Latest News

With numerous instances of account takeovers impacting companies like Groupon, TeamViewer and Camelot, the company that operates the U.K.’s National Lottery, as well as the recent breach of the Anti Public tool that’s used for verifying the legitimacy of hacked credentials, it’s time to take a closer look at these attacks and how to mitigate risk.

There are thousands of Android applications containing the label “antivirus,” but a big chunk of them are dangerous programs designed to infect devices of unsuspecting users with malware, RiskIQ warns.

Approximately 3,000 European Union citizens fell victim to an international criminal network of payment card fraudsters before law enforcement agencies managed to take it down.

One of the vulnerabilities patched by Microsoft this week with its monthly security updates is a potentially serious cross-site scripting (XSS) flaw believed to affect most SharePoint 2016 installations.

Centrify, a Santa Clara, Calif.-based provider of identity and access management (IAM) solutions, has teamed up with Bugcrowd for a public bug bounty program that offers researchers up to $3,000 per vulnerability.

California-based operational intelligence firm OSIsoft has released updates for its PI Web API and PI Server products to address several vulnerabilities, including ones rated high severity.ICS-CERT has published two advisories this week to inform organizations about three remotely exploitable flaws affecting the OSIsoft products.

Six individuals have been arrested and dozens have been interviewed as part of an international law enforcement operation targeting the users of two tools designed to help malware evade detection by security software, Europol announced on Wednesday.

As organizations move to the cloud, one of the biggest changes we’ve seen is in the nature of the application landscape. This is the age of apps. Large companies are dealing with hundreds if not thousands of them, and nearly every enterprise is engaged in software development of some kind. 

A series of events converged during the past few weeks that reemphasized the need for our industry to do a better job of establishing measurable and repeatable processes. 

The United States Computer Emergency Readiness Team (US-CERT) released a technical alert on Tuesday on behalf of the DHS and the FBI to warn organizations of North Korea’s “Hidden Cobra” activities, particularly distributed denial-of-service (DDoS) attacks.

Microsoft has released patches for Windows XP and other outdated versions of the operating system to fix several critical vulnerabilities that are at heightened risk of being exploited by state-sponsored actors and other threat groups.

SAP this week released its June 2017 set of security patches to address various bugs across its products, including a denial of service vulnerability that potentially impacts over 3,400 services exposed to the Internet.

It’s the best of the internet of things and the worst of the internet of things: unprecedented connectivity that creates both tremendous opportunity and considerable risk. In an environment extending from sensors and devices at the network edge to applications and services in the cloud, an end-to-end IoT ecosystem is essential to realizing opportunity without risking security, manageability and interoperability.