Security News

CISA, the NSA, the FBI, and several other agencies in the U.S. and worldwide warned critical infrastructure leaders to protect their systems against the Chinese Volt Typhoon hacking group. Together with the NSA, the FBI, other U.S. government agencies, and partner Five Eyes cybersecurity agencies, including cybersecurity agencies from Australia, Canada, the United Kingdom, and New Zealand, it also issued defense tips on detecting and defending against Volt Typhoon attacks.

The FBI warned of increases in crypto scams in March last year, saying most begin with some sort of social engineering, like a romance or confidence scam, which then evolve into crypto investment fraud. The total losses from investment fraud also beat those incurred by ransomware across the country, according to the latest report [PDF] from the FBI's Internet Crime Complaint Center.

The U.S. Federal Trade Commission warned today that scammers are impersonating its employees to steal thousands of dollars from Americans. FTC says its staff has received numerous reports from consumers who have fallen victim to scams in which fraudsters exploited the identities of agency personnel to coerce them into transferring or wiring money.

The Ukrainian cyber police, in collaboration with investigators from the national police, have arrested three individuals who are accused of hijacking over 100 million emails and Instagram accounts worldwide. The arrested cybercriminals monetized their illicit activities by selling access to compromised accounts to various fraud groups on the darknet.

Oracle warned Apple customers to delay installing the latest macOS 14.4 Sonoma update because it will break Java on ARM-based Macs. According to Garcia-Ribeyro, since the Java Virtual Machine uses dynamic code generation and accesses memory in protected memory regions to ensure correctness and performance, its process will be terminated after deploying the macOS 14.4 update.

Application programming interfaces (APIs) are the connective tissue behind digital modernization, helping applications and databases exchange data more effectively. The State of API Security in...

Good cyber and physical security can make or break companies. The purpose of this Security Response Policy, written by Scott Matteson for TechRepublic Premium, is to outline the security incident response processes which must be followed.

This quick glossary, created by Mark W. Kaelin for TechRepublic Premium, explains the terminology used by security experts as they attempt to reduce the damage caused by a successful attack. Evidence may include documents, logs, software or hardware.

A new destructive malware named AcidPour was spotted in the wild, featuring data-wiper functionality and targeting Linux x86 IoT and networking devices. Data wipers are a category of malware designed for destructive attacks that delete files and data on targeted devices.

Infosec researchers are noting rising cryptocurrency attacks and have encouraged wallet security providers to up their collective game. Check Point specifically cites the growth of attacks that abuse Ethereum's CREATE2 opcode, dubbing it a "Critical issue in the blockchain community" that's seeing millions of dollars worth of assets being drained from victims' wallets.