As investigators probe the SolarWinds hack, they're finding that the supply chain campaign appears to have deeply compromised more than the 50 organizations originally suspected. Meanwhile, the federal agencies overseeing the investigation now officially believe a Russian-linked hacking group is responsible.
Citrix is urging customers to implement a newly provided enhancement to its ADC and Gateway devices that is designed to block attackers from abusing the Datagram Transport Layer Security, or DTLS, protocol to amplify distributed denial-of-service attacks.
JusPay, an Indian online payment platform, acknowledged Monday that it sustained a major breach of customer data in August. The announcement came a day after an independent security researcher reported that data on millions of JusPay customers had been offered for sale on a darknet forum.
A British judge has denied a Justice Department request to extradite WikiLeaks founder Julian Assange to the U.S. to face criminal charges related to hacking government computers and then publishing classified information. U.S. prosecutors plan to appeal.
In 2020, the "zero trust" conversation evolved from "What is it?" to "How do we achieve a zero trust architecture?" Chase Cunningham, principal analyst serving security and risk professionals at Forrester, offers an outlook for what we can expect in 2021.
The attorneys general of 27 states have entered into a $2.4 million settlement with Sabre Corp. to resolve a lawsuit tied to a 2017 data breach that struck the company's Sabre Hospitality Solutions hotel booking system, compromising 1.3 million payment cards.
The major appliances giant Whirlpool acknowledges it was hit with a ransomware attack in November, with the cyber gang Nefilim taking responsibility for the cyber incident and claiming to have stolen company data.
The Cybersecurity and Infrastructure Security Agency has released an emergency directive requiring all federal organizations running the vulnerable SolarWinds Orion software to immediately update to the latest version.
Ransomware gangs entered 2020 with a full and dangerous set of weapons at their disposal and then rolled out additional tools such as extortion and new distribution methods, a trend that is expected to continue into 2021.
The latest edition of the ISMG Security Report offers leadership lessons from Equifax CISO Jamil Farshchi and Mastercard's deputy CSO, Alissa "Dr. Jay" Abdullah. Also featured: An assessment of cybersecurity priorities for President-elect Joe Biden.
T-Mobile on Tuesday began informing a portion of its customers that some of their mobile phone account information may have been compromised in a data breach that took place in early December. About 200,000 customers are affected.
What's needed to make a shift from traditional IAM to CIAM? To start, an organization needs to look at fraud detection solutions and risk-based authentication technologies such as device intelligence and behavioral biometrics, says David Britton of Experian.
Software vendor SolarWinds has updated multiple versions of its Orion network-monitoring software to address the Sunburst backdoor that was added to its code and to block Supernova malware that exploited a vulnerability in Orion. But incident response experts have warned that full cleanup may take years.
Kawasaki Heavy Industries is reporting that an unknown threat actor gained access to its internal network through servers located in an overseas office, according to a company statement. The result: Some corporate data may have leaked to a third party.