Security News

Suspected Chinese state-sponsored hackers leveraging Ivanti Connect Secure VPN flaws to breach a variety of organizations have demonstrated "a nuanced understanding of the appliance", according to Mandiant incident responders and threat hunters. "While the limited attempts observed to maintain persistence have not been successful to date due to a lack of logic in the malware's code to account for an encryption key mismatch, it further demonstrates the lengths UNC5325 will go to maintain access to priority targets and highlights the importance of ensuring network appliances have the latest updates and patches," Mandiant's specialists noted.

One possible solution, touted by former Department of Homeland Security Secretary Michael Chertoff on a recent podcast, would be for the federal government to step in and help pay for these sorts of attacks by providing a cyber insurance backstop. A cyber insurance backstop would provide a means for insurers to receive financial support from the federal government in the event that there was a catastrophic cyberattack that caused so much financial damage that the insurers could not afford to cover all of it.

In today's digital era, data privacy isn't just a concern; it's a consumer demand. Businesses are grappling with the dual challenge of leveraging customer data for personalized experiences while...

Registrars can now block people from registering tens of thousands of domain names that look like, are spelling variations of, or otherwise infringe on brand names. While the basic plan lets subscribers block specific domain names that read like their trademark across some 563 extensions, the "Plus" version takes a huge leap forward.

Traditional perimeter-based security has become costly and ineffective. As a result, communications security between people, systems, and networks is more important than blocking access with...

US President Joe Biden is expected to sign an executive order today that aims to prevent the sale or transfer of Americans' sensitive personal information and government-related data to adversarial countries including China and Russia. In addition to the executive order, the White House will propose regulations that prohibit companies from directly or indirectly transferring large amounts of certain types of data to so-called "Countries of concern" - China, Russia, North Korea, Iran, Cuba, and Venezuela - according to a senior administration official.

Mexican users have been targeted with tax-themed phishing lures at least since November 2023 to distribute a previously undocumented Windows malware called TimbreStealer. Cisco Talos,...

The EU's NIS Directive was established to create a higher level of cybersecurity and resilience within organizations across the member states. Robinson works with many companies currently planning their routes to compliance and believes many companies covered under NIS2 are still broadly unprepared.

In a new joint advisory, cybersecurity and intelligence agencies from the U.S. and other countries are urging users of Ubiquiti EdgeRouter to take protective measures, weeks after a botnet...

The findings from this year's report notably challenge the traditional belief that people take risky actions due to a lack of cybersecurity knowledge and that security awareness training alone can fully prevent unsafe behaviors. The conundrum extends to security professionals' belief that most employees know they are responsible for protecting the organization, signaling a gap between the limitations of individual security technology and user education.