Phishing in Troubled Waters: 3 Ways Email Attacks May Impact Elections

The state of email defenses has a role to play in the US presidential election.

Treasury Dept. Advisory Shines Spotlight on Ransomware Negotiators

With attacks showing no signs of abating, some companies have begun offering services to help reduce ransom demands, buy more time, and arrange payments.

25% of BEC Cybercriminals Based in the US

While the US is known to be a prime target for BEC attacks, just how many perpetrators are based there came as a surprise to researchers.

Where are the 'Great Exits' in the Data Security Market?

If data security were a student, its report card would read "Not performing to potential." Here's why.

Trickbot Botnet Response Highlights Partnerships Preventing US Election Interference

Recent efforts by USCYBERCOM and Microsoft to disrupt the Trickbot botnet highlight the importance of partnerships in successful malware botnet disruption.

Security Officers, Are Your Employees Practicing Good Habits from Home?

Even if you can't see your employees in the office, they still need to be reminded that criminals are always trying to spot a weak link in the chain.

Online Voting Is Coming, but How Secure Will It Be?

It's time for state governments to act as leaders, adopt digital ID standards, enable new online voting systems, and provide broad-based access to all communities for the benefit of all.

Software AG Continues Efforts Against $20M Ransomware Attack

The attack, which now includes extortion components, has moved into its second week.

Security Firms & Financial Group Team Up to Take Down Trickbot

Microsoft and security firms ESET, Black Lotus Labs, and Symantec collaborated with the financial services industry to cut off the ransomware operation's C2 infrastructure.

What Is End-to-End Encryption?

Many services advertise E2EE, but not all of them actually offer it.

Security Officers, Are Your Employers Practicing Good Habits from Home?

Even if you can't see your employees in the office, they still need to be reminded that criminals are always trying to spot a weak link in the chain.

A 7-Step Cybersecurity Plan for Healthcare Organizations

With National Cybersecurity Awareness Month shining a spotlight on the healthcare industry, security pros share best practices for those charged with protecting these essential organizations.

How to Pinpoint Rogue IoT Devices on Your Network

Researchers explain how security practitioners can recognize when a seemingly benign device could be malicious.

Security and DevOps

Latest Version of MalLocker Android Ransomware Packs New Tricks

Like most such mobile malware, the new one doesn't encrypt data but attempts to make an infected system impossible to use, Microsoft says.

Apple Pays Bug Bounty to Enterprise Network Researchers

So far, the company has doled out $288,000 to five researchers who, in three months, found 55 vulnerabilities in its corporate infrastructure.

Critical Zerologon Flaw Exploited in TA505 Attacks

Microsoft reports a new campaign leveraging the critical Zerologon vulnerability just days after nation-state group Mercury was seen using the flaw.

CISOs Planning on Bigger Budgets: Report

Budgets are on the rise, even in a time of revenue worries across the industry.

Why MSPs Are Hacker Targets, and What To Do About It

Managed service providers are increasingly becoming the launching pad of choice for ransomware and other online malfeasance.

Emotet 101: How the Ransomware Works -- and Why It's So Darn Effective

In recent weeks, Emotet has emerged as the most common form of ransomware. Managing the risk involves starts with understanding the way it works.

Cyberattacks Up, But Companies (Mostly) Succeed in Securing Remote Workforce

Despite fears that the burgeoning population of remote workers would lead to breaches, companies have held their own, a survey of threat analysts finds.

Scale Up Threat Hunting to Skill Up Analysts

Security operation centers need to move beyond the simplicity of good and bad software to having levels of "badness," as well as better defining what is good. Here's why.

US Seizes Domain Names Used in Iranian Disinformation Campaign

The US has seized 92 domain names used by Iran's Islamic Revolutionary Guard Corps to spread a worldwide disinformation campaign.

US Election-Related Websites Vulnerable to Fraud, Abuse

New research finds the vast majority of reputable news, political, and donor-oriented sites don't use registry locks.

Kaspersky Researchers Spot Russia-on-Russia Cyber-Espionage Campaign

Steganography-borne malware used to spy on industrial targets in Russia.

Key Considerations & Best Practices for Establishing a Secure Remote Workforce

Cybersecurity is challenging but not paralyzing, and now is the moment to educate our employees to overcome these challenges.

'Bahamut' Threat Group Targets Government & Industry in Middle East

Researchers say the cyber espionage group was involved in several attacks against government officials and businesses in the Middle East and South Asia.

New 'HEH' Botnet Targets Exposed Telnet Services

Latest threat is one in a growing list of malware developed in the Go programming language.

Open Source Threat Intelligence Searches for Sustainable Communities

As long as a community is strong, so will be the intelligence it shares on open source feeds. But if that community breaks down ...

Rare Firmware Rootkit Discovered Targeting Diplomats, NGOs

Second-ever sighting of a firmware exploit in the wild is a grim reminder of the dangers of these mostly invisible attacks.

3 Ways Companies are Working on Security by Design

Execs from top financial organizations and other companies share insights on building a security culture.

Cyber Intelligence Suffers From 'Snobby' Isolationism, Focus on Rare Threats

Cyber-threat intelligence groups need to more often investigate their organization's specific threats and better integrate with other business groups, experts say.

CISA Warns of Renewed Emotet Activity

The Emotet malware dropper is seeing an upsurge in new activity in the second half of 2020.

The New War Room: Cybersecurity in the Modern Era

The introduction of the virtual war room is a new but necessary shift. To ensure its success, security teams must implement new systems and a new approach to cybersecurity.

What the Sci-Fi Hit Altered Carbon Teaches Us About Virtualization Security

The Netflix show may be fantastical, but it has real-world lessons about virtualization.