Security News

The European Commission adopted the implementing regulation concerning the EU cybersecurity certification scheme on Common Criteria. ENISA is grateful for the guidance and support from Member States via the European Cybersecurity Certification Group and for the contributions of the Stakeholder Cybersecurity Certification Group.

Today, the FBI warned about courier services being used to collect money and valuables from victims of tech support and government impersonation scams. This public service announcement follows a surge of reports regarding criminals using couriers to collect cash or precious metals like gold or silver from victims whom the scammers instructed to sell their valuables.

Hackers with links to the Kremlin are suspected to have infiltrated information technology company Hewlett Packard Enterprise's (HPE) cloud email environment to exfiltrate mailbox data. "The...

In this Help Net Security interview, Nate Warfield, Director of Threat Research and Intelligence at Eclypsium, outlines the crucial tasks for CISOs in protecting supply chains and achieving comprehensive visibility. Auditing a hardware supply chain is exponentially more difficult, as vendors may or may not choose to disclose what their underlying operating systems are, what open source software they use, where they source the hardware components of their devices, what firmware runs both the device itself and its subcomponents - for example a router may run a Linux distribution, with an open source routing daemon, a motherboard from Supermicro, with high-speed NICs from Mellanox, a baseboard management controller from ASPEED with BMC code from AMI which itself is another version of Linux with its own SBOM. With the apparent disconnect between security and development teams in software supply chain security, what strategies do you recommend to enhance collaboration?

Cybersecurity is an infinite journey in a digital landscape that never ceases to change. According to Ponemon Institute1, “only 59% of organizations say their cybersecurity strategy has changed...

HealthEC LLC, a provider of health management solutions, suffered a data breach that impacts close to 4.5 million individuals who received care through one of the company's customers. On December 22, the firm disclosed that it suffered a data breach between July 14 and 23, 2023, which resulted in unauthorized access to some of its systems.

Public safety professionals want technology upgrades and adoption of federal standards for first responder IT security, reporting and efficiency, according to Mark43. "We heard a resounding response from first responders across the country: They are concerned about their public safety agency's ability to withstand cyberattacks and natural disasters, given the ever-increasing number and severity of bad actors attacking public infrastructure as well as the uptick in extreme weather incidents," said Matthew Polega, President, Mark43.

While tech workers want to learn and organizations are spending thousands of dollars per employee on learning technology, it is not translating into improved on-the-job performance for 4 out of 10 IT employees, according to Skillable. Inadequate training puts workers at risk of being left behind in the race for tech talent, which is in short supply.

Today, the U.S. Cybersecurity and Infrastructure Security Agency urged technology manufacturers to stop providing software and devices with default passwords. "This SbD Alert urges technology manufacturers to proactively eliminate the risk of default password exploitation," CISA said, by taking "Ownership of customer security outcomes" and building "Organizational structure and leadership to achieve these goals."

A novel multi-platform threat called NKAbuse has been discovered using a decentralized, peer-to-peer network connectivity protocol known as NKN (short for New Kind of Network) as a communications...