish Data Protection Commission, Meta’s main privacy watchdog in the European Union, levied the fine following disclosure of an investigation in the spring of 2021 that revealed over 530 million Facebook users’ information had been leaked on a public forum.
In August, Twitter confirmed that an API vulnerability fixed in January led to data exposure, but the company said there was “no evidence” that it was exploited. Now over 5.4 million stolen user information have been shared for free on a hacker forum. On top of that, a security researcher warned that there is an even larger data dump using the same vulnerability.
Researchers at Proofpoint revealed more technical details about SocGholish, the malware variant they identified earlier this month, highlighting its noteworthy tactics that differ from traditional phishing campaigns.
Despite a federal order mandating that civilian agencies identify and patch all known instances of the vulnerability, experts say the disclosure of a federal agency compromised through Log4j almost a year later underscores how the deeply embedded nature of the software bug will continue to facilitate intrusions for years to come.
What happens when a new, poorly-conceived verification system at Twitter meets a ready-made underground marketplace of stolen accounts and bot amplification tools? New research reveals that nearly all the ingredients required to build fake Twitter accounts have been available on the dark web "for quite some time," while Twitter-related phishing scams have gone up following the introduction of paid verification.
The Center for Internet Security report, which found broad resource constraints around cybersecurity for many schools, comes two weeks after the Cybersecurity and Infrastructure Security Agency hosted a national summit on K-12 school safety and security to address the complex threats facing the education sector.
Whether there are political motivations behind ransomware attacks has been a long-standing question, and new research by the Stanford Internet Observatory reveals that some Russian ransomware groups may be timing their attacks against Western nations to support Moscow's geopolitical goals.