Security News

The manufacturing industry is embracing digital transformation to fuel efficiency and productivity. This evolution is accompanied by profound and growing cybersecurity challenges.

In this Help Net Security video, Rowland Corr, VP & Head of Government Relations at Enea, discusses the implications of burner phones and the crisis of confidence in network operators as they...

In an audit [PDF] published Tuesday, the OIG found NASA has a "Comprehensive privacy program that includes processes for determining whether information systems collect, store, and transmit PII; publishing System of Records Notices; and providing general privacy training to its workforce." That's a welcome assessment, given NASA employs around 16,000 people and - as with all government agencies - collects PII about them and the contractors, partners, and members of the public it engages.

Passwordless authentication emerges as a calculated response, eliminating the inherent weaknesses of conventional passwords. The average user has an overwhelming 227 accounts that require a password, making it unrealistic to expect anyone not using a password manager to be able to adequately secure and manage their digital lives.

Malware, which includes malicious web content and malware payloads, continued to dominate over other types of encrypted attacks, with ad spyware sites and cross-site scripting accounting for 78% of all blocked attacks. In total, 86% of all cyber threats, including malware, ransomware, and phishing attacks, are delivered over encrypted channels.

Google has rolled out security updates for the Chrome web browser to address a high-severity zero-day flaw that it said has been exploited in the wild. The vulnerability, assigned the CVE...

IBM Security has dissected some JavaScript code that was injected into people's online banking pages to steal their login credentials, saying 50,000 user sessions with more than 40 banks worldwide were compromised by the malicious software in 2023. This injected code executes on the page in the browser, and intercepts the victim's credentials as they are entered, which can be passed to fraudsters to exploit to drain accounts.

The Israel National Cyber Directorate warns of phishing emails pretending to be F5 BIG-IP zero-day security updates that deploy Windows and Linux data wipers. In November, a new data wiper called BiBi Wiper was discovered that targeted both Linux and Windows devices and is believed to have been created by pro-Hamas hacktivists.

Google has released emergency updates to fix another Chrome zero-day vulnerability exploited in the wild, the eighth patched since the start of the year. The company fixed the zero-day bug for users in the Stable Desktop channel, with patched versions rolling out worldwide to Windows users and Mac and Linux users one day after being reported to Google.

Cybercriminals are preying on the inherent helpfulness of hotel staff during the sector's busy holiday season. When the staff then responds by requesting more information, the attacker sends a message directing the staff to open a link that supposedly contains evidence supporting their claim.