Security News

A HackerOne employee stole vulnerability reports submitted through the bug bounty platform and disclosed them to affected customers to claim financial rewards. The rogue worker had contacted about half a dozen HackerOne customers and collected bounties "In a handful of disclosures," the company said on Friday.

"Despite defenders' best efforts, cybercriminals continue to defraud, extort, and ransom companies for billions of dollars annually," said Sherrod DeGrippo, vice president of threat research and detection at Proofpoint. Proofpoint entered into the report with a number of assumptions in place, detailing what methods threat actors would go to to carry out an attack, as well as the methods employed to help carry out such attacks.

Timeline May 31: Volexity found zero-day vulnerability in Atlassian Confluence. AI Spera used Criminal IP to determine the number of Atlassian Confluence servers connected to the Internet.

Stop significant B2B or B2C information sharing problems with a tailored approach to encryption. The security of our data is, without question, at the top of any enterprise's priority list.

The U.S. Federal Trade Commission says Americans have reported losing more than $1 billion worth of cryptocurrency to scams between January 2021 and March 2022. The U.S. law enforcement agency said that tens of thousands of reports pointed to over $1.6 billion in cryptocurrency losses.

BeyondTrust's recent 2022 Microsoft Vulnerabilities Report includes the latest annual breakdown of Microsoft vulnerabilities by category and product, as well as a six-year trend analysis, providing a holistic understanding of the evolving threat landscape. In this video for Help Net Security, Morey Haber, Chief Strategy Officer at Beyond Trust, talks about this report, which analyzes data from security bulletins publicly issued by Microsoft throughout the previous year.

An analysis of the mobile threat landscape in 2022 shows that Spain and Turkey are the most targeted countries for malware campaigns, even as a mix of new and existing banking trojans are increasingly targeting Android devices to conduct on-device fraud. "Just in the first five months of 2022 there has been an increase of more than 40% in malware families that abuse Android OS to perform fraud using the device itself, making it almost impossible to detect them using traditional fraud scoring engines."

Ransomware, supply-chain threats and how organizations and their employees are their own worst enemy when it comes to security are some of the key takeaways of Verizon's annual report on the last 12 months of cyber-attacks. Some findings seem consistent with what the report has highlighted since its inception in 2008, one security professional observed.

Indian IT shops have been handed another extraordinarily short deadline within which to perform significant infosec work. MII boards must sign off on lists of critical systems.

A favorite of cybercriminals and nation states, ransomware incidents increase again. The use of ransomware to extort money increased 13% in 2021 compared to 2020, according to the Verizon 2022 Data Breach Investigations Report, now in its 15th year.