This report is based primarily on incidents our security operations center (SOC) identified through investigations into alerts, email submissions, vulnerability disclosures, and threat-hunting leads spanning January through December, using a combination of time-series analyses, statistics, customer input, and analyst...
A Canadian effort fueled by a surge of car thefts to ban pen-testing devices such as the Flipper Zero that grab wireless signals has provoked a backlash among security researchers and advocates, who accused Ottawa of seeking a scapegoat for bad auto industry security practices.
Venture capital investor Pramod Gosavi discussed the drawbacks of relying on network-centric cybersecurity solutions that are driving up costs. He recommended proactive strategies, such as zero trust, that emphasize minimal access and continuous verification and investments in AI-based technologies.
Breathless reports claim 3 million IoT toothbrushes have been remotely compromised and used to target unsuspecting businesses via distributed denial-of-service attacks. Just one problem: This story has more holes in it than the teeth of kid with a 10-pack-a-day Gummy Bear habit.
The United States ramped up pressure on the commercial surveillance industry shortly before the United Kingdom and France convened a two-day meeting dubbed the Pall Mall Process intended to culminate in an international agreement limiting the proliferation of advanced spyware.
Multiple vulnerabilities in a widely used open-source implementation of the UEFI specification allow attackers to introduce malware operating at the firmware level. The vulnerabilities mainly affect server machines in which a boot server delivers the operating system over the local network.
Modern enterprises must stay proactive to meet customer needs and protect all data, users and apps no matter where they're located. The onslaught of new apps and the explosion of IoT devices make the attack surface challenging to manage.
Traditional branches don't accommodate the type of security architecture...
In the latest weekly update, Troy Leach, CSO at Cloud Security Alliance, joins three editors at ISMG to discuss important cybersecurity issues, including how generative AI is enhancing multi-cloud security, AI's influence on authentication processes, and the state of zero trust and IoT security.
Thermostats sold across the globe by German multinational engineering company Bosch contained a flaw allowing hackers to cut power to the heating system and override the firmware, warn researchers from cybersecurity firm Bitdefender. Bosch pushed an over-the-air update in October.
A new cryptomining campaign uses a quirkily customized Mirai botnet to spread cryptomining malware designed to hide the digital wallet that collects the ill-gotten gains. Security researchers at Akamai dubbed the Mirai variation NoaBot when it first appeared in early 2023.
Researchers found a path traversal vulnerability in Kyocera's Device Manager product, which is used for overseeing large printer fleets in mid- to large-sized enterprises. Attackers could exploit the flaw to obtain NTLM hashes by changing the location of a backup database.
Ivanti issued an urgent alert to users of its endpoint security product to patch a critical vulnerability that exposes systems to potential exploitation by unauthorized attackers. The SQL injection vulnerability tracked as CVE-2023-39336 is in all supported versions of Ivanti Endpoint Manager.
The Russian military hacked into surveillance cameras to spy on Ukrainian air defenses and Kyiv's critical infrastructure during the missile and drone strikes on the capital city Tuesday. Ukraine has blocked and dismantled the cameras, and it urged users to stop sharing security camera feeds online.
As we bid farewell to 2023, Philip Reitinger, president and CEO of the Global Cyber Alliance, reflected on the state of global cyber hygiene, shedding light on what's working, what needs improvement, and the transformative shifts necessary to achieve a cyber-secure future.
In conjunction with a new report from CyberEd.io, Information Security Media Group asked some of the industry's leading cybersecurity and privacy experts about 10 top trends to watch in 2024. Ransomware, emerging AI technology and nation-state campaigns are among the top threats.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.co.uk, you agree to our use of cookies.