Security News

As-a-service attacks continue to dominate the threat landscape, with Malware-as-a-Service and Ransomware-as-a-Service tools making up the majority of malicious tools in use by attackers, according to Darktrace. As-a-Service tools can provide attackers with everything from pre-made malware to templates for phishing emails, payment processing systems and even helplines to enable criminals to mount attacks with limited technical knowledge.

A coalition of dozens of countries, including France, the U.K., and the U.S., along with tech companies such as Google, MDSec, Meta, and Microsoft, have signed a joint agreement to curb the abuse...

The exposed secrets include hundreds of Stripe, GitHub/GitLab tokens, RSA private keys, OpenAI keys, AWS tokens, Twitch secret keys, cryptocurrency exchange keys, X tokens, and Slack and Discord webhooks. This approach shows how and where API secret keys and tokens are exposed in real-world settings, not only in code repositories.

There is a misconception that only software and technology companies leverage crowdsourced security. Companies across various sectors are increasingly adopting crowdsourced security, as reported by Bugcrowd.

The European Commission adopted the implementing regulation concerning the EU cybersecurity certification scheme on Common Criteria. ENISA is grateful for the guidance and support from Member States via the European Cybersecurity Certification Group and for the contributions of the Stakeholder Cybersecurity Certification Group.

Today, the FBI warned about courier services being used to collect money and valuables from victims of tech support and government impersonation scams. This public service announcement follows a surge of reports regarding criminals using couriers to collect cash or precious metals like gold or silver from victims whom the scammers instructed to sell their valuables.

Hackers with links to the Kremlin are suspected to have infiltrated information technology company Hewlett Packard Enterprise's (HPE) cloud email environment to exfiltrate mailbox data. "The...

In this Help Net Security interview, Nate Warfield, Director of Threat Research and Intelligence at Eclypsium, outlines the crucial tasks for CISOs in protecting supply chains and achieving comprehensive visibility. Auditing a hardware supply chain is exponentially more difficult, as vendors may or may not choose to disclose what their underlying operating systems are, what open source software they use, where they source the hardware components of their devices, what firmware runs both the device itself and its subcomponents - for example a router may run a Linux distribution, with an open source routing daemon, a motherboard from Supermicro, with high-speed NICs from Mellanox, a baseboard management controller from ASPEED with BMC code from AMI which itself is another version of Linux with its own SBOM. With the apparent disconnect between security and development teams in software supply chain security, what strategies do you recommend to enhance collaboration?

Cybersecurity is an infinite journey in a digital landscape that never ceases to change. According to Ponemon Institute1, “only 59% of organizations say their cybersecurity strategy has changed...

HealthEC LLC, a provider of health management solutions, suffered a data breach that impacts close to 4.5 million individuals who received care through one of the company's customers. On December 22, the firm disclosed that it suffered a data breach between July 14 and 23, 2023, which resulted in unauthorized access to some of its systems.