Security News > 2023 > October

The Iran-linked OilRig threat actor targeted an unnamed Middle East government between February and September 2023 as part of an eight-month-long campaign. The attack led to the theft of files and...

The sad fact is that, in many cases, a ransomware attack could be averted with more cybersecurity training for employees, patching known vulnerabilities when they arise, and ensuring proper network segmentation. Without a doubt, vendors will introduce new products and capabilities attempting to identify and thwart AI-driven attacks in 2024 that use AI to identify AI attacks, which brings to mind another famous movie scene from the cult classic War Games.

Users using Google to search for and download the KeePass password manager and the Notepad++ text editor may have inadvertently gotten saddled with malware, says Jérôme Segura, Director of Threat Intelligence at Malwarebytes. Malware peddlers have a number of clever tricks up their sleeve to make the malicious ads and the sites they lead to look legitimate.

North Korean threat actors are actively exploiting a critical security flaw in JetBrains TeamCity to opportunistically breach vulnerable servers, according to Microsoft. The attacks, which entail...

A study by Stanford University found that programmers who accept help from AI tools like Github Copilot produce less secure code than those who write code alone, concluding that while effective in speeding processes, these tools should be viewed with caution. Low-code/no-code and "Code assist" platforms are increasing the accessibility of AI to "Citizen developers," non-technical employees who lack formal coding education but are now using these platforms to create business applications.

It's funny because while clearly, every network issue doesn't resolve to some funky DNS issue, too many network admins have banged their heads against their keyboard for hours only to find out that the culprit was indeed some DNS issue. After an initial compromise, it only takes threat actors 84 minutes on average to pivot deeper into your network.

A number of state-back threat actors from Russia and China have been observed exploiting a recent security flaw in the WinRAR archiver tool for Windows as part of their operations. The...

Please turn on your JavaScript for this page to function normally. The proliferation of connected medical devices in hospitals demands a holistic approach to cybersecurity beyond just the digital IT realm.

In many cases, senior executives/line-of-business leaders are minimally engaged in their company's cyber preparedness initiatives - only 33% of CEOs or managing directors and 21% of other senior leaders are heavily involved, according to Commvault. In addition to a lack of executive engagement, there is also often confusion between ITOps and SecOps teams in terms of who is doing what when it comes to cyber preparedness.

Over 80% of northern European organizations emphasize that the need to ensure business resilience is the top driver for their cybersecurity investments, according to Nixu. "The prominence of business resilience as a driver for cybersecurity investments highlights the increasing awareness of the need to protect operations and ensure continuity. Overall, the Nixu report reflects our dedication to providing valuable insights that help organizations tailor their cybersecurity strategies," says Teemu Salmi, CEO of Nixu.