Interception and intrusion cyber capabilities sold by private companies are increasingly being marketed to intelligence and government agencies. New efforts attempt to stop them from winding up in the hands of U.S. and NATO adversaries.
Ransomware thrives as organizations remain vulnerable and continue to pay criminals.
New threat actors emerge on the scene to target industrial control systems and operational technology networks around the world, often with little insight into their activities until an incident occurs.
Romance scams are easier than ever through social media and online dating, and the schemes can be very profitable for fraudsters.
Ransomware continues to thrive as organizations increasingly rely on remote workforces. Security practitioners are struggling to keep abreast of the threat as criminals change their tactics to ensure ransoms are paid.
Connected vehicles are quickly taking over the roadway, bringing enhanced safety features and cyber vulnerabilities along with them.
In the security compliance space, automation can also be a means to level the playing field when it comes to accessing the best cybersecurity for businesses of all sizes.
Understanding how policies, procedures, and tools impact your security posture is critical. A new report helps shed light on what’s working, what’s not, and how security leaders can adopt best practices with C-suite engagement.
U.S. agencies will lean on their private sector mission partners to continue to assess and resolve risks as they arise—and the government contracting community must take similar steps.
Criminals have long leveraged information and communications technology to commit crimes. They are now using these tactics to engage in insider trading on the Dark Web.
Organizations are increasingly embracing opportunities to leverage the cloud, which can create security risks if vulnerabilities are left unaddressed.
The vessels the world relies on to ship cargo from one side of the planet to the other are becoming increasingly connected, creating business opportunities and cyber risks for operational technology.
With ransomware attacks on the rise and data breaches increasingly commonplace, more organizations are looking into purchasing cyber insurance. But current prices for cyber policies may not accurately reflect risk.
When it comes to cybersecurity, there are many terms and concepts that are beneficial for physical security professionals and IT professionals alike to understand. Here are a few to help you get started.
Thirty-seven percent of cyber threats in 2020 were specifically designed to utilize removable media—almost doubling from 19 percent in 2019.
Cyberattacks on the food supply chain like JBS, cause prices to soar, demand to increase, and supply to wane. And our food supply will continue to be a target.
Organizations shifted in how they conducted business to include an increasingly connected industrial environment. This trend has existed for many years, even while many organizations still believed they had highly segmented or even air-gapped ICS networks.
Following a series of high-profile cyber incidents, a watchdog highlighted the increasing threat breaches, intrusions, and attacks pose to the U.S. government.
Following a year of remote learning, educational institutions are prime targets for criminals looking for ransomware victims.
Nearly half of board members surveyed identified cybersecurity as a top source of risk moving forward. CISOs should expect more scrutiny, support, and resources as a result of the board’s attention.
A massive intrusion into U.S. government and private sector networks shows how nation-state actors are developing supply chain attacks for cyber space.
Following a major drop in deal making in March 2020, executives expressed increasing interest in deal-making and deep dives into targets cybersecurity posture.
With the proliferation of connected homes, virtual assistants, and smartphones, abusers have more tools than ever to track and control victims. When the workplace enters the home, however, this puts employees and employers at increased risk.
California’s attorney general began enforcing the first U.S. state-level comprehensive privacy law in summer 2020, creating opportunities and challenges for organizations subject to compliance.
After a series of nation-state cyberattacks, the Australian government pledged to make the largest investment ever to improve its cyber defense and security posture.
Vehicles and the trucking infrastructure that is vital to transporting goods across North America are becoming increasingly connected. But the requirements for cybersecurity remain lacking.
The challenges to secure the 2020 U.S. Presidential Election and its system infrastructure are vast. But so are the new tools in place to help monitor and protect the 2020 election.
Keren Elazari shares how security professionals can learn from hackers to help empower their employees to promote organizational security.
The increasing ease and availability of media manipulation and deepfake production is opening up new avenues of attack for fraudsters, market manipulators, and malicious actors.
With a converged security team, Mastercard is taking a unified approach to addressing risks and educating its workforce to reduce threats.
Critical infrastructure owners are increasingly creating remote connections to their operational equipment—potentially introducing unforeseen vulnerabilities.
New research finds that while organizations have made strides to improve data management, they still lack investment in breach detection.
End users are increasingly adopting unmanned aerial systems for security and operational needs. But they could be introducing cybersecurity risks in flight.
The United States is taking a multi-prong approach to preventing intellectual property theft. But it needs international partners to succeed.
Cybersecurity is a stressful business. Here’s what managers can do to help reduce stress in the workplace and promote a healthy work–life balance.
Threat actors tend to be one-step ahead of corporate security. Scams that prey on fear and concern related to the coronavirus show how they’re taking advantage of the pandemic.
The U.S. intelligence community released a strategy that incorporates a whole-of-society approach to counterintelligence.
Automation has received mixed reviews in IT security departments—while some say it reduces staff time spent on repetitive tasks, it makes jobs more complex.
A recent survey finds that the aviation sector has more work to do to increase the cybersecurity of flights.
An FBI alert suggests moving away from SMS authenticators to a more secure method of multifactor authentication.
The European Union’s privacy regulation poses new challenges for investigators looking to carry out their work.
New research by the ASIS Foundation indicates that full convergence of physical security, cybersecurity, and business continuity is not commonplace.
Researchers, technologists, and executives look at how artificial intelligence can have a positive impact on society.
Tarah Wheeler shares her thoughts on convergence and responding to security incidents at GSX 2019.
Stakeholders can work hand in hand to protect against insider and external threats and reduce the risk of data loss while simultaneously improving data protection and streamlining processes.
Equifax will pay $575 million and implement security reforms to settle charges stemming from its 2017 data breach.
Cannabis growers and retailers are prime targets for malicious cyber actors.
Through focus, patience, and non-linear thinking, malicious actors create new paths into organizations. Defenders can use attackers’ tactics against them.
Municipalities are increasingly becoming targets for ransomware attacks.
Executives are being targeted through a variety of cyberattacks. Stressful work environments are helping them succeed.
The cybersecurity workforce gap increased to more than 2.9 million globally in 2018, surpassing earlier estimates of unfilled positions.
Transnational criminal organizations are using improved connectivity and technology to discover new pathways to profit and stymie investigators.
Cryptojackers use the resources of their hosts’ computers and Internet of Things (IoT) devices to mine for cryptocurrency while evading detection.
The threat of compromising someone’s digital security to create a physical threat to an individual or an organization is on the rise.
A French regulator issued the first major fine for violations of the EU’s General Data Protection Regulation. Other organizations are taking note.
The longest U.S. government shutdown in history could have major ramifications for the nation’s cybersecurity.
Once siloed, cyber and physical security teams are now working together to address corporate risk.
Following the U.S. midterm elections, officials move their focus to the 2020 presidential election.
LinkedIn can be a valuable networking and recruitment tool. It can also be used to target employees to obtain corporate secrets.
Private companies come together to demand that authorities create privacy regulations to protect users’ data and technology.
The food and agriculture sector is facing a higher threat of ransomware attacks during critical planting and harvesting seasons, according to a notice issued by the FBI earlier this week.
Researchers discovered a new malware that is designed to target Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA), bringing the total number of publicly known malwares to do this up to seven.
In 2021, Hydra accounted for around 80 percent of all darknet market-related cryptocurrency transactions. The platform’s “Bitcoin Bank Mixer” service obfuscated digital transactions and made cryptocurrency investigations difficult for law enforcement agencies.
These incidents, coupled with disruptions in electric service in Ukraine due to Russia’s invasion, highlight the fragility of the electric grid and the importance of pre-planning to respond quickly to mitigate further damage from physical attacks and cyber incidents.
As the investigation into a January breach continues, authentication company Okta announced that about 2.5 percent of its customers were impacted by the breach.
U.S. President Joe Biden issued a statement Monday warning of Russian cyberattacks and asking U.S. companies in the critical infrastructure space to redouble their efforts to protect their systems from attacks.
Ukraine’s Internet service was disrupted this week after a cyberattack targeted telecoms provider Triolan. The firm—which provides service for the northeastern Kharkiv region—confirmed the incident and said it was working to restore service.
Executive order is expected to address wide-ranging U.S. governmental approach to cryptocurrency reflecting the many complex aspects of the issue, all with a backdrop of how cryptocurrency could be used to evade sanctions on Russia.
The U.S. Cybersecurity and Infrastructure Security Agency issued an alert about a China-linked, stealthy new cyber threat called Daxin, which is optimized for hardened targets that are not connected directly to the Internet.
More than half a million people have fled their homes to escape the war in Ukraine as major cities remain under attack. But there are two fronts in this war: the physical fighting and the digital domain, where cybersecurity professionals battle disinformation, psychological warfare, and cyberattacks.
The Beijing 2022 Winter Olympics are officially underway in China following a more subdued opening ceremony on Friday as the nation continues to pursue a zero-COVID policy.
The U.S. FDA is drafting regulations that may push companies in the food and beverage sector to adopt blockchain technology to validate every step in the food supply chain.
A cyberattack exposed personal and confidential data from more than 515,000 people who were helped by Red Cross and Red Crescent organizations.
While talks stalled between Western and Russian officials about the country’s increasingly aggressive posture and troop buildup on the border of Ukraine, activity in the cyber sphere was speeding ahead.
Meta notified 50,000 people in more than 100 countries that surveillance-for-hire firms were targeting their accounts for intelligence, manipulation, or compromise, the parent company of Facebook announced Thursday.
Because so many enterprise and open-source software products use Log4j—including cloud platforms, Web applications, and email services—a newly discovered vulnerability puts many critical online functions at risk.
For the first time, the U.S. military acknowledged publicly that it has taken action against ransomware groups.
It’s been a busy week, especially in the cybersecurity arena. Here’s a rundown of some of the top news from around the world.
CISA launches the voluntary ChemLock program to provide resources, tools, and onsite services to chemical facilities that pose a risk but are not subject to regulation.
The United States unsealed court documents on Monday and announced the apprehension of the suspected mastermind behind the most potent REvil ransomware attacks.
China's new data privacy law went into effect this week, and it is already sending shockwaves through the global economy as international firms reassess how they will continue to do business in the country.
Ransomware actors are likely using significant financial events like mergers or acquisitions to target and leverage victim companies—threatening to disclose nonpublic financial information that could trigger investor backlash if victims do not pay up promptly, the FBI warns.
White House Market was the largest dark market for drugs, stolen data, and other illicit activity. While it closed down, its methods live on and make catching its successors that much harder.
Officials arrested 12 individuals in Ukraine and Switzerland on 26 October for their alleged role in carrying out ransomware attacks against critical infrastructure, Europol announced on Friday.
Three high-profile cyber attacks in the past few days indicate the ongoing war between hackers with malicious intent and cybersecurity postures of companies, organizations, and nations continues without abatement.
Threat actors are consistently attempting to infiltrate U.S. water and wastewater sector (WWS) facilities, according to a joint advisory issued Thursday.
The U.S. Department of Justice is launching an initiative to address the use of cryptocurrency to facilitate criminal activity, including ransomware.
After a review of 12 agencies, the GAO found that while all of them invested in the technology needed to support remote work, four had not fully documented their plans to mitigate weaknesses found in IT security controls.
Research examines the Dark Web advertisements of ransomware perpetuators to build a profile of the ideal target: a U.S.-based company with at least $100 million in revenue not operating in taboo sectors.
The Irish Data Protection Commission (DPC) issued a new record high fine against WhatsApp for breaching privacy regulations under the European Union’s GDPR rules.
The new Personal Information Protection Law in China imposes major restrictions on the collection and use of personal data by companies, however, the government is not subject to the same restrictions.
Blackberry became aware of a vulnerability that impacted multiple components of its software in April 2021, but waited until this week to disclose it after facing increased pressure.
The report, Federal Cybersecurity: America’s Data Still At Risk, found that only one out of the eight U.S. federal agencies audited for their cybersecurity programs showed improvements in 2020.
This roundup of news from the week covers the recent ransomware payments and recoveries, right-wing extremism in police units, environmental activism, apps that cause suspicion and apps that catch criminals, pandemic updates, workplace shooting motivations, currency wars, and a nun who embezzled and gambled it away.
In a diverse six to three decision, the U.S. Supreme Court rejected the U.S. Department of Justice’s (DOJ’s) interpretation of a major computer fraud law in a victory for security researchers.
Hackers gained access to an email marketing service account used by a U.S. State Department agency to carry out a string of attacks on other agencies, think tanks, consultants, and non-governmental organizations (NGO), Microsoft announced Thursday evening.
While it took nearly seven years for the FBI's Internet Crime Complaint Center tally to reach 1 million, the latest million took just 14 months—from mid-March 2020 to mid-May 2021.
U.S. President Joe Biden signed a long-awaited cybersecurity executive order on Wednesday evening, which instructs the federal government to take a host of actions to improve the nation’s security and resiliency.
Colonial Pipeline, responsible for a major portion of the East Coast's fuel supply, shut down its pipelines over the weekend due to a ransomware attack.
A task force recommended a series of actions to mitigate the threat of ransomware, including requiring cryptocurrencies to adopt anti-money laundering regulatory requirements.
Data from the Washington, D.C., police department ransomware attack has leaked online, adding the Metropolitan Police to the ever-growing list of organizations compromised by hijacked data.
In response to the country’s alleged misconduct linked to the SolarWinds hack and attempts to generate confusion in the United States’ election process, the Biden administration levied new sanctions on Russia.
The personal information—including phone numbers—of Facebook users exploited in a vulnerability originally uncovered and fixed in 2019 is now freely available.
Up to 150,000 security cameras installed in schools, hospitals, factories, and businesses were compromised, giving outsiders access to video from Tesla factories, prisons, psychiatric hospitals, and more.
While security professionals are continuing to address the fallout from the SolarWinds breach, Microsoft announced this week that it had detected several 0-day exploits being used to attack versions of Microsoft Exchange Server.
The world is at a turning point when it comes to artificial intelligence (AI), and the United States is at risk of falling behind, according to a new report from the National Security Commission on Artificial Intelligence (NSCAI).
CISA released its first international strategy on Thursday in a commitment to work with international partners to address risks and threats to critical infrastructure.
The attack on an Oldsmar, Florida, water utility was unsuccessful; however, it chillingly spotlights a potential vulnerability to critical infrastructure in the United States.
Global law enforcement agencies came together to take down one of the most significant botnets in the world: EMOTET, responsible for distributing the EMOTET malware.
The U.S. Cybersecurity and Infrastructure Security Agency issued an alert this week, warning security practitioners of recent cyberattacks against organizations’ cloud services that exploited poor hygiene practices and phishing tactics.
The recently enacted defense authorization bill and other federal and state laws call for research and begin to codify restrictions on deepfake technology; European countries have not addressed the issue directly.
Philadelphia area hunger relief organization Philabundance was the target of a cyberattack that cost the charity group almost $1 million.
Approximately 115,000 students have been affected by the ransomware-triggered shutdown, and there is no clear timeline for schools to reopen.
If enacted, the IoT Cybersecurity Improvement Act would help consolidate security requirements and considerations for Internet of Things (IoT) devices, including secure development, identity management, patching, and configuration management.
U.S. President Donald Trump announced on Twitter Tuesday that he decided to fire Chris Krebs, the director of CISA, which has led the way for federal cybersecurity initiatives, public–private sector information sharing and partnerships, and election security.
Facebook banned new political ads for the week leading up to the 3 November 2020 U.S. elections.
An artificial intelligence enabled bot created deepfake nude images of more than 100,000 women, some of whom seem to be underage, according to a new report from intelligence firm Sensity.
Six Russian intelligence hackers were charged with the NotPetya attack, as well as several other cyber crimes involving the 2017 French election and the 2018 Olympics.
The ban marks a sharp escalation in Facebook’s battle to curb the movement and its conspiracy theories—which have been identified as a potential domestic terror threat by the FBI.
The year 2020 may permanently shift the way individuals use the Internet. Cybersecurity Awareness Month aims to help people—and security practitioners—take control of their cybersecurity to enhance their overall security posture.
City council members in Portland, Oregon, voted unanimously to enact the strictest ban on facial recognition technology in the United States.
One of the largest public school systems in Connecticut was forced to delay its first day of classes after a ransomware attack affected 200 of the city’s 300 servers.
The U.S. Office of Management and Budget (OMB) released a memo that instructs U.S. federal agencies to create and publish coordinated vulnerability disclosure program (VDP) policies.
Facebook and Twitter reported that the FBI warned them that Russia is again targeting Americans with disinformation, attempting to influence the 2020 U.S. presidential election.
U.S. prosecutors charged the former chief security officer of Uber for his alleged role in an attempted cover up of a data breach of the company in 2016.
U.S. President Donald Trump issued executive orders late Thursday night that bar transactions by U.S. persons or that involve property subject to U.S. jurisdiction with the parent companies of WeChat and TikTok.
The European Union issued its first sanctions for cyberattacks on Thursday against Chinese, North Korean, and Russian groups linked to recent major hacking incidents.
The Court of Justice of the European Union struck down a major data sharing agreement between the United States and the European Union, but confusion remains about what measures corporations can use to share data across the Atlantic.
The United States has ordered China to close its Houston, Texas, diplomatic consulate within 72 hours—a move made in response to alleged violations of American sovereignty and “massive illegal spying and influence operations” from China, including intellectual property theft.
Several accounts of high profile Americans were taken over on 15 July, directing followers of billionaires and politicians to send cryptocurrency to a Bitcoin wallet.
A new study from Deloitte gives overview of the state of AI adoption and highlights risk and ethical concerns companies face.
A joint task force of European investigators cracked the EncroChat encrypted messaging platform, unlocking a gold mine of leads on criminal activities and plots.
The race to exploit COVID-19 fears for profit continues as fraudsters are rapidly evolving their methods—now posing as COVID-19 contact tracers to steal personal information.
Symantec sent a notice to its customers Thursday night, alerting them to a series of attacks against U.S. companies by threat actors attempting to deploy WastedLocker ransomware on their networks.
Despite a 400 percent rise in COVID-19-related cyberattacks, Americans remain largely unconcerned about cyber crime, according to a new report.
New reporting finds CIA did not take appropriate insider threat precautions, which enabled the massive data leak to Wikileaks in 2017.
IBM announced it will discontinue its general-purpose facial recognition business and opposes the use of the technology to conduct mass surveillance and racial profiling.
Recent social media activity has experts concerned about the potential for disinformation to color the outcome of upcoming elections, including the 2020 presidential election in the United States.
The COVID-19 pandemic has spurred more discussion about the possibility of online voting, but some security experts and officials are voicing security concerns about the risks.
The first Thursday of May is designated World Password Day, arguably more important than before as several organizations in various countries have workers operating remotely in response to the COVID-19 pandemic.
The U.S. Department of Defense CIO released a list of a list of best practices for cybersecurity and protecting an information network while teleworking.
From phishing to malware to ransomware, COVID-19-related attacks seek to take advantage of vulnerabilities.
Researchers note the limited use of artificial intelligence in the U.S. government, as well as opportunities for enhancement.
The United States linked a Russian military unit to the hacking group known as Sandworm which is said to be responsible for some of the most significant cyberattacks around the globe over the past 10 years.
The U.S. Department of Justice charged Huawei and its subsidiaries with racketeering conspiracy and conspiracy to steal trade secrets in an indictment released late Thursday afternoon.
The breach compromised sensitive personal information on more than 145 million Americans.
A security lapse by an app maker led to the exposure of data from all 6.5 million eligible voters in Israel, including full names, addresses, genders, phone numbers, and identity card numbers.
A vital U.S. government agency tasked with aiding state and local election officials to secure election systems “has not yet completed” plans to secure the 2020 U.S. presidential election less than 10 months away, a watchdog report found.
FBI Director Chris Wray tells Congress that Russia is conducting "information warfare" leading into the 2020 U.S. presidential election.
The State of Convergence report shows slow adoption of a converged security function, but business conditions may speed up the timetable.
On Data Privacy Day, here are a collection of resources for security professionals.
Department of Interior, military, other agencies cite security concerns with Chinese-made drones.
A study from the University of Michigan found that voting machines advertised as a secure alternative are still hackable.
The internationalization of far-right threats and tension between the Persian Gulf countries rank as the top two security risks for companies in 2020, according to a new risk forecast.
The U.S. Office of Personnel Management (OPM) has made strides in increasing its cybersecurity, but more work remains to be done almost five years after the agency suffered one of the largest government data breaches in history.
ASIS Foundation study researches the degree to which physical security, cybersecurity, and business continuity have converged into a single department.
Despite writing and releasing the text of a bill, bipartisan work on a federal online privacy law is expected to continue well into 2020.
U.S. intelligence officials confirmed that Russia has been spreading a disinformation campaign about Ukrainian efforts to interfere in the 2016 U.S. presidential election.
U.S. federal officials say that foreign governments are trying to steal ideas, proprietary information, and research from American universities.
A group of U.S. federal agencies released a joint statement Tuesday pledging to work with states and localities to protect the 2020 election.
U.S. superiority in artificial intelligence is endangered, according to a new report from the National Security Commission on Artificial Intelligence.
U.S. Representatives Matt Gaetz and Steve Scalise led a group of lawmakers into a closed hearing on Capitol Hill on Wednesday in a major breach of protocol and security.
As part of National Cybersecurity Awareness month, the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Agency (CISA) and the National Cyber Security Alliance (NCSA)—launched the “Own IT. Secure IT. Protect IT.” campaign.
A new study says employees are to blame for as many as half of all data breaches.
Australian, British, and U.S. officials asked Facebook not to fully encrypt its messaging services to provide greater access to data for law enforcement.