Ransomware was the most commonly detected malware in data breaches and related security incidents last year, climbing from fourth overall in 2016 and all the way from the 22nd spot five years ago, according to Verizon's just released 2018 Data Breach Investigations Report.
GAO report recommends stronger security controls for third parties that receive Medicare beneficiary data
The U.S. Government Accountability Office (GAO) last week publicly released a report warning that the Centers for Medicare and Medicaid Services (CMS) has failed to provide specific security controls guidance to research organizations with whom it shares Medicare beneficiary data.
An analysis of 26 email domains managed by the Executive Office of the President found that all but one of them lack sufficient DMARC protections against spoofing used in phishing and spam campaigns.
Health care device manufacturer Natus Medical Incorporated has reportedly updated the software used in its Xltek EEG products, which monitor brain activity, after a researcher discovered five vulnerabilities that a remote, unauthenticated attacker could exploit to trigger code execution of a denial of service condition.
The number of malicious bots circulating around the internet and impacting website performance increased by 9.5 in 2017, accounting for 21.8 percent of all traffic, according to a new report today from bot detection and mitigation firm Distil Networks, based on data collected from its global network.
Each time a user doubles the amount of time he spends visiting illegal torrent and streaming websites, the malware count on his machine jumps another 20 percent, according to an academic paper released earlier this month.
Survey: Government workers fear doctors and dentists over data breaches; ghosts and aliens not far behind
A recent survey of 110 U.S. government employees who hold a security clearance at their organization found that more respondents listed heights, food poisoning and doctor/dentist visits as one of their biggest fears than having their company's files stolen in a breach.
Researchers from IOActive have developed a proof-of-concept attack that turns ordinarily benevolent robots into malicious, money-grubbing automatons who demand bitcoin as a ransom payment.
An academic paper published last month presents 10 previously undiscovered vulnerabilities in the 4G LTE wireless protocol, including one that researchers say allows unauthenticated attackers to spoof the location of a legitimate user to the network, and another that reportedly can be used to distribute fake emergency messages.
An independent risk assessment conducted this month found that the security posture of U.S. government contractors was markedly worse than the federal agencies that use these third-party services, suggesting contractors must raise their game and bridge the gap.
Academic researchers have reported vulnerabilities in the group communication protocols of three encrypted messaging apps -- WhatsApp, Signal, and Threema -- that could allow attackers to willfully subvert their integrity and confidentiality.
Eight banking apps and one virtual private app were found to contain a hidden vulnerability in their TLS protections, which can be exploited to perform MITM attacks, according to academic researchers who created a new black-box tool capable of detecting the flaw.
Researchers with ClearSky Cyber Security believe with medium-level confidence that they have linked three individuals to the Iranian advanced persistent threat group Charming Kitten, including the man accused of hacking and extorting HBO.
On average, organizations suffer a critical IT incident five times per month, with each one costing a mean of $141,628, according to a Quocirca/Splunk study. Another study, from Ponemon Research/Radware, found that 45 percent of 600 surveyed CISOs experienced a data breach in the last year.
Russian dark web marketplace Ultimate Anonymity Services was recently observed selling more than 35,000 compromised RDP servers, which cybercriminals can leverage to anonymize themselves or to directly access victims' networks.
Russian cybercriminals looking to anonymize their identities while engaging in illegal activity have a few new or improved tools to choose from, according to researchers from Flashpoint.
The ransomware infection that disrupted Hollywood Presbyterian Medical Center and the worldwide WannaCry attack in 2017 caused an ethical and philosophical rift among members of the Russian and Eastern European cybercriminal community.
Researchers have demonstrated a way for remote attackers to exfiltrate data from and send malicious commands to air-gapped networks, using surveillance cameras.
According to McAfee's 11th annual Most Dangerous Celebrities study, online searchers for the Canadian singer result in more malicious websites than searchers for any other famous personality.
A catastrophic worldwide cyberattack and the emergence of an IoT-enabled surveillance state were among the chief security and privacy fears expressed by experts polled for a new report about the internet and its future impact.
Mobile users who substitute their damaged phone touchscreens or other hardware components with third-party replacements could be infecting their phones with malicious components that could allow attackers to completely compromise the device.
Users of online dating apps could end up the target of spear phishing and social engineering scams, especially when these services make one's personal information accessible to virtually anyone, Trend Micro researchers have warned.
Of 100 infosecurity professionals surveyed, 34 percent fingered Russia as the biggest threat to cybersecurity in the U.S., followed closely by organized crime at 33 percent, according to a Cylance blog post.